| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.01.2012, 22:04
| #1 |
 |  TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich Sehr geehrte Damen und Herren von Trojaner-Board.de, Seit etwa 2 Tagen öffnet sich bei mir (wie von anderen hier im Forum auch berichtet) hin und wieder ungefragt ein neuer Tab in Firefox. Dabei wird scheinbar versucht, die Seite mediashifting.com zu öffnen. Außerdem habe ich noch festgestellt, dass meine Windows-Firewall nicht mehr aktiv ist. Wie lange schon, kann ich leider nicht sagen. Im Firewall-Menü steht neben einem roten Balken die Mitteilung: Die zum Schutz des Computers empfohlenen Einstellungen werden nicht von der Windows-Firewall verwendet. Daneben kann ich auf "Empfohlene Einstellungen" klicken. Wenn ich das tue, kommt folgende Fehlermeldung: "Einige der Einstellungen können von der Windows-Firewall nicht geändert werden, Fehlercode 0x80070424". Was soll ich nun tun? Soll ich einen Check mit Malewarebytes oder OTL durchführen? Oder soll ich gleich einen Online scan mit ESET durchführen? Gibt es Hoffnung, den Trojaner zu beseitigen ohne das System neu aufsetzen zu müssen? Vielen Dank im Voraus und ich bitte dringend um eure Hilfe! Viele Grüße |
|
15.01.2012, 22:56
| #2 |
| | TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich Hier habe ich jetzt schonmal die OTL logs, den MAM log und den MBR log!
__________________ich hoffe ihr könnt damit was anfangen: OTL OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.01.2012 22:22:33 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,17% Memory free 7,81 Gb Paging File | 5,79 Gb Available in Paging File | 74,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 66,48 Gb Free Space | 55,75% Space Free | Partition Type: NTFS Computer Name: ZENBOOK | User Name: Michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.15 22:18:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe PRC - [2011.12.24 16:30:22 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.7\ICQ.exe PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.11.17 11:34:00 | 001,548,448 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe PRC - [2011.11.11 18:25:36 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2011.11.11 18:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2011.11.01 23:25:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2011.10.09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2011.10.04 21:14:10 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe PRC - [2011.10.04 21:14:06 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe PRC - [2011.10.04 03:09:38 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe PRC - [2011.10.04 00:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.10.03 20:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe PRC - [2011.09.29 19:41:06 | 000,092,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe PRC - [2011.09.09 07:10:06 | 002,317,312 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011.08.02 23:31:22 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.07.22 00:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2011.06.30 01:16:10 | 000,503,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe PRC - [2010.12.21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.10.07 23:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe ========== Modules (No Company Name) ========== MOD - [2012.01.04 23:21:14 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll MOD - [2012.01.04 23:20:10 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll MOD - [2012.01.04 22:40:15 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll MOD - [2012.01.04 22:39:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2012.01.04 17:07:40 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2012.01.04 17:07:25 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2012.01.04 17:06:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\37f2a07f5c1341f788c5a56baa7cde59\System.Xml.ni.dll MOD - [2012.01.04 17:06:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2012.01.04 17:06:48 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2012.01.04 17:06:33 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2012.01.01 17:31:36 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.11.17 11:33:58 | 000,209,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.10.04 21:14:06 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll MOD - [2011.09.09 07:10:06 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll MOD - [2011.08.30 21:05:58 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2011.08.30 21:05:58 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2011.08.30 21:05:58 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.12.04 10:45:38 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\CubeDesktop\CubeDesktopHooks.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.30 00:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.29 19:41:06 | 000,092,800 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn) SRV - [2011.08.02 23:31:22 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.08.02 23:13:24 | 000,103,584 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.12.21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.12.21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.11.23 15:13:10 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.10.18 18:47:12 | 000,198,448 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011.10.17 06:29:08 | 000,202,496 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3) DRV:64bit: - [2011.10.17 06:29:08 | 000,069,888 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3) DRV:64bit: - [2011.09.16 04:35:40 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2011.09.16 04:35:18 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.08.29 06:46:00 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.08.29 06:46:00 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.08.02 23:22:52 | 000,511,136 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.08.02 23:22:06 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.08.02 23:21:50 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.08.02 23:21:20 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.08.02 23:21:04 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.08.02 23:20:50 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.08.02 23:20:34 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2011.08.02 23:20:18 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.07.28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011.05.13 23:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.04.26 04:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.15 11:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011.02.26 02:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2010.11.30 00:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.04.28 18:59:16 | 000,027,264 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd) DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.05.23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.09.07 18:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.23 18:34:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.23 18:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions [2012.01.12 18:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\9hogzsaw.default\extensions [2012.01.15 01:03:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\9hogzsaw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.23 18:34:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [CubeDesktop] C:\Program Files (x86)\CubeDesktop\cubedesktop.exe (Thinking Minds Building Bytes) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07B2F95D-8B92-4A00-881D-1D3913074A2F}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (C:\Users\Michael\AppData\Local\aa1bb932\X) -C:\Users\Michael\AppData\Local\aa1bb932\X () O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.15 22:18:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe [2012.01.14 23:52:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\iCloud [2012.01.14 18:19:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Moka [2012.01.14 18:13:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Outlook-Dateien [2012.01.14 18:08:11 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\aa1bb932 [2012.01.14 17:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reincubate [2012.01.13 16:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP [2012.01.13 16:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP [2012.01.13 16:35:39 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\redsn0w [2012.01.12 18:49:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft [2012.01.12 18:49:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.12 18:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.01.12 18:49:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\DVDVideoSoft [2012.01.12 18:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.01.12 18:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.01.12 18:32:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Apple Computer [2012.01.12 18:32:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Apple Computer [2012.01.12 18:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.01.12 18:32:09 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll [2012.01.12 18:32:09 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll [2012.01.12 18:32:09 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012.01.12 18:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.01.12 18:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.01.12 18:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.01.12 18:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.01.12 18:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012.01.12 18:27:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Apple [2012.01.12 18:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.01.12 18:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.01.12 18:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.01.12 18:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.01.12 18:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.01.12 18:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.01.11 17:37:05 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012.01.11 17:37:05 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012.01.11 17:37:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2012.01.11 17:37:04 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012.01.11 17:37:04 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012.01.11 17:37:04 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.01.11 17:37:04 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.01.10 17:39:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Thinking Minds Budiling Bytes [2012.01.10 17:38:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CubeDesktop [2012.01.10 17:38:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CubeDesktop [2012.01.10 17:27:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GetRightToGo [2012.01.10 17:27:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Downloads [2012.01.07 13:48:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\CrashDumps [2012.01.07 12:36:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Dexpot [2012.01.02 14:07:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\Computer D [2012.01.01 17:31:36 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.01.01 17:31:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011.12.28 15:53:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\WinRAR [2011.12.28 15:53:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.12.28 15:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.12.28 15:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2011.12.28 15:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.12.28 15:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011.12.28 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011.12.28 15:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2011.12.28 15:17:49 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Microsoft Help [2011.12.28 15:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.12.28 15:17:38 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011.12.28 13:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011.12.24 23:26:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Microsoft Games [2011.12.24 17:52:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\vlc [2011.12.24 17:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.12.24 17:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2011.12.24 17:45:11 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2011.12.24 17:45:10 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.12.24 16:43:56 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.24 16:43:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.24 16:43:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.24 16:43:55 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.24 16:43:54 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.12.24 16:43:54 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.12.24 16:43:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.24 16:43:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.24 16:43:53 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.12.24 16:43:53 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.12.24 16:43:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.12.24 16:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7 [2011.12.24 16:30:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ICQ [2011.12.24 16:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.7 [2011.12.24 16:29:52 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll [2011.12.24 16:29:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2011.12.24 16:29:49 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2011.12.24 16:29:49 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2011.12.24 16:29:48 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2011.12.24 16:29:48 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2011.12.24 16:29:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2011.12.24 16:29:48 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2011.12.24 16:29:48 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2011.12.24 16:29:48 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2011.12.24 16:29:38 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2011.12.24 16:29:37 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2011.12.24 16:29:37 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2011.12.24 16:29:36 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2011.12.24 16:29:36 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2011.12.24 16:29:36 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2011.12.24 16:29:35 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2011.12.24 16:29:35 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2011.12.24 16:29:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2011.12.24 16:29:35 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2011.12.24 16:29:34 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2011.12.24 16:29:34 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2011.12.24 16:29:33 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2011.12.24 16:29:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.24 16:28:48 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.12.24 16:28:48 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.12.24 16:28:44 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011.12.24 16:28:44 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011.12.24 16:28:44 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2011.12.24 16:28:44 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2011.12.24 16:28:02 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2011.12.24 16:28:01 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2011.12.24 16:28:01 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2011.12.24 16:28:01 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2011.12.24 16:28:01 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.12.24 16:28:00 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2011.12.24 16:28:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2011.12.24 16:27:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2011.12.24 16:27:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2011.12.24 16:27:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2011.12.24 16:27:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2011.12.24 16:27:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2011.12.24 16:27:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2011.12.24 16:27:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2011.12.24 16:27:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2011.12.24 16:27:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2011.12.24 16:27:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2011.12.24 16:27:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2011.12.24 16:27:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2011.12.24 16:27:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2011.12.24 16:27:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2011.12.24 16:27:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2011.12.24 16:27:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2011.12.24 16:27:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2011.12.24 16:27:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2011.12.24 