|
Plagegeister aller Art und deren Bekämpfung: Trojan.Zbot auf frisch neu aufgesetztem Rechner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.11.2012, 01:53 | #1 |
| Trojan.Zbot auf frisch neu aufgesetztem Rechner? Guten Abend Ich habe kürzlich auf meinem Rechner Windows 7 Professional 64 Bit Neu installiert. Ich hatte noch nicht einmal alle Treiber wieder drauf, als ich auf eine Seite geriet, die mich etwas misstrauisch werden liess, da sie mich ständig redirectete. Ich habe daraufhin Malwarebytes heruntergeladen und upgedatet. Nach einem vollständigen Scan kam die Meldung, dass 2 Dateien mit einem Rootkit infiziert seien. Grossartig.. Nach einigem Überlegen, dachte ich mir, dass das beste wohl einfach eine erneute Neuaufsetzung sei.. Gedacht, getan. Ich habe vor der Neuinstallation alle Laufwerke/Partitionen formatiert und danach Windows 7 zum zweiten Mal neu installiert. Nachdem dies abgeschlossen war wollte ich das Updatepack von Windows installieren, erhielt aber die Fehlermeldung, dass dieses für meine OS-Version nicht zu gebrauchen sei, also erfolgte eine manuelle Updatesession bis Windows Update meldete, dass der Computer auf dem neusten Stand sei. Ich hatte die mbam.exe auf meinem Stick gespeichert, also installierte ich vom Stick aus und klickte dann auf Update. Es folgte ein erneuter Vollscan (Welcher merkwürdigerweise viel schneller beendet wurtde als der erste..) und siehe da: erneut kam die Meldung, dass 2 Dateien infiziert sind, diesmal aber mit dem Trojan.Zbot Ich verstehe nicht, wie das passieren kann, da ich nach der zweiten Neuinstallation nicht surfte und trotzdem bereits wieder den Käfer hatte.. Ich wäre froh, wenn sich dies jemand anschauen und mir allenfalls einen Ratschlag erteilen könnte. Hier die Malwarebytes log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.01.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sal :: SAL-PC [Administrator] Schutz: Aktiviert 02.11.2012 00:32:32 mbam-log-2012-11-02 (00-32-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 319812 Laufzeit: 23 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Windows\System32\InstallShield\_isdel.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e\_isdel.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 01:25 on 02/11/2012 (Sal) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL: Code:
ATTFilter OTL logfile created on: 02.11.2012 01:27:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sal\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 5.91 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 65.24% Memory free 11.82 Gb Paging File | 9.70 Gb Available in Paging File | 82.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 243.21 Gb Total Space | 213.33 Gb Free Space | 87.72% Space Free | Partition Type: NTFS Drive E: | 15.12 Gb Total Space | 13.88 Gb Free Space | 91.85% Space Free | Partition Type: NTFS Drive F: | 465.73 Gb Total Space | 309.41 Gb Free Space | 66.44% Space Free | Partition Type: NTFS Computer Name: SAL-PC | User Name: Sal | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.02 01:19:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sal\Desktop\OTL.exe PRC - [2012.11.01 22:44:57 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2012.10.25 20:02:18 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2011.04.07 21:26:24 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe PRC - [2011.03.25 17:55:16 | 000,091,464 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe PRC - [2010.11.23 18:31:56 | 000,965,728 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe PRC - [2010.11.15 10:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010.10.14 14:38:34 | 000,653,952 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe PRC - [2010.10.07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.10.07 09:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.09.23 16:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.08.17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.07.09 22:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe PRC - [2010.05.24 15:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2010.02.03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2010.01.21 07:22:04 | 000,909,824 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\Windows\vsnp2uvc.exe PRC - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe ========== Modules (No Company Name) ========== MOD - [2011.04.07 21:26:24 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe MOD - [2010.09.23 16:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ========== Services (SafeList) ========== SRV:64bit: - [2011.03.03 16:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.10.25 20:02:18 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011.03.25 17:55:16 | 000,091,464 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService) SRV - [2010.11.25 20:29:54 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.05.24 15:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2010.04.16 16:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.25 20:02:40 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.10.10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.04.08 15:46:08 | 000,177,152 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) DRV:64bit: - [2011.04.08 15:46:08 | 000,056,320 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) DRV:64bit: - [2010.11.25 20:30:12 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.11.25 20:30:12 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2010.11.25 20:30:12 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2010.11.25 20:30:12 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2010.11.25 20:30:12 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2010.11.25 20:30:12 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.11.25 20:30:10 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.14 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.09.08 12:39:32 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.09.07 10:19:38 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2010.08.24 10:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.04.16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.07.21 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.05.23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010.07.26 13:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.02 00:02:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.02 00:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sal\AppData\Roaming\mozilla\Extensions [2012.11.02 00:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.24 18:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 18:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 18:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe () O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4509FF29-3174-4FC4-9E76-43E4DB8B21A2}: DhcpNameServer = 10.0.1.1 O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1d81e681-2467-11e2-98f9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1d81e681-2467-11e2-98f9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\InstAll.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.02 01:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.