16:27:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2011.12.24 16:27:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2011.12.24 16:27:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2011.12.24 16:27:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2011.12.24 16:27:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2011.12.24 16:27:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2011.12.24 16:27:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2011.12.24 16:27:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2011.12.24 16:27:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2011.12.24 16:27:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2011.12.24 16:27:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2011.12.24 16:27:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2011.12.24 16:27:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2011.12.24 16:27:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2011.12.24 16:27:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2011.12.24 16:27:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2011.12.24 16:27:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2011.12.24 16:27:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2011.12.24 16:27:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2011.12.24 16:27:53 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2011.12.24 16:27:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll [2011.12.24 16:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus [2011.12.24 16:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint [2011.12.24 16:21:33 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.24 16:21:33 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.24 16:20:28 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.12.24 16:20:27 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.12.24 16:20:26 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.12.24 03:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2011.12.24 03:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro [2011.12.24 03:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2011.12.24 03:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstantOn [2011.12.24 03:22:23 | 000,155,648 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\ACEngSvr.exe [2011.12.24 03:22:08 | 000,027,264 | ---- | C] (ASUS Corporation) -- C:\Windows\SysNative\drivers\assd.sys [2011.12.24 03:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ASUS [2011.12.24 03:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS [2011.12.24 03:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G [2011.12.24 03:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\P4G [2011.12.24 03:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [2011.12.24 03:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\USBChargerPlus [2011.12.24 03:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2011.12.24 03:20:59 | 000,016,768 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiCharger.sys [2011.12.24 03:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros [2011.12.24 03:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite [2011.12.24 03:18:41 | 002,796,544 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys [2011.12.24 03:18:41 | 002,796,544 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys [2011.12.24 03:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation [2011.12.24 03:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Qualcomm Atheros [2011.12.24 03:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIX Electronics Corporation [2011.12.24 03:18:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda [2011.12.24 03:18:08 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsUVStoricon.dll [2011.12.24 03:18:08 | 000,311,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\rtsuvstor.sys [2011.12.24 03:18:08 | 000,017,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\diskperf64.sys [2011.12.24 03:17:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2011.12.24 03:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2011.12.24 03:17:45 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2011.12.24 03:17:45 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll [2011.12.24 03:17:45 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2011.12.24 03:17:45 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2011.12.24 03:17:45 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2011.12.24 03:17:45 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2011.12.24 03:17:45 | 000,177,088 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll [2011.12.24 03:17:45 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2011.12.24 03:17:45 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll [2011.12.24 03:17:45 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll [2011.12.24 03:17:45 | 000,065,432 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll [2011.12.24 03:17:44 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2011.12.24 03:17:44 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2011.12.24 03:17:44 | 003,201,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2011.12.24 03:17:44 | 002,518,120 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2011.12.24 03:17:44 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2011.12.24 03:17:44 | 001,881,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2011.12.24 03:17:44 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2011.12.24 03:17:44 | 001,501,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat [2011.12.24 03:17:44 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2011.12.24 03:17:44 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2011.12.24 03:17:44 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2011.12.24 03:17:44 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2011.12.24 03:17:44 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2011.12.24 03:17:44 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2011.12.24 03:17:44 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2011.12.24 03:17:44 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2011.12.24 03:17:44 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2011.12.24 03:17:44 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2011.12.24 03:17:44 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2011.12.24 03:17:44 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2011.12.24 03:17:44 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2011.12.24 03:17:44 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2011.12.24 03:17:44 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2011.12.24 03:17:44 | 000,097,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2011.12.24 03:17:44 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2011.12.24 03:17:44 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2011.12.24 03:17:44 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2011.12.24 03:17:44 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2011.12.24 03:17:44 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2011.12.24 03:17:43 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2011.12.24 03:17:43 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2011.12.24 03:17:43 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2011.12.24 03:17:43 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2011.12.24 03:17:43 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2011.12.24 03:17:43 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2011.12.24 03:17:43 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2011.12.24 03:17:43 | 000,527,872 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2011.12.24 03:17:43 | 000,515,584 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2011.12.24 03:17:43 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2011.12.24 03:17:43 | 000,439,808 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2011.12.24 03:17:43 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2011.12.24 03:17:43 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2011.12.24 03:17:43 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2011.12.24 03:17:43 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2011.12.24 03:17:43 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2011.12.24 03:17:43 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2011.12.24 03:17:43 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2011.12.24 03:17:43 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2011.12.24 03:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2011.12.24 03:17:42 | 001,698,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2011.12.24 03:17:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2011.12.24 03:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2011.12.24 03:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech [2011.12.24 03:16:42 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2011.12.24 03:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Fresco Logic [2011.12.24 03:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2011.12.24 03:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2011.12.24 03:16:08 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2011.12.24 03:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2011.12.24 03:16:00 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys [2011.12.24 03:15:59 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2011.12.24 03:15:47 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2011.12.24 03:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2011.12.24 03:15:43 | 000,000,000 | ---D | C] -- C:\Intel [2011.12.24 03:15:12 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ifsutil.dll [2011.12.24 03:15:12 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ifsutil.dll [2011.12.24 03:15:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.12.24 03:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility [2011.12.24 03:13:41 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011.12.23 19:15:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Avira [2011.12.23 18:34:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Mozilla [2011.12.23 18:34:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Mozilla [2011.12.23 18:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011.12.23 18:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.23 18:32:01 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.23 18:32:01 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.23 18:32:00 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.12.23 18:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.12.23 18:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.12.23 18:27:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Macromedia [2011.12.23 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Adobe [2011.12.23 18:27:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Diagnostics [2011.12.23 18:18:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\ASUS [2011.12.23 18:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS [2011.12.23 18:05:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FLEXnet [2011.12.23 18:05:39 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Nuance [2011.12.23 18:05:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Zeon [2011.12.23 17:59:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\BMExplorer [2011.12.23 17:59:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Bluetooth Folder [2011.12.23 17:59:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Atheros [2011.12.23 17:58:31 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.12.23 17:58:31 | 000,000,000 | R--D | C] -- C:\Users\Michael\Searches [2011.12.23 17:58:31 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.12.23 17:58:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Identities [2011.12.23 17:58:24 | 000,000,000 | R--D | C] -- C:\Users\Michael\Contacts [2011.12.23 17:58:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\VirtualStore [2011.12.23 17:58:21 | 000,000,000 | R-SD | C] -- C:\Users\Public\Desktop\AsusTools [2011.12.23 17:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView [2011.12.23 17:58:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ASUS [2011.12.23 17:58:18 | 000,000,000 | --SD | C] -- C:\Users\Michael\AppData\Roaming\Microsoft [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Videos [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Saved Games [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Pictures [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Music [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Links [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Favorites [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Downloads [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Documents [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Desktop [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Vorlagen [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\Verlauf [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\Temporary Internet Files [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Startmenü [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\SendTo [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Recent [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Netzwerkumgebung [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Lokale Einstellungen [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Documents\Eigene Videos [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Documents\Eigene Musik [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Eigene Dateien [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Documents\Eigene Bilder [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Druckumgebung [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Cookies [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\Anwendungsdaten [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Anwendungsdaten [2011.12.23 17:58:18 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData [2011.12.23 17:58:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Temp [2011.12.23 17:58:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Microsoft [2011.12.23 17:58:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Media Center Programs ========== Files - Modified Within 30 Days ========== [2012.01.15 22:18:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe [2012.01.15 21:18:56 | 001,529,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.15 21:18:56 | 000,665,578 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.15 21:18:56 | 000,627,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.15 21:18:56 | 000,133,758 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.15 21:18:56 | 000,110,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.15 21:17:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.15 01:12:37 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.15 01:12:37 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.15 01:03:43 | 3144,658,944 | -HS- | M] () -- C:\hiberfil.sys [2012.01.15 00:20:50 | 000,000,600 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\winscp.rnd [2012.01.14 19:16:18 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.01.13 16:48:49 | 000,001,851 | ---- | M] () -- C:\Users\Michael\Desktop\WinSCP.lnk [2012.01.12 18:49:47 | 000,001,400 | ---- | M] () -- C:\Users\Michael\Desktop\Free YouTube to MP3 Converter.lnk [2012.01.12 18:32:11 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.10 17:38:12 | 000,001,045 | ---- | M] () -- C:\Users\Michael\Desktop\CubeDesktop.lnk [2012.01.09 22:40:18 | 000,011,741 | ---- | M] () -- C:\Users\Michael\Desktop\2M_Trainplan_050112.pdf [2012.01.02 18:17:03 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe [2012.01.02 15:11:03 | 000,416,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.01.02 14:07:54 | 000,001,152 | ---- | M] () -- C:\Users\Michael\Desktop\Computer D.lnk [2011.12.28 14:33:12 | 002,621,440 | RH-- | M] () -- C:\UX31E.BIN [2011.12.25 00:00:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.24 17:51:40 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.12.24 16:30:47 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.7.lnk [2011.12.24 16:26:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf [2011.12.24 16:24:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf [2011.12.24 07:58:19 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2011.12.24 07:58:19 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2011.12.24 03:26:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\1043_ASUSTEK_UX31E_V50_WIN7.MRK [2011.12.24 03:22:35 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2011.12.24 03:20:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf [2011.12.24 03:19:30 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBt.bin [2011.12.24 03:19:30 | 000,001,242 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x01.dfu [2011.12.24 03:19:30 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x02.dfu [2011.12.24 03:19:30 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40.dfu [2011.12.24 03:19:30 | 000,001,198 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_26.dfu [2011.12.24 03:17:36 | 000,015,828 | ---- | M] () -- C:\Windows\SysNative\results.xml [2011.12.24 03:16:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_FLxHCIc_01009.Wdf [2011.12.23 18:34:18 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.12.23 18:32:10 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.12.23 18:18:20 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini ========== Files Created - No Company Name ========== [2012.01.13 16:48:50 | 000,000,600 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\winscp.rnd [2012.01.13 16:48:49 | 000,001,851 | ---- | C] () -- C:\Users\Michael\Desktop\WinSCP.lnk [2012.01.12 18:49:47 | 000,001,400 | ---- | C] () -- C:\Users\Michael\Desktop\Free YouTube to MP3 Converter.lnk [2012.01.12 18:32:11 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.12 18:27:04 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.01.10 17:38:12 | 000,001,045 | ---- | C] () -- C:\Users\Michael\Desktop\CubeDesktop.lnk [2012.01.09 22:40:29 | 000,011,741 | ---- | C] () -- C:\Users\Michael\Desktop\2M_Trainplan_050112.pdf [2012.01.02 14:07:54 | 000,001,152 | ---- | C] () -- C:\Users\Michael\Desktop\Computer D.lnk [2011.12.25 00:00:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.24 17:51:40 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.12.24 16:30:47 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.7.lnk [2011.12.24 16:26:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf [2011.12.24 16:24:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf [2011.12.24 03:26:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\1043_ASUSTEK_UX31E_V50_WIN7.MRK [2011.12.24 03:22:35 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2011.12.24 03:21:42 | 000,003,116 | ---- | C] () -- C:\Windows\SysNative\wimfltr.inf [2011.12.24 03:20:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf [2011.12.24 03:18:41 | 000,469,372 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf [2011.12.24 03:18:41 | 000,071,579 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat [2011.12.24 03:18:22 | 000,001,083 | ---- | C] () -- C:\setup.iss [2011.12.24 03:17:36 | 000,015,828 | ---- | C] () -- C:\Windows\SysNative\results.xml [2011.12.24 03:16:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_FLxHCIc_01009.Wdf [2011.12.24 03:16:07 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2011.12.24 03:13:41 | 3144,658,944 | -HS- | C] () -- C:\hiberfil.sys [2011.12.23 18:34:18 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.12.23 18:34:17 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.12.23 18:32:10 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.12.23 18:18:20 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2011.12.23 17:58:59 | 000,001,407 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011.12.23 17:58:35 | 000,001,441 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.12.23 17:58:24 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe [2011.10.20 07:47:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.10.20 07:46:59 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.10.20 07:46:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.10.20 07:46:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.10.20 07:46:50 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2009.07.29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat < End of report > |
|
15.01.2012, 22:58
| #3 |
| | TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich Folgend OTL EXTRA.txt:
__________________OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.01.2012 22:22:33 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,17% Memory free
7,81 Gb Paging File | 5,79 Gb Available in Paging File | 74,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 66,48 Gb Free Space | 55,75% Space Free | Partition Type: NTFS
Computer Name: ZENBOOK | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E66AC4-B28B-494C-993D-3CD17020BEBC}" = Fresco Logic USB3.0 Host Controller
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{53375A2B-FE08-42B6-8EB8-16818CD27B2C}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{761C6783-D3BC-48AB-8E7C-61CE918A8436}" = ASUS Secure Delete
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Elantech" = ETDWare PS/2-X64 10.0.5.2_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2DB883F-1AF3-4BE6-BE04-710D9C556C44}" = PowerWiz
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B7B60C4F-0DB8-42EF-8EDC-5F21D4C2D73F}" = PWR Option
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}" = Wireless Console 3
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Avira AntiVir Desktop" = Avira Free Antivirus
"CubeDesktop" = CubeDesktop 1.4.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Office14.SingleImage" = Microsoft Office Professional 2010
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.6
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.12.2011 11:53:41 | Computer Name = Zenbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 2.0.50727.4927,
Zeitstempel: 0x4a275ab4 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74d66c9c ID des fehlerhaften
Prozesses: 0x138c Startzeit der fehlerhaften Anwendung: 0x01ccc24f464b3996 Pfad der
fehlerhaften Anwendung: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 73499a2d-2e47-11e1-a5f5-ff8d2451a609
Error - 24.12.2011 11:53:44 | Computer Name = Zenbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ASLDRSrv.exe, Version: 1.0.51.1,
Zeitstempel: 0x4a361489 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74d66c9c ID des fehlerhaften
Prozesses: 0x46c Startzeit der fehlerhaften Anwendung: 0x01ccc24ef29c97d6 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 74f611df-2e47-11e1-a5f5-ff8d2451a609
Error - 24.12.2011 11:53:45 | Computer Name = Zenbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GFNEXSrv.exe, Version: 1.0.10.1,
Zeitstempel: 0x4b26f6d1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74d66c9c ID des fehlerhaften
Prozesses: 0x4b0 Startzeit der fehlerhaften Anwendung: 0x01ccc24ef2afa2d9 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 75743acd-2e47-11e1-a5f5-ff8d2451a609
Error - 24.12.2011 11:53:46 | Computer Name = Zenbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: InsOnSrv.exe, Version: 1.0.0.9, Zeitstempel:
0x4e686515 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74d66c9c ID des fehlerhaften Prozesses:
0x6e8 Startzeit der fehlerhaften Anwendung: 0x01ccc24ef399477c Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 75c2c836-2e47-11e1-a5f5-ff8d2451a609
Error - 24.12.2011 11:53:46 | Computer Name = Zenbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Ath_CoexAgent.exe, Version: 8.0.0.195,
Zeitstempel: 0x4d8817c8 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74d66c9c ID des fehlerhaften
Prozesses: 0x70c Startzeit der fehlerhaften Anwendung: 0x01ccc24ef3af67bd Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 763e8fc4-2e47-11e1-a5f5-ff8d2451a609
Error - 24.12.2011 11:53:48 | Computer Name = Zenbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LMS.exe, Version: 7.0.2.1164, Zeitstempel:
0x4d100cad Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74d66c9c ID des fehlerhaften Prozesses:
0x45c Startzeit der fehlerhaften Anwendung: 0x01ccc24f46a345f0 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 773d4302-2e47-11e1-a5f5-ff8d2451a609
Error - 24.12.2011 11:53:50 | Computer Name = Zenbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UNS.exe, Version: 7.0.2.1164, Zeitstempel:
0x4d100dac Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74d66c9c ID des fehlerhaften Prozesses:
0xe20 Startzeit der fehlerhaften Anwendung: 0x01ccc24f478ff357 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 782dadfd-2e47-11e1-a5f5-ff8d2451a609
Error - 24.12.2011 11:53:51 | Computer Name = Zenbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 12.1.0.18, Zeitstempel:
0x4e7ca198 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74d66c9c ID des fehlerhaften Prozesses:
0xd20 Startzeit der fehlerhaften Anwendung: 0x01ccc2543b1e3def Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 78d91111-2e47-11e1-a5f5-ff8d2451a609
Error - 24.12.2011 12:47:44 | Computer Name = Zenbook | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: c54 Startzeit: 01ccc25bad7e2b76 Endzeit: 23 Anwendungspfad:
C:\Program Files (x86)\Windows Media Player\wmplayer.exe Berichts-ID: f0bd2bd8-2e4e-11e1-93fd-742f68cce027
Error - 25.12.2011 06:03:10 | Computer Name = Zenbook | Source = MsiInstaller | ID = 11935
Description =
[ System Events ]
Error - 28.12.2011 09:31:13 | Computer Name = Zenbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 28.12.2011 09:31:14 | Computer Name = Zenbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 28.12.2011 09:31:15 | Computer Name = Zenbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 28.12.2011 09:47:55 | Computer Name = Zenbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 28.12.2011 09:47:56 | Computer Name = Zenbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 28.12.2011 09:47:57 | Computer Name = Zenbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 28.12.2011 09:48:16 | Computer Name = Zenbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 28.12.2011 09:48:33 | Computer Name = Zenbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 28.12.2011 09:48:34 | Computer Name = Zenbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 28.12.2011 09:48:35 | Computer Name = Zenbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
< End of report >
Außerdem der Report von MAM: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.15.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Michael :: ZENBOOK [Administrator] Schutz: Aktiviert 15.01.2012 22:30:14 mbam-log-2012-01-15 (22-30-14).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 294056 Laufzeit: 8 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\Michael\AppData\Local\aa1bb932\X -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: UX31E
Logical Drives Mask: 0x00000004
Kernel Drivers (total 201):
0x03056000 \SystemRoot\system32\ntoskrnl.exe
0x0300D000 \SystemRoot\system32\hal.dll
0x00BB2000 \SystemRoot\system32\kdcom.dll
0x00CED000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D3C000 \SystemRoot\system32\PSHED.dll
0x00D50000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E62000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F06000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F15000 \SystemRoot\system32\drivers\ACPI.sys
0x00F6C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F75000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F7F000 \SystemRoot\system32\drivers\pci.sys
0x00FB2000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FBF000 \SystemRoot\System32\drivers\partmgr.sys
0x00FD4000 \SystemRoot\system32\drivers\compbatt.sys
0x00FDD000 \SystemRoot\system32\drivers\BATTC.SYS
0x00FE9000 \SystemRoot\system32\drivers\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00CC0000 \SystemRoot\system32\drivers\pciide.sys
0x00CC7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00CD7000 \SystemRoot\System32\Drivers\assd.sys
0x00DAE000 \SystemRoot\System32\drivers\mountmgr.sys
0x01040000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x013DA000 \SystemRoot\system32\drivers\atapi.sys
0x01000000 \SystemRoot\system32\drivers\ataport.SYS
0x0102A000 \SystemRoot\system32\drivers\msahci.sys
0x01035000 \SystemRoot\system32\drivers\amdxata.sys
0x0143A000 \SystemRoot\system32\drivers\fltmgr.sys
0x01486000 \SystemRoot\system32\drivers\fileinfo.sys
0x01633000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0149A000 \SystemRoot\System32\Drivers\msrpc.sys
0x017D6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014F8000 \SystemRoot\System32\Drivers\cng.sys
0x01600000 \SystemRoot\System32\drivers\pcw.sys
0x01611000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x018A9000 \SystemRoot\system32\drivers\ndis.sys
0x0199C000 \SystemRoot\system32\drivers\NETIO.SYS
0x01800000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A09000 \SystemRoot\System32\drivers\tcpip.sys
0x01C0D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01C57000 \SystemRoot\system32\drivers\volsnap.sys
0x01CA3000 \SystemRoot\System32\Drivers\spldr.sys
0x01CAB000 \SystemRoot\System32\drivers\rdyboost.sys
0x01CE5000 \SystemRoot\System32\Drivers\mup.sys
0x01CF7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01D00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01D3A000 \SystemRoot\system32\drivers\disk.sys
0x01D50000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x03E00000 \SystemRoot\System32\Drivers\Null.SYS
0x03E09000 \SystemRoot\System32\Drivers\Beep.SYS
0x03E10000 \SystemRoot\System32\drivers\vga.sys
0x03E1E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01D8E000 \SystemRoot\System32\drivers\watchdog.sys
0x01D9E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01DA7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01DB0000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01DB9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01DC4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01DD5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0182B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0156A000 \SystemRoot\system32\drivers\afd.sys
0x01838000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01DF7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0187D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0161B000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x017F1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01400000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0141B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x030C4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03115000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03121000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0312C000 \SystemRoot\System32\drivers\discache.sys
0x0313B000 \SystemRoot\System32\Drivers\dfsc.sys
0x03159000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0316A000 \SystemRoot\system32\DRIVERS\avkmgr.sys
0x03174000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x0319A000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
0x031A3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04C30000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x048EF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04846000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04857000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05A75000 \SystemRoot\system32\DRIVERS\athrx.sys
0x05D27000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05D34000 \SystemRoot\system32\DRIVERS\AiCharger.sys
0x05D37000 \SystemRoot\system32\DRIVERS\FLxHCIc.sys
0x05D6D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05D7E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x05DD4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05A00000 \SystemRoot\system32\DRIVERS\ETD.sys
0x05A33000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05A42000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x05A4A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05A59000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05A5E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05DF2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0487B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0488B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x048A1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x048C5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04C00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x048D1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x031C9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x049E3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05DFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03000000 \SystemRoot\system32\DRIVERS\ks.sys
0x057E9000 \SystemRoot\system32\DRIVERS\btath_bus.sys
0x03043000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03055000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x030AF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06207000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x064F2000 \SystemRoot\system32\drivers\portcls.sys
0x0652F000 \SystemRoot\system32\drivers\drmk.sys
0x06551000 \SystemRoot\system32\drivers\ksthunk.sys
0x06557000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x065AA000 \SystemRoot\system32\DRIVERS\FLxHCIh.sys
0x065C0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x065CE000 \SystemRoot\System32\drivers\Dxapi.sys
0x03E43000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x065DA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x041DD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x065ED000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x031EA000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x065EF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x01D80000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x013E3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x00DC8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x015F3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00DD6000 \SystemRoot\system32\DRIVERS\point64.sys
0x00DE6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x00840000 \SystemRoot\System32\ATMFD.DLL
0x02A49000 \SystemRoot\System32\Drivers\usbvideo.sys
0x02A77000 \SystemRoot\system32\drivers\luafv.sys
0x02A9A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x02ABA000 \SystemRoot\system32\drivers\WudfPf.sys
0x02ADB000 \SystemRoot\System32\Drivers\RtsUVStor.sys
0x02B2A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02B3F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02B92000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02BA5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02BBD000 \SystemRoot\system32\DRIVERS\TurboB.sys
0x02FC9000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
0x02FD1000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x04A3C000 \SystemRoot\system32\drivers\HTTP.sys
0x04B05000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x04B61000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x066A0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x066BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x066EB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06739000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0675D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x068DD000 \SystemRoot\System32\DRIVERS\srv.sys
0x06800000 \SystemRoot\system32\drivers\peauth.sys
0x068A6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x068B1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x068C3000 \??\C:\Windows\system32\drivers\mbam.sys
0x770C0000 \Windows\System32\ntdll.dll
0x47AD0000 \Windows\System32\smss.exe
0xFF3E0000 \Windows\System32\apisetschema.dll
0xFF8E0000 \Windows\System32\autochk.exe
0xFF2F0000 \Windows\System32\advapi32.dll
0x76F60000 \Windows\System32\wininet.dll
0xFF2D0000 \Windows\System32\sechost.dll
0xFE540000 \Windows\System32\shell32.dll
0xFE4D0000 \Windows\System32\gdi32.dll
0xFE400000 \Windows\System32\usp10.dll
0xFE3B0000 \Windows\System32\ws2_32.dll
0xFE3A0000 \Windows\System32\lpk.dll
0x76E60000 \Windows\System32\user32.dll
0xFE340000 \Windows\System32\Wldap32.dll
0xFE160000 \Windows\System32\setupapi.dll
0xFE0E0000 \Windows\System32\shlwapi.dll
0xFE0C0000 \Windows\System32\imagehlp.dll
0xFDFB0000 \Windows\System32\msctf.dll
0x76D10000 \Windows\System32\urlmon.dll
0x76BF0000 \Windows\System32\kernel32.dll
0xFDDA0000 \Windows\System32\ole32.dll
0xFDD90000 \Windows\System32\nsi.dll
0x769E0000 \Windows\System32\iertutil.dll
0xFDCF0000 \Windows\System32\msvcrt.dll
0x77290000 \Windows\System32\psapi.dll
0x77280000 \Windows\System32\normaliz.dll
0xFDBC0000 \Windows\System32\rpcrt4.dll
0xFDB40000 \Windows\System32\difxapi.dll
0xFDAA0000 \Windows\System32\comdlg32.dll
0xFDA70000 \Windows\System32\imm32.dll
0xFD9D0000 \Windows\System32\clbcatq.dll
0xFD8F0000 \Windows\System32\oleaut32.dll
0xFD780000 \Windows\System32\crypt32.dll
0xFD710000 \Windows\System32\KernelBase.dll
0xFD6D0000 \Windows\System32\wintrust.dll
0xFD630000 \Windows\System32\comctl32.dll
0xFD610000 \Windows\System32\devobj.dll
0xFD5D0000 \Windows\System32\cfgmgr32.dll
0xFD5C0000 \Windows\System32\msasn1.dll
0x75250000 \Windows\SysWOW64\normaliz.dll
Processes (total 97):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
456 csrss.exe
528 C:\Windows\System32\wininit.exe
552 csrss.exe
584 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
616 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
328 C:\Windows\System32\svchost.exe
368 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\winlogon.exe
1080 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
1088 C:\Windows\System32\wlanext.exe
1096 C:\Windows\System32\conhost.exe
1148 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
1256 C:\Windows\System32\spoolsv.exe
1292 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1528 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1568 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1632 C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
1664 C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
1712 C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
1760 C:\Program Files\Bonjour\mDNSResponder.exe
1788 C:\Windows\System32\svchost.exe
1848 C:\Windows\System32\svchost.exe
1920 C:\Windows\System32\svchost.exe
1984 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1784 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2096 C:\Windows\System32\taskhost.exe
2104 C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
2160 C:\Windows\System32\taskeng.exe
2192 C:\Windows\System32\dwm.exe
2256 C:\Windows\explorer.exe
2368 C:\Program Files\P4G\BatteryLife.exe
2384 C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2408 C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
2436 C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
2456 C:\Windows\System32\taskeng.exe
2464 C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
2576 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
2588 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
2636 C:\Windows\SysWOW64\ACEngSvr.exe
2856 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
2944 WmiPrvSE.exe
1724 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
1820 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
1548 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
2144 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2220 C:\Windows\System32\conhost.exe
2052 C:\Windows\System32\svchost.exe
3684 C:\Windows\System32\igfxtray.exe
3704 C:\Windows\System32\hkcmd.exe
3720 C:\Windows\System32\igfxpers.exe
3752 C:\Program Files\Elantech\ETDCtrl.exe
3836 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3856 C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
3888 C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
3980 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
4024 C:\Program Files\Windows Sidebar\sidebar.exe
3348 C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
3304 C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
3408 C:\Program Files\Elantech\ETDCtrlHelper.exe
4284 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4468 C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
4512 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
4520 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
4532 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
4540 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
4560 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4732 C:\Windows\System32\SearchIndexer.exe
4728 C:\Program Files\Windows Media Player\wmpnetwk.exe
4996 C:\Program Files\iPod\bin\iPodService.exe
4908 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
5960 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2720 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
6012 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
5268 C:\Windows\System32\conhost.exe
4300 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
4084 C:\Windows\System32\conhost.exe
5728 C:\Windows\System32\taskhost.exe
5288 C:\Program Files (x86)\ICQ7.7\ICQ.exe
6996 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
9532 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
8984 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10096 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
9428 C:\Windows\System32\audiodg.exe
8516 C:\Windows\System32\igfxsrvc.exe
8228 dllhost.exe
7880 dllhost.exe
9240 C:\Users\Michael\Desktop\MBRCheck.exe
3736 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: SanDiskSSDU100128GB, Rev: 10.01.02
Size Device Name MBR Status
--------------------------------------------
119 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
Ich hoffe ihr könnt mir helfen! Viele Grüße |
|
16.01.2012, 23:06
| #4 |
| | TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich Es hat bis jetzt leider noch niemand geantwortet, deswegen habe ich jetzt auch schonmal den ESET Online Scan durchgeführt! Dieser zeigte mir 2 Funde an, welche auch aus der logfile ersichtlich werden: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ac0d9c7067cb2741bf0efea8771669a2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-16 10:02:33
# local_time=2012-01-16 11:02:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 2090565 2090565 0 0
# compatibility_mode=5893 16776574 66 94 166288 78378333 0 0
# compatibility_mode=8192 67108863 100 0 3686 3686 0 0
# scanned=127795
# found=2
# cleaned=0
# scan_time=2870
C:\Users\Michael\AppData\Local\aa1bb932\X Win64/Sirefef.Q trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\AppData\Local\aa1bb932\U\800000cb.@ Win64/Sirefef.M trojan (unable to clean) 00000000000000000000000000000000 I
Viele Grüße |
|
18.01.2012, 20:12
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich Sieht nach einem ZeroAccess aus... mach bitte mal ein Log mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.01.2012, 20:40
| #6 |
| | TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich Guten Abend, vielen Dank für die Rückmeldung hier habe ich die log-Datei von Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 12-01-18.04 - Michael 18.01.2012 20:29:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3999.2140 [GMT 1:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michael\AppData\Local\aa1bb932\U
c:\users\Michael\AppData\Local\aa1bb932\U\80000000.@
c:\users\Michael\AppData\Local\aa1bb932\U\800000cb.@
c:\users\Michael\AppData\Local\aa1bb932\U\800000cf.@
c:\users\Michael\AppData\Local\aa1bb932\X
c:\windows\assembly\tmp\U
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-18 bis 2012-01-18 ))))))))))))))))))))))))))))))
.
.
2012-01-16 21:13 . 2012-01-16 21:13 -------- d-----w- c:\program files (x86)\ESET
2012-01-15 21:27 . 2012-01-15 21:27 -------- d-----w- c:\programdata\Malwarebytes
2012-01-15 21:27 . 2012-01-15 21:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-15 21:27 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-14 16:54 . 2012-01-14 16:54 -------- d-----w- c:\program files (x86)\Reincubate
2012-01-13 15:48 . 2012-01-15 00:03 -------- d-----w- c:\program files (x86)\WinSCP
2012-01-13 14:36 . 2011-11-30 01:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7679115F-3CC1-4020-A186-A470FEC8F37B}\mpengine.dll
2012-01-12 17:49 . 2012-01-15 00:03 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-01-12 17:49 . 2012-01-12 17:49 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-01-12 17:32 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-12 17:32 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-01-12 17:32 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-01-12 17:31 . 2012-01-12 17:31 -------- d-----w- c:\program files\iPod
2012-01-12 17:31 . 2012-01-15 00:03 -------- d-----w- c:\programdata\Apple Computer
2012-01-12 17:31 . 2012-01-15 00:03 -------- d-----w- c:\program files\iTunes
2012-01-12 17:31 . 2012-01-15 00:03 -------- d-----w- c:\program files (x86)\iTunes
2012-01-12 17:31 . 2012-01-12 17:32 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-12 17:27 . 2012-01-12 17:27 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-01-12 17:26 . 2012-01-15 00:03 -------- d-----w- c:\program files\Common Files\Apple
2012-01-12 17:26 . 2012-01-12 17:26 -------- d-----w- c:\program files\Bonjour
2012-01-12 17:26 . 2012-01-12 17:26 -------- d-----w- c:\program files (x86)\Bonjour
2012-01-12 17:26 . 2012-01-14 22:55 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-01-12 17:26 . 2012-01-12 17:26 -------- d-----w- c:\programdata\Apple
2012-01-11 16:37 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 16:37 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 16:37 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 16:37 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 16:37 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 16:37 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 16:37 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 16:37 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-10 16:38 . 2012-01-10 16:38 -------- d-----w- c:\program files (x86)\CubeDesktop
2012-01-05 10:16 . 2012-01-05 10:16 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-01-01 16:31 . 2012-01-14 18:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-01 16:31 . 2012-01-15 00:03 -------- d-----w- c:\windows\system32\Macromed
2011-12-28 14:18 . 2011-12-28 14:18 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-12-28 14:17 . 2012-01-11 22:32 -------- d-----w- c:\programdata\Microsoft Help
2011-12-28 14:17 . 2011-12-28 14:17 -------- d-----r- C:\MSOCache
2011-12-28 12:39 . 2011-11-15 13:29 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-12-28 12:32 . 2011-12-28 14:19 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-12-24 23:04 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-12-24 23:04 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-12-24 16:51 . 2011-12-24 16:51 -------- d-----w- c:\program files (x86)\VideoLAN
2011-12-24 16:45 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-12-24 16:45 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-12-24 16:45 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-24 16:45 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-12-24 15:30 . 2011-12-25 10:08 -------- d-----w- c:\program files (x86)\ICQ7.7
2011-12-24 15:28 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-12-24 15:27 . 2011-07-16 05:41 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-12-24 15:25 . 2011-12-24 15:25 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-12-24 15:21 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-24 15:21 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-24 15:21 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-24 15:21 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-24 15:20 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-12-24 15:20 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-24 15:20 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-12-24 02:21 . 2011-12-23 17:01 -------- d-----w- c:\programdata\Atheros
2011-12-24 02:20 . 2011-02-26 01:42 16768 ----a-w- c:\windows\system32\drivers\AiCharger.sys
2011-12-24 02:19 . 2011-12-24 02:19 -------- d-----w- c:\program files (x86)\Common Files\Atheros
2011-12-24 02:19 . 2011-12-24 02:19 -------- d-----w- c:\program files (x86)\Bluetooth Suite
2011-12-24 02:18 . 2011-12-23 18:20 -------- d-----w- c:\program files (x86)\Qualcomm Atheros WiFi Driver Installation
2011-12-24 02:18 . 2011-11-23 14:13 2796544 ----a-w- c:\windows\system32\drivers\athrx.sys
2011-12-24 02:18 . 2011-11-23 14:13 2796544 ----a-w- c:\windows\system32\athrx.sys
2011-12-24 02:18 . 2011-12-24 02:18 -------- d-----w- c:\programdata\Qualcomm Atheros
2011-12-24 02:18 . 2011-12-24 02:18 -------- d-----w- c:\program files (x86)\ASIX Electronics Corporation
2011-12-24 02:18 . 2011-12-24 02:18 -------- d-----w- c:\windows\SysWow64\sda
2011-12-24 02:18 . 2011-03-15 10:09 9888360 ----a-w- c:\windows\SysWow64\RtsUVStoricon.dll
2011-12-24 02:18 . 2011-03-15 10:09 311400 ----a-w- c:\windows\system32\drivers\rtsuvstor.sys
2011-12-24 02:18 . 2010-11-11 06:14 17512 ------w- c:\windows\system32\drivers\diskperf64.sys
2011-12-24 02:16 . 2011-12-24 02:16 -------- d-----w- c:\program files\Elantech
2011-12-24 02:16 . 2011-12-28 13:16 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2011-12-24 02:16 . 2011-12-24 02:16 -------- d-----w- c:\program files\Fresco Logic
2011-12-24 02:16 . 2011-12-24 02:16 -------- d-----w- c:\program files\Common Files\Intel
2011-12-24 02:16 . 2011-12-24 02:16 -------- d-----w- c:\program files (x86)\Common Files\Intel
2011-12-24 02:16 . 2010-12-21 02:08 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2011-12-24 02:16 . 2011-12-24 02:16 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2011-12-24 02:16 . 2010-10-20 00:34 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2011-12-24 02:15 . 2011-12-24 15:30 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-12-24 02:15 . 2011-12-24 02:16 -------- d-----w- c:\program files (x86)\Intel
2011-12-24 02:15 . 2010-12-23 03:09 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2011-12-24 02:15 . 2011-12-24 02:16 -------- d-----w- C:\Intel
2011-12-24 02:15 . 2011-01-28 19:03 180736 ----a-w- c:\windows\system32\ifsutil.dll
2011-12-24 02:15 . 2011-01-28 05:46 148992 ----a-w- c:\windows\SysWow64\ifsutil.dll
2011-12-24 02:15 . 2010-12-29 10:57 951680 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-12-23 17:18 . 2011-12-23 17:18 -------- d-----w- c:\programdata\ASUS
2011-12-23 16:58 . 2012-01-02 17:17 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2011-12-23 16:58 . 2011-12-23 16:58 -------- d-----w- c:\programdata\FolderView
2011-12-23 16:58 . 2012-01-15 00:03 -------- d-----w- c:\users\Michael
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 16:58 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"CubeDesktop"="c:\program files (x86)\CubeDesktop\cubedesktop.exe" [2009-09-16 4811776]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-08-29 2984688]
"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2011-10-17 47616]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-09 2317312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 assd;assd; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-09-29 92800]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-08-02 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-08-02 103584]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-16 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-16 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-16 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-25 12681320]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-08-02 961184]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-08-02 798880]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9hogzsaw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-541316269-2900696795-1206298893-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8EBADB1B-53DE-73BA-C628-297981A23FD0}*]
"jancnidogklfgmbfgakl"=hex:66,61,69,6d,6f,62,62,69,6d,65,6f,70,00,d2
"pafonegbcemehdhnhgembaibphfedlno"=hex:63,61,6b,6d,6a,65,00,00
"hancnidogklfgmbf"=hex:6e,62,67,64,69,65,64,6b,6b,69,69,62,61,68,6d,64,6b,65,
63,6c,64,6a,66,6a,61,62,63,63,66,70,6e,67,66,70,70,66,63,6b,6c,6a,6c,68,70,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\InstantOn\InsOnWMI.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\ASUS\Splendid\ACMON.exe
c:\program files (x86)\ASUS\PowerWiz\PowerWiz.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-18 20:35:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-18 19:35
.
Vor Suchlauf: 7 Verzeichnis(se), 78.523.498.496 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 78.627.450.880 Bytes frei
.
- - End Of File - - 70FA646AC57644B9FDE83ED72311CE4F
|
|
18.01.2012, 20:53
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.01.2012, 21:11
| #8 |
| | TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich alles klar, habe ich durchgeführt. Er sagt, er habe nichts gefunden. Hier die log-Datei: Code:
ATTFilter 21:08:05.0178 2440 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
21:08:05.0256 2440 ============================================================
21:08:05.0256 2440 Current date / time: 2012/01/18 21:08:05.0256
21:08:05.0256 2440 SystemInfo:
21:08:05.0256 2440
21:08:05.0256 2440 OS Version: 6.1.7601 ServicePack: 1.0
21:08:05.0256 2440 Product type: Workstation
21:08:05.0256 2440 ComputerName: ZENBOOK
21:08:05.0256 2440 UserName: Michael
21:08:05.0256 2440 Windows directory: C:\Windows
21:08:05.0256 2440 System windows directory: C:\Windows
21:08:05.0256 2440 Running under WOW64
21:08:05.0256 2440 Processor architecture: Intel x64
21:08:05.0256 2440 Number of processors: 4
21:08:05.0256 2440 Page size: 0x1000
21:08:05.0256 2440 Boot type: Normal boot
21:08:05.0256 2440 ============================================================
21:08:05.0552 2440 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:08:05.0552 2440 Initialize success
21:08:12.0900 4648 ============================================================
21:08:12.0900 4648 Scan started
21:08:12.0900 4648 Mode: Manual; SigCheck; TDLFS;
21:08:12.0900 4648 ============================================================
21:08:13.0118 4648 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:08:13.0180 4648 1394ohci - ok
21:08:13.0196 4648 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:08:13.0212 4648 ACPI - ok
21:08:13.0212 4648 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:08:13.0227 4648 AcpiPmi - ok
21:08:13.0243 4648 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:08:13.0274 4648 adp94xx - ok
21:08:13.0274 4648 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:08:13.0290 4648 adpahci - ok
21:08:13.0305 4648 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:08:13.0321 4648 adpu320 - ok
21:08:13.0336 4648 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:08:13.0368 4648 AFD - ok
21:08:13.0368 4648 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:08:13.0383 4648 agp440 - ok
21:08:13.0399 4648 AiCharger (14370049d8c9912eac7603809a77c378) C:\Windows\system32\DRIVERS\AiCharger.sys
21:08:13.0430 4648 AiCharger - ok
21:08:13.0446 4648 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:08:13.0446 4648 aliide - ok
21:08:13.0461 4648 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:08:13.0477 4648 amdide - ok
21:08:13.0477 4648 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:08:13.0492 4648 AmdK8 - ok
21:08:13.0508 4648 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:08:13.0524 4648 AmdPPM - ok
21:08:13.0524 4648 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:08:13.0539 4648 amdsata - ok
21:08:13.0555 4648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:08:13.0555 4648 amdsbs - ok
21:08:13.0570 4648 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:08:13.0586 4648 amdxata - ok
21:08:13.0586 4648 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:08:13.0633 4648 AppID - ok
21:08:13.0648 4648 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:08:13.0664 4648 arc - ok
21:08:13.0680 4648 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:08:13.0680 4648 arcsas - ok
21:08:13.0695 4648 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
21:08:13.0695 4648 ASMMAP64 - ok
21:08:13.0711 4648 assd (06f30358a657cba22115c4368b4001f9) C:\Windows\system32\drivers\assd.sys
21:08:13.0711 4648 assd - ok
21:08:13.0789 4648 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:08:13.0820 4648 AsyncMac - ok
21:08:13.0836 4648 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:08:13.0836 4648 atapi - ok
21:08:13.0851 4648 AthBTPort (185f180536188c1a4ed605234721a5b9) C:\Windows\system32\DRIVERS\btath_flt.sys
21:08:13.0851 4648 AthBTPort - ok
21:08:13.0898 4648 athr (7d0398396727195cc73d703001d3cff4) C:\Windows\system32\DRIVERS\athrx.sys
21:08:13.0945 4648 athr - ok
21:08:13.0945 4648 ATKWMIACPIIO (41ceaffcf3550785e59e3ec9bee8d97a) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
21:08:13.0960 4648 ATKWMIACPIIO - ok
21:08:13.0976 4648 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:08:13.0992 4648 b06bdrv - ok
21:08:14.0007 4648 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:08:14.0023 4648 b57nd60a - ok
21:08:14.0038 4648 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:08:14.0085 4648 Beep - ok
21:08:14.0101 4648 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:08:14.0132 4648 blbdrive - ok
21:08:14.0148 4648 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:08:14.0163 4648 bowser - ok
21:08:14.0179 4648 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:08:14.0194 4648 BrFiltLo - ok
21:08:14.0194 4648 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:08:14.0210 4648 BrFiltUp - ok
21:08:14.0226 4648 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:08:14.0257 4648 BridgeMP - ok
21:08:14.0272 4648 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:08:14.0288 4648 Brserid - ok
21:08:14.0304 4648 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:08:14.0319 4648 BrSerWdm - ok
21:08:14.0335 4648 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:08:14.0350 4648 BrUsbMdm - ok
21:08:14.0350 4648 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:08:14.0366 4648 BrUsbSer - ok
21:08:14.0382 4648 BTATH_A2DP (d74a81ccf0372c955862692b7af272c9) C:\Windows\system32\drivers\btath_a2dp.sys
21:08:14.0397 4648 BTATH_A2DP - ok
21:08:14.0397 4648 btath_avdt (3118072d09daa1961a9f6549a4e8433a) C:\Windows\system32\drivers\btath_avdt.sys
21:08:14.0413 4648 btath_avdt - ok
21:08:14.0413 4648 BTATH_BUS (e6b734a37ade36fe1a77035f4e484c8c) C:\Windows\system32\DRIVERS\btath_bus.sys
21:08:14.0428 4648 BTATH_BUS - ok
21:08:14.0444 4648 BTATH_HCRP (fb3833e63ff602b69c2ff085846dcf43) C:\Windows\system32\DRIVERS\btath_hcrp.sys
21:08:14.0444 4648 BTATH_HCRP - ok
21:08:14.0460 4648 BTATH_LWFLT (8008d892a2bda67eefbe25e14eb5dc83) C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:08:14.0460 4648 BTATH_LWFLT - ok
21:08:14.0475 4648 BTATH_RCP (58535686697e5e82ec3a87938ac3da54) C:\Windows\system32\DRIVERS\btath_rcp.sys
21:08:14.0491 4648 BTATH_RCP - ok
21:08:14.0506 4648 BtFilter (3df6c4913a683c76f29f376ee814221e) C:\Windows\system32\DRIVERS\btfilter.sys
21:08:14.0522 4648 BtFilter - ok
21:08:14.0522 4648 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:08:14.0538 4648 BthEnum - ok
21:08:14.0553 4648 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:08:14.0569 4648 BTHMODEM - ok
21:08:14.0584 4648 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:08:14.0600 4648 BthPan - ok
21:08:14.0616 4648 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:08:14.0631 4648 BTHPORT - ok
21:08:14.0647 4648 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:08:14.0647 4648 BTHUSB - ok
21:08:14.0662 4648 catchme - ok
21:08:14.0662 4648 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:08:14.0694 4648 cdfs - ok
21:08:14.0709 4648 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:08:14.0725 4648 cdrom - ok
21:08:14.0740 4648 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:08:14.0756 4648 circlass - ok
21:08:14.0772 4648 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:08:14.0772 4648 CLFS - ok
21:08:14.0803 4648 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:08:14.0803 4648 CmBatt - ok
21:08:14.0818 4648 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:08:14.0818 4648 cmdide - ok
21:08:14.0834 4648 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:08:14.0865 4648 CNG - ok
21:08:14.0881 4648 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:08:14.0881 4648 Compbatt - ok
21:08:14.0896 4648 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:08:14.0912 4648 CompositeBus - ok
21:08:14.0928 4648 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:08:14.0928 4648 crcdisk - ok
21:08:14.0943 4648 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
21:08:14.0959 4648 dc3d - ok
21:08:14.0974 4648 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:08:15.0021 4648 DfsC - ok
21:08:15.0037 4648 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:08:15.0068 4648 discache - ok
21:08:15.0084 4648 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:08:15.0099 4648 Disk - ok
21:08:15.0115 4648 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:08:15.0115 4648 drmkaud - ok
21:08:15.0146 4648 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:08:15.0162 4648 DXGKrnl - ok
21:08:15.0208 4648 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:08:15.0255 4648 ebdrv - ok
21:08:15.0286 4648 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:08:15.0302 4648 elxstor - ok
21:08:15.0318 4648 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:08:15.0318 4648 ErrDev - ok
21:08:15.0333 4648 ETD (286f83af6ebea179c5ee9cf864891d98) C:\Windows\system32\DRIVERS\ETD.sys
21:08:15.0349 4648 ETD - ok
21:08:15.0364 4648 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:08:15.0411 4648 exfat - ok
21:08:15.0411 4648 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:08:15.0458 4648 fastfat - ok
21:08:15.0458 4648 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:08:15.0474 4648 fdc - ok
21:08:15.0489 4648 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:08:15.0505 4648 FileInfo - ok
21:08:15.0505 4648 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:08:15.0552 4648 Filetrace - ok
21:08:15.0567 4648 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:08:15.0583 4648 flpydisk - ok
21:08:15.0583 4648 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:08:15.0598 4648 FltMgr - ok
21:08:15.0614 4648 FLxHCIc (bce31f2f2837dbb763fa2f8636fd24f1) C:\Windows\system32\DRIVERS\FLxHCIc.sys
21:08:15.0630 4648 FLxHCIc - ok
21:08:15.0630 4648 FLxHCIh (baa12dc50104b73c96872bd3c363b044) C:\Windows\system32\DRIVERS\FLxHCIh.sys
21:08:15.0645 4648 FLxHCIh - ok
21:08:15.0661 4648 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:08:15.0676 4648 FsDepends - ok
21:08:15.0676 4648 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
21:08:15.0692 4648 fssfltr - ok
21:08:15.0692 4648 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:08:15.0708 4648 Fs_Rec - ok
21:08:15.0723 4648 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:08:15.0739 4648 fvevol - ok
21:08:15.0739 4648 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:08:15.0754 4648 gagp30kx - ok
21:08:15.0770 4648 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:08:15.0770 4648 GEARAspiWDM - ok
21:08:15.0786 4648 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:08:15.0801 4648 hcw85cir - ok
21:08:15.0817 4648 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:08:15.0832 4648 HdAudAddService - ok
21:08:15.0848 4648 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:08:15.0864 4648 HDAudBus - ok
21:08:15.0864 4648 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:08:15.0879 4648 HidBatt - ok
21:08:15.0895 4648 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:08:15.0910 4648 HidBth - ok
21:08:15.0910 4648 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:08:15.0926 4648 HidIr - ok
21:08:15.0942 4648 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:08:15.0957 4648 HidUsb - ok
21:08:15.0973 4648 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:08:15.0988 4648 HpSAMD - ok
21:08:16.0004 4648 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:08:16.0051 4648 HTTP - ok
21:08:16.0066 4648 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:08:16.0066 4648 hwpolicy - ok
21:08:16.0082 4648 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:08:16.0098 4648 i8042prt - ok
21:08:16.0113 4648 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
21:08:16.0129 4648 iaStor - ok
21:08:16.0144 4648 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:08:16.0160 4648 iaStorV - ok
21:08:16.0285 4648 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:08:16.0456 4648 igfx - ok
21:08:16.0472 4648 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:08:16.0488 4648 iirsp - ok
21:08:16.0519 4648 IntcAzAudAddService (e7e0e8f2f44bcb48143fbba70106d8c1) C:\Windows\system32\drivers\RTKVHD64.sys
21:08:16.0581 4648 IntcAzAudAddService - ok
21:08:16.0581 4648 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:08:16.0597 4648 IntcDAud - ok
21:08:16.0612 4648 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:08:16.0628 4648 intelide - ok
21:08:16.0628 4648 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:08:16.0644 4648 intelppm - ok
21:08:16.0659 4648 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:08:16.0690 4648 IpFilterDriver - ok
21:08:16.0706 4648 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:08:16.0706 4648 IPMIDRV - ok
21:08:16.0722 4648 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:08:16.0768 4648 IPNAT - ok
21:08:16.0784 4648 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:08:16.0800 4648 IRENUM - ok
21:08:16.0800 4648 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:08:16.0815 4648 isapnp - ok
21:08:16.0831 4648 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:08:16.0831 4648 iScsiPrt - ok
21:08:16.0846 4648 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:08:16.0862 4648 kbdclass - ok
21:08:16.0862 4648 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:08:16.0878 4648 kbdhid - ok
21:08:16.0893 4648 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
21:08:16.0893 4648 kbfiltr - ok
21:08:16.0909 4648 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:08:16.0924 4648 KSecDD - ok
21:08:16.0924 4648 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:08:16.0940 4648 KSecPkg - ok
21:08:16.0956 4648 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:08:16.0987 4648 ksthunk - ok
21:08:17.0002 4648 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
21:08:17.0002 4648 L1C - ok
21:08:17.0018 4648 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:08:17.0065 4648 lltdio - ok
21:08:17.0080 4648 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:08:17.0080 4648 LSI_FC - ok
21:08:17.0096 4648 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:08:17.0112 4648 LSI_SAS - ok
21:08:17.0112 4648 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:08:17.0127 4648 LSI_SAS2 - ok
21:08:17.0143 4648 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:08:17.0143 4648 LSI_SCSI - ok
21:08:17.0158 4648 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:08:17.0190 4648 luafv - ok
21:08:17.0205 4648 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:08:17.0205 4648 MBAMProtector - ok
21:08:17.0221 4648 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:08:17.0236 4648 megasas - ok
21:08:17.0252 4648 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:08:17.0268 4648 MegaSR - ok
21:08:17.0268 4648 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:08:17.0283 4648 MEIx64 - ok
21:08:17.0299 4648 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:08:17.0330 4648 Modem - ok
21:08:17.0346 4648 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:08:17.0346 4648 monitor - ok
21:08:17.0361 4648 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:08:17.0377 4648 mouclass - ok
21:08:17.0377 4648 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:08:17.0392 4648 mouhid - ok
21:08:17.0408 4648 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:08:17.0408 4648 mountmgr - ok
21:08:17.0424 4648 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:08:17.0439 4648 mpio - ok
21:08:17.0455 4648 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:08:17.0486 4648 mpsdrv - ok
21:08:17.0486 4648 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:08:17.0517 4648 MRxDAV - ok
21:08:17.0517 4648 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:08:17.0533 4648 mrxsmb - ok
21:08:17.0564 4648 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:08:17.0580 4648 mrxsmb10 - ok
21:08:17.0595 4648 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:08:17.0611 4648 mrxsmb20 - ok
21:08:17.0611 4648 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:08:17.0626 4648 msahci - ok
21:08:17.0642 4648 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:08:17.0642 4648 msdsm - ok
21:08:17.0658 4648 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:08:17.0704 4648 Msfs - ok
21:08:17.0704 4648 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:08:17.0798 4648 mshidkmdf - ok
21:08:17.0814 4648 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:08:17.0829 4648 msisadrv - ok
21:08:17.0845 4648 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:08:17.0876 4648 MSKSSRV - ok
21:08:17.0892 4648 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:08:17.0923 4648 MSPCLOCK - ok
21:08:17.0938 4648 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:08:17.0970 4648 MSPQM - ok
21:08:17.0985 4648 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:08:18.0001 4648 MsRPC - ok
21:08:18.0016 4648 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:08:18.0016 4648 mssmbios - ok
21:08:18.0032 4648 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:08:18.0063 4648 MSTEE - ok
21:08:18.0079 4648 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:08:18.0094 4648 MTConfig - ok
21:08:18.0110 4648 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:08:18.0110 4648 Mup - ok
21:08:18.0126 4648 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:08:18.0157 4648 NativeWifiP - ok
21:08:18.0172 4648 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
21:08:18.0204 4648 NDIS - ok
21:08:18.0204 4648 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:08:18.0235 4648 NdisCap - ok
21:08:18.0250 4648 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:08:18.0282 4648 NdisTapi - ok
21:08:18.0297 4648 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:08:18.0328 4648 Ndisuio - ok
21:08:18.0344 4648 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:08:18.0391 4648 NdisWan - ok
21:08:18.0406 4648 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:08:18.0438 4648 NDProxy - ok
21:08:18.0453 4648 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:08:18.0484 4648 NetBIOS - ok
21:08:18.0500 4648 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:08:18.0547 4648 NetBT - ok
21:08:18.0562 4648 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:08:18.0562 4648 nfrd960 - ok
21:08:18.0578 4648 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:08:18.0625 4648 Npfs - ok
21:08:18.0640 4648 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:08:18.0672 4648 nsiproxy - ok
21:08:18.0703 4648 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:08:18.0734 4648 Ntfs - ok
21:08:18.0750 4648 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:08:18.0781 4648 Null - ok
21:08:18.0781 4648 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:08:18.0796 4648 nvraid - ok
21:08:18.0812 4648 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:08:18.0828 4648 nvstor - ok
21:08:18.0828 4648 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:08:18.0843 4648 nv_agp - ok
21:08:18.0859 4648 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:08:18.0859 4648 ohci1394 - ok
21:08:18.0890 4648 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:08:18.0890 4648 Parport - ok
21:08:18.0906 4648 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:08:18.0921 4648 partmgr - ok
21:08:18.0937 4648 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:08:18.0937 4648 pci - ok
21:08:18.0952 4648 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:08:18.0952 4648 pciide - ok
21:08:18.0968 4648 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:08:18.0984 4648 pcmcia - ok
21:08:18.0999 4648 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:08:18.0999 4648 pcw - ok
21:08:19.0015 4648 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:08:19.0062 4648 PEAUTH - ok
21:08:19.0093 4648 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
21:08:19.0093 4648 Point64 - ok
21:08:19.0108 4648 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:08:19.0140 4648 PptpMiniport - ok
21:08:19.0155 4648 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:08:19.0171 4648 Processor - ok
21:08:19.0186 4648 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:08:19.0233 4648 Psched - ok
21:08:19.0249 4648 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:08:19.0280 4648 ql2300 - ok
21:08:19.0296 4648 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:08:19.0311 4648 ql40xx - ok
21:08:19.0327 4648 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:08:19.0342 4648 QWAVEdrv - ok
21:08:19.0358 4648 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:08:19.0405 4648 RasAcd - ok
21:08:19.0405 4648 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:08:19.0436 4648 RasAgileVpn - ok
21:08:19.0452 4648 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:08:19.0498 4648 Rasl2tp - ok
21:08:19.0514 4648 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:08:19.0545 4648 RasPppoe - ok
21:08:19.0561 4648 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:08:19.0608 4648 RasSstp - ok
21:08:19.0623 4648 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:08:19.0654 4648 rdbss - ok
21:08:19.0670 4648 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:08:19.0686 4648 rdpbus - ok
21:08:19.0686 4648 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:08:19.0732 4648 RDPCDD - ok
21:08:19.0748 4648 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:08:19.0779 4648 RDPENCDD - ok
21:08:19.0795 4648 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:08:19.0842 4648 RDPREFMP - ok
21:08:19.0842 4648 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:08:19.0888 4648 RDPWD - ok
21:08:19.0904 4648 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:08:19.0904 4648 rdyboost - ok
21:08:19.0935 4648 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:08:19.0951 4648 RFCOMM - ok
21:08:19.0966 4648 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:08:19.0998 4648 rspndr - ok
21:08:20.0013 4648 RSUSBVSTOR (ce0a1d8a59410e698140821e4e69da0d) C:\Windows\system32\Drivers\RtsUVStor.sys
21:08:20.0029 4648 RSUSBVSTOR - ok
21:08:20.0044 4648 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:08:20.0044 4648 sbp2port - ok
21:08:20.0060 4648 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:08:20.0107 4648 scfilter - ok
21:08:20.0122 4648 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:08:20.0154 4648 secdrv - ok
21:08:20.0169 4648 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:08:20.0185 4648 Serenum - ok
21:08:20.0185 4648 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:08:20.0200 4648 Serial - ok
21:08:20.0216 4648 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:08:20.0232 4648 sermouse - ok
21:08:20.0247 4648 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:08:20.0263 4648 sffdisk - ok
21:08:20.0263 4648 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:08:20.0278 4648 sffp_mmc - ok
21:08:20.0294 4648 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:08:20.0310 4648 sffp_sd - ok
21:08:20.0310 4648 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:08:20.0325 4648 sfloppy - ok
21:08:20.0341 4648 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
21:08:20.0356 4648 SiSGbeLH - ok
21:08:20.0372 4648 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:08:20.0372 4648 SiSRaid2 - ok
21:08:20.0388 4648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:08:20.0403 4648 SiSRaid4 - ok
21:08:20.0403 4648 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:08:20.0450 4648 Smb - ok
21:08:20.0466 4648 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:08:20.0481 4648 spldr - ok
21:08:20.0497 4648 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:08:20.0512 4648 srv - ok
21:08:20.0528 4648 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:08:20.0544 4648 srv2 - ok
21:08:20.0559 4648 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:08:20.0575 4648 srvnet - ok
21:08:20.0590 4648 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:08:20.0590 4648 stexstor - ok
21:08:20.0606 4648 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:08:20.0622 4648 swenum - ok
21:08:20.0653 4648 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:08:20.0700 4648 Tcpip - ok
21:08:20.0731 4648 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:08:20.0762 4648 TCPIP6 - ok
21:08:20.0778 4648 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:08:20.0809 4648 tcpipreg - ok
21:08:20.0809 4648 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:08:20.0856 4648 TDPIPE - ok
21:08:20.0871 4648 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:08:20.0902 4648 TDTCP - ok
21:08:20.0918 4648 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:08:20.0949 4648 tdx - ok
21:08:20.0965 4648 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
21:08:20.0965 4648 TermDD - ok
21:08:20.0996 4648 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:08:21.0027 4648 tssecsrv - ok
21:08:21.0043 4648 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:08:21.0058 4648 TsUsbFlt - ok
21:08:21.0058 4648 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:08:21.0074 4648 TsUsbGD - ok
21:08:21.0090 4648 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:08:21.0121 4648 tunnel - ok
21:08:21.0136 4648 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
21:08:21.0152 4648 TurboB - ok
21:08:21.0152 4648 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:08:21.0168 4648 uagp35 - ok
21:08:21.0183 4648 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:08:21.0214 4648 udfs - ok
21:08:21.0230 4648 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:08:21.0246 4648 uliagpkx - ok
21:08:21.0261 4648 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:08:21.0277 4648 umbus - ok
21:08:21.0277 4648 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:08:21.0292 4648 UmPass - ok
21:08:21.0308 4648 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:08:21.0324 4648 USBAAPL64 - ok
21:08:21.0324 4648 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:08:21.0339 4648 usbccgp - ok
21:08:21.0355 4648 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:08:21.0370 4648 usbcir - ok
21:08:21.0370 4648 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:08:21.0386 4648 usbehci - ok
21:08:21.0402 4648 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:08:21.0417 4648 usbhub - ok
21:08:21.0433 4648 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:08:21.0448 4648 usbohci - ok
21:08:21.0448 4648 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
21:08:21.0464 4648 usbprint - ok
21:08:21.0480 4648 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:08:21.0495 4648 USBSTOR - ok
21:08:21.0495 4648 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:08:21.0511 4648 usbuhci - ok
21:08:21.0526 4648 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
21:08:21.0542 4648 usbvideo - ok
21:08:21.0558 4648 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:08:21.0573 4648 vdrvroot - ok
21:08:21.0573 4648 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:08:21.0589 4648 vga - ok
21:08:21.0604 4648 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:08:21.0651 4648 VgaSave - ok
21:08:21.0651 4648 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:08:21.0667 4648 vhdmp - ok
21:08:21.0682 4648 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:08:21.0682 4648 viaide - ok
21:08:21.0698 4648 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:08:21.0714 4648 volmgr - ok
21:08:21.0729 4648 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:08:21.0745 4648 volmgrx - ok
21:08:21.0745 4648 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
21:08:21.0760 4648 volsnap - ok
21:08:21.0776 4648 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:08:21.0792 4648 vsmraid - ok
21:08:21.0807 4648 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:08:21.0823 4648 vwifibus - ok
21:08:21.0823 4648 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:08:21.0838 4648 vwififlt - ok
21:08:21.0854 4648 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:08:21.0870 4648 vwifimp - ok
21:08:21.0885 4648 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:08:21.0901 4648 WacomPen - ok
21:08:21.0901 4648 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:08:21.0932 4648 WANARP - ok
21:08:21.0948 4648 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:08:21.0979 4648 Wanarpv6 - ok
21:08:21.0994 4648 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:08:21.0994 4648 Wd - ok
21:08:22.0010 4648 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:08:22.0041 4648 Wdf01000 - ok
21:08:22.0057 4648 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:08:22.0088 4648 WfpLwf - ok
21:08:22.0104 4648 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
21:08:22.0119 4648 WimFltr - ok
21:08:22.0119 4648 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:08:22.0135 4648 WIMMount - ok
21:08:22.0150 4648 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:08:22.0166 4648 WinUsb - ok
21:08:22.0197 4648 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:08:22.0197 4648 WmiAcpi - ok
21:08:22.0228 4648 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:08:22.0260 4648 ws2ifsl - ok
21:08:22.0275 4648 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:08:22.0306 4648 WudfPf - ok
21:08:22.0322 4648 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:08:22.0353 4648 WUDFRd - ok
21:08:22.0369 4648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:08:22.0416 4648 \Device\Harddisk0\DR0 - ok
21:08:22.0416 4648 Boot (0x1200) (11c61215f9417a31808a7601214c66ee) \Device\Harddisk0\DR0\Partition0
21:08:22.0416 4648 \Device\Harddisk0\DR0\Partition0 - ok
21:08:22.0416 4648 ============================================================
21:08:22.0416 4648 Scan finished
21:08:22.0416 4648 ============================================================
21:08:22.0431 3248 Detected object count: 0
21:08:22.0431 3248 Actual detected object count: 0
|
|
18.01.2012, 21:46
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.01.2012, 22:02
| #10 |
| | TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich alles klar, hier der OTL log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.01.2012 21:53:00 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 62,82% Memory free 7,81 Gb Paging File | 6,30 Gb Available in Paging File | 80,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 74,16 Gb Free Space | 62,19% Space Free | Partition Type: NTFS Computer Name: ZENBOOK | User Name: Michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.15 22:18:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.11.11 18:25:36 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2011.11.11 18:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2011.11.01 23:25:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2011.10.04 21:14:10 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe PRC - [2011.10.04 21:14:06 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe PRC - [2011.10.04 03:09:38 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe PRC - [2011.10.04 00:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.10.03 20:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe PRC - [2011.09.29 19:41:06 | 000,092,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe PRC - [2011.08.02 23:31:22 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.07.22 00:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2011.06.30 01:16:10 | 000,503,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe PRC - [2010.12.21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.10.07 23:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe ========== Modules (No Company Name) ========== MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.10.04 21:14:06 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll MOD - [2007.12.04 10:45:38 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\CubeDesktop\CubeDesktopHooks.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.30 00:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.09.29 19:41:06 | 000,092,800 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn) SRV - [2011.08.02 23:31:22 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.08.02 23:13:24 | 000,103,584 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.12.21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.12.21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.11.23 15:13:10 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.10.18 18:47:12 | 000,198,448 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011.10.17 06:29:08 | 000,202,496 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3) DRV:64bit: - [2011.10.17 06:29:08 | 000,069,888 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3) DRV:64bit: - [2011.09.16 04:35:40 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2011.09.16 04:35:18 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.08.29 06:46:00 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.08.29 06:46:00 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.08.02 23:22:52 | 000,511,136 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.08.02 23:22:06 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.08.02 23:21:50 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.08.02 23:21:20 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.08.02 23:21:04 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.08.02 23:20:50 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.08.02 23:20:34 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2011.08.02 23:20:18 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.07.28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011.05.13 23:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.04.26 04:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.15 11:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011.02.26 02:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2010.11.30 00:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.04.28 18:59:16 | 000,027,264 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd) DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.05.23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.09.07 18:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.23 18:34:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.23 18:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions [2012.01.12 18:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\9hogzsaw.default\extensions [2012.01.15 01:03:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\9hogzsaw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.23 18:34:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.01.18 20:33:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [CubeDesktop] C:\Program Files (x86)\CubeDesktop\cubedesktop.exe (Thinking Minds Building Bytes) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07B2F95D-8B92-4A00-881D-1D3913074A2F}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MPSSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.18 21:04:28 | 001,975,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\tdsskiller.exe [2012.01.18 20:35:49 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.01.18 20:33:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.01.18 20:28:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.01.18 20:28:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.01.18 20:28:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.01.18 20:28:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.01.18 20:20:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.01.18 20:17:08 | 004,387,138 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe [2012.01.18 11:01:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Amilo Li1718 [2012.01.16 22:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.01.16 22:03:12 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Michael\Desktop\esetsmartinstaller_enu.exe [2012.01.15 23:38:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\ICQ [2012.01.15 22:27:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes [2012.01.15 22:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.15 22:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.15 22:27:15 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.01.15 22:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.01.15 22:24:52 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Michael\Desktop\mbam-setup-1.60.0.1800.exe [2012.01.15 22:18:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe [2012.01.14 23:52:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\iCloud [2012.01.14 18:19:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Moka [2012.01.14 18:13:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Outlook-Dateien [2012.01.14 18:08:11 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\aa1bb932 [2012.01.14 17:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reincubate [2012.01.13 16:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP [2012.01.13 16:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP [2012.01.13 16:35:39 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\redsn0w [2012.01.12 18:49:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft [2012.01.12 18:49:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.12 18:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.01.12 18:49:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\DVDVideoSoft [2012.01.12 18:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.01.12 18:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.01.12 18:32:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Apple Computer [2012.01.12 18:32:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Apple Computer [2012.01.12 18:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.01.12 18:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.01.12 18:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.01.12 18:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.01.12 18:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.01.12 18:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012.01.12 18:27:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Apple [2012.01.12 18:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.01.12 18:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.01.12 18:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.01.12 18:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.01.12 18:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.01.12 18:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.01.10 17:39:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Thinking Minds Budiling Bytes [2012.01.10 17:38:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CubeDesktop [2012.01.10 17:38:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CubeDesktop [2012.01.10 17:27:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GetRightToGo [2012.01.10 17:27:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Downloads [2012.01.07 13:48:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\CrashDumps [2012.01.07 12:36:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Dexpot [2012.01.02 14:07:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\Computer D [2012.01.01 17:31:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011.12.28 15:53:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\WinRAR [2011.12.28 15:53:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.12.28 15:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.12.28 15:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2011.12.28 15:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.12.28 15:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011.12.28 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011.12.28 15:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2011.12.28 15:17:49 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Microsoft Help [2011.12.28 15:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.12.28 15:17:38 | 000,000,000 | R--D | C] -- C:\MSOCache [2011.12.28 13:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011.12.24 23:26:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Microsoft Games [2011.12.24 17:52:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\vlc [2011.12.24 17:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.12.24 17:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2011.12.24 16:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7 [2011.12.24 16:30:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ICQ [2011.12.24 16:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.7 [2011.12.24 16:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus [2011.12.24 16:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint [2011.12.24 03:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2011.12.24 03:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro [2011.12.24 03:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2011.12.24 03:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstantOn [2011.12.24 03:22:23 | 000,155,648 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\ACEngSvr.exe [2011.12.24 03:22:08 | 000,027,264 | ---- | C] (ASUS Corporation) -- C:\Windows\SysNative\drivers\assd.sys [2011.12.24 03:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ASUS [2011.12.24 03:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS [2011.12.24 03:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G [2011.12.24 03:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\P4G [2011.12.24 03:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [2011.12.24 03:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\USBChargerPlus [2011.12.24 03:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2011.12.24 03:20:59 | 000,016,768 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiCharger.sys [2011.12.24 03:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros [2011.12.24 03:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite [2011.12.24 03:18:41 | 002,796,544 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys [2011.12.24 03:18:41 | 002,796,544 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys [2011.12.24 03:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation [2011.12.24 03:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Qualcomm Atheros [2011.12.24 03:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIX Electronics Corporation [2011.12.24 03:18:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda [2011.12.24 03:17:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2011.12.24 03:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2011.12.24 03:17:45 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2011.12.24 03:17:45 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2011.12.24 03:17:45 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2011.12.24 03:17:45 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2011.12.24 03:17:45 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2011.12.24 03:17:45 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2011.12.24 03:17:44 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2011.12.24 03:17:44 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2011.12.24 03:17:44 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2011.12.24 03:17:44 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2011.12.24 03:17:44 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2011.12.24 03:17:44 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2011.12.24 03:17:44 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2011.12.24 03:17:44 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2011.12.24 03:17:44 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2011.12.24 03:17:44 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2011.12.24 03:17:44 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2011.12.24 03:17:44 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2011.12.24 03:17:44 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2011.12.24 03:17:44 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2011.12.24 03:17:44 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2011.12.24 03:17:44 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2011.12.24 03:17:44 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2011.12.24 03:17:44 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2011.12.24 03:17:44 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2011.12.24 03:17:44 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2011.12.24 03:17:43 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2011.12.24 03:17:43 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2011.12.24 03:17:43 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2011.12.24 03:17:43 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2011.12.24 03:17:43 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2011.12.24 03:17:43 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2011.12.24 03:17:43 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2011.12.24 03:17:43 | 000,527,872 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2011.12.24 03:17:43 | 000,515,584 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2011.12.24 03:17:43 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2011.12.24 03:17:43 | 000,439,808 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2011.12.24 03:17:43 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2011.12.24 03:17:43 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2011.12.24 03:17:43 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2011.12.24 03:17:43 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2011.12.24 03:17:43 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2011.12.24 03:17:43 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2011.12.24 03:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2011.12.24 03:17:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2011.12.24 03:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2011.12.24 03:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech [2011.12.24 03:16:42 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2011.12.24 03:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Fresco Logic [2011.12.24 03:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2011.12.24 03:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2011.12.24 03:16:08 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2011.12.24 03:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2011.12.24 03:15:59 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2011.12.24 03:15:47 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2011.12.24 03:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2011.12.24 03:15:43 | 000,000,000 | ---D | C] -- C:\Intel [2011.12.24 03:15:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.12.24 03:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility [2011.12.24 03:13:41 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011.12.23 18:34:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Mozilla [2011.12.23 18:34:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Mozilla [2011.12.23 18:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011.12.23 18:27:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Macromedia [2011.12.23 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Adobe [2011.12.23 18:27:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Diagnostics [2011.12.23 18:18:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\ASUS [2011.12.23 18:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS [2011.12.23 18:05:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FLEXnet [2011.12.23 18:05:39 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Nuance [2011.12.23 18:05:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Zeon [2011.12.23 17:59:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\BMExplorer [2011.12.23 17:59:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Bluetooth Folder [2011.12.23 17:59:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Atheros [2011.12.23 17:58:31 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.12.23 17:58:31 | 000,000,000 | R--D | C] -- C:\Users\Michael\Searches [2011.12.23 17:58:31 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.12.23 17:58:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Identities [2011.12.23 17:58:24 | 000,000,000 | R--D | C] -- C:\Users\Michael\Contacts [2011.12.23 17:58:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\VirtualStore [2011.12.23 17:58:21 | 000,000,000 | R-SD | C] -- C:\Users\Public\Desktop\AsusTools [2011.12.23 17:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView [2011.12.23 17:58:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ASUS [2011.12.23 17:58:18 | 000,000,000 | --SD | C] -- C:\Users\Michael\AppData\Roaming\Microsoft [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Videos [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Saved Games [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Pictures [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Music [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Links [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Favorites [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Downloads [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Documents [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\Desktop [2011.12.23 17:58:18 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Vorlagen [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\Verlauf [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\Temporary Internet Files [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Startmenü [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\SendTo [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Recent [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Netzwerkumgebung [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Lokale Einstellungen [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Documents\Eigene Videos [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Documents\Eigene Musik [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Eigene Dateien [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Documents\Eigene Bilder [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Druckumgebung [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Cookies [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\Anwendungsdaten [2011.12.23 17:58:18 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Anwendungsdaten [2011.12.23 17:58:18 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData [2011.12.23 17:58:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Temp [2011.12.23 17:58:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Microsoft [2011.12.23 17:58:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Media Center Programs ========== Files - Modified Within 30 Days ========== [2012.01.18 21:03:34 | 001,975,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\tdsskiller.exe [2012.01.18 20:44:38 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.18 20:44:38 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.18 20:41:50 | 001,529,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.18 20:41:50 | 000,665,578 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.18 20:41:50 | 000,627,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.18 20:41:50 | 000,133,758 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.18 20:41:50 | 000,110,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.18 20:37:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.18 20:37:30 | 3144,658,944 | -HS- | M] () -- C:\hiberfil.sys [2012.01.18 20:33:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.01.18 20:16:40 | 004,387,138 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe [2012.01.16 22:03:14 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Michael\Desktop\esetsmartinstaller_enu.exe [2012.01.15 22:31:53 | 000,080,384 | ---- | M] () -- C:\Users\Michael\Desktop\MBRCheck.exe [2012.01.15 22:27:16 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.15 22:24:58 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Michael\Desktop\mbam-setup-1.60.0.1800.exe [2012.01.15 22:18:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe [2012.01.15 00:20:50 | 000,000,600 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\winscp.rnd [2012.01.13 16:48:49 | 000,001,851 | ---- | M] () -- C:\Users\Michael\Desktop\WinSCP.lnk [2012.01.12 18:49:47 | 000,001,400 | ---- | M] () -- C:\Users\Michael\Desktop\Free YouTube to MP3 Converter.lnk [2012.01.12 18:32:11 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.10 17:38:12 | 000,001,045 | ---- | M] () -- C:\Users\Michael\Desktop\CubeDesktop.lnk [2012.01.09 22:40:18 | 000,011,741 | ---- | M] () -- C:\Users\Michael\Desktop\2M_Trainplan_050112.pdf [2012.01.02 18:17:03 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe [2012.01.02 15:11:03 | 000,416,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.01.02 14:07:54 | 000,001,152 | ---- | M] () -- C:\Users\Michael\Desktop\Computer D.lnk [2011.12.28 14:33:12 | 002,621,440 | RH-- | M] () -- C:\UX31E.BIN [2011.12.25 00:00:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.24 17:51:40 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.12.24 16:30:47 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.7.lnk [2011.12.24 16:26:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf [2011.12.24 16:24:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf [2011.12.24 07:58:19 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2011.12.24 07:58:19 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2011.12.24 03:26:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\1043_ASUSTEK_UX31E_V50_WIN7.MRK [2011.12.24 03:22:35 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2011.12.24 03:20:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf [2011.12.24 03:19:30 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBt.bin [2011.12.24 03:19:30 | 000,001,242 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x01.dfu [2011.12.24 03:19:30 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x02.dfu [2011.12.24 03:19:30 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40.dfu [2011.12.24 03:19:30 | 000,001,198 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_26.dfu [2011.12.24 03:17:36 | 000,015,828 | ---- | M] () -- C:\Windows\SysNative\results.xml [2011.12.24 03:16:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_FLxHCIc_01009.Wdf [2011.12.23 18:34:18 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.12.23 18:18:20 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini ========== Files Created - No Company Name ========== [2012.01.18 20:28:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.01.18 20:28:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.01.18 20:28:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.01.18 20:28:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.01.18 20:28:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.01.15 22:31:50 | 000,080,384 | ---- | C] () -- C:\Users\Michael\Desktop\MBRCheck.exe [2012.01.15 22:27:16 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.13 16:48:50 | 000,000,600 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\winscp.rnd [2012.01.13 16:48:49 | 000,001,851 | ---- | C] () -- C:\Users\Michael\Desktop\WinSCP.lnk [2012.01.12 18:49:47 | 000,001,400 | ---- | C] () -- C:\Users\Michael\Desktop\Free YouTube to MP3 Converter.lnk [2012.01.12 18:32:11 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.12 18:27:04 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.01.10 17:38:12 | 000,001,045 | ---- | C] () -- C:\Users\Michael\Desktop\CubeDesktop.lnk [2012.01.09 22:40:29 | 000,011,741 | ---- | C] () -- C:\Users\Michael\Desktop\2M_Trainplan_050112.pdf [2012.01.02 14:07:54 | 000,001,152 | ---- | C] () -- C:\Users\Michael\Desktop\Computer D.lnk [2011.12.25 00:00:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.24 17:51:40 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.12.24 16:30:47 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.7.lnk [2011.12.24 16:26:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf [2011.12.24 16:24:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf [2011.12.24 03:26:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\1043_ASUSTEK_UX31E_V50_WIN7.MRK [2011.12.24 03:22:35 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2011.12.24 03:21:42 | 000,003,116 | ---- | C] () -- C:\Windows\SysNative\wimfltr.inf [2011.12.24 03:20:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf [2011.12.24 03:18:41 | 000,469,372 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf [2011.12.24 03:18:41 | 000,071,579 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat [2011.12.24 03:18:22 | 000,001,083 | ---- | C] () -- C:\setup.iss [2011.12.24 03:17:36 | 000,015,828 | ---- | C] () -- C:\Windows\SysNative\results.xml [2011.12.24 03:16:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_FLxHCIc_01009.Wdf [2011.12.24 03:16:07 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2011.12.24 03:13:41 | 3144,658,944 | -HS- | C] () -- C:\hiberfil.sys [2011.12.23 18:34:18 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.12.23 18:34:17 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.12.23 18:18:20 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2011.12.23 17:58:59 | 000,001,407 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011.12.23 17:58:35 | 000,001,441 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.12.23 17:58:24 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe [2011.10.20 07:47:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.10.20 07:46:59 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.10.20 07:46:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.10.20 07:46:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.10.20 07:46:50 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2009.07.29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2012.01.07 12:36:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dexpot [2012.01.12 18:49:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft [2012.01.12 18:49:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.10 17:27:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GetRightToGo [2012.01.18 20:19:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ICQ [2012.01.14 18:19:07 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Moka [2011.12.23 18:05:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nuance [2012.01.14 18:27:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\redsn0w [2012.01.10 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thinking Minds Budiling Bytes [2011.12.23 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Zeon [2009.07.14 06:08:49 | 000,008,442 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.12.23 18:27:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Adobe [2012.01.14 23:59:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Apple Computer [2011.12.23 17:59:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Atheros [2012.01.07 12:36:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dexpot [2012.01.12 18:49:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft [2012.01.12 18:49:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.23 18:05:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FLEXnet [2012.01.10 17:27:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GetRightToGo [2012.01.18 20:19:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ICQ [2011.12.23 17:58:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Identities [2011.12.23 18:27:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Macromedia [2012.01.15 22:27:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Malwarebytes [2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Media Center Programs [2012.01.14 18:13:09 | 000,000,000 | --SD | M] -- C:\Users\Michael\AppData\Roaming\Microsoft [2012.01.14 18:19:07 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Moka [2011.12.23 18:34:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mozilla [2011.12.23 18:05:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nuance [2012.01.14 18:27:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\redsn0w [2012.01.10 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thinking Minds Budiling Bytes [2012.01.15 01:03:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\vlc [2012.01.02 14:27:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WinRAR [2011.12.23 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Zeon < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2011.04.26 04:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys [2011.04.26 04:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.08.29 06:46:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.08.29 06:46:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.08.29 06:46:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.08.29 06:46:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.08.29 06:46:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.08.29 06:46:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll [2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll [2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.08.29 06:46:00 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.08.29 06:46:00 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.08.29 06:46:00 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.08.29 06:46:00 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.08.29 06:46:00 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.08.29 06:46:00 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll [2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll [2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll [2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll [2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe [2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe [2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe [2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
19.01.2012, 09:30
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!) Code:
ATTFilter :Files
C:\Users\Michael\AppData\Local\aa1bb932
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.01.2012, 16:55
| #12 |
| | TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich Guten Tag, habe den OTL Fix gemacht: Code:
ATTFilter All processes killed
========== FILES ==========
C:\Users\Michael\AppData\Local\aa1bb932 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Michael
->Temp folder emptied: 8 bytes
->Temporary Internet Files folder emptied: 13058933 bytes
->FireFox cache emptied: 121903615 bytes
->Flash cache emptied: 9166 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2682 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 129,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01192012_165152
Files\Folders moved on Reboot...
C:\Users\Michael\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
19.01.2012, 21:21
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.01.2012, 21:36
| #14 |
| | TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich hier die log- Datei von aswMBR Code:
ATTFilter aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 21:31:13
-----------------------------
21:31:13.340 OS Version: Windows x64 6.1.7601 Service Pack 1
21:31:13.340 Number of processors: 4 586 0x2A07
21:31:13.341 ComputerName: ZENBOOK UserName: Michael
21:31:13.852 Initialize success
21:31:40.834 AVAST engine defs: 12011901
21:32:18.763 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:32:18.765 Disk 0 Vendor: SanDisk_ 10.0 Size: 122104MB BusType: 3
21:32:18.767 Disk 0 MBR read successfully
21:32:18.769 Disk 0 MBR scan
21:32:18.772 Disk 0 Windows 7 default MBR code
21:32:18.775 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 122102 MB offset 2048
21:32:18.778 Service scanning
21:32:19.526 Modules scanning
21:32:19.526 Disk 0 trace - called modules:
21:32:19.526 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:32:19.526 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004db8060]
21:32:19.526 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa8004806e40]
21:32:19.542 5 ACPI.sys[fffff88000f187a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004805050]
21:32:20.079 AVAST engine scan C:\Windows
21:32:21.002 AVAST engine scan C:\Windows\system32
21:32:57.512 AVAST engine scan C:\Windows\system32\drivers
21:33:01.188 AVAST engine scan C:\Users\Michael
21:33:31.633 AVAST engine scan C:\ProgramData
21:33:35.226 Scan finished successfully
21:34:13.478 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
21:34:13.482 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
|
|
19.01.2012, 23:43
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/ATRAPS.Gen2 gefunden; mediashifting.com öffnet sich |
| 0x8007042, 0x80070424, aktiv, aufsetzen, beseitigen, check, dringend, einstellungen, eset, fehlercode, fehlercode 0x80070424, fehlermeldung, festgestellt, folge, forum, geändert, klicke, mediashifting.com, neu aufsetzen, neuer, nicht mehr, online, scan, schutz, seite, system, system neu, system neu aufsetzen, tab, tr/atraps.gen, tr/atraps.gen2, windows-firewall, öffnet |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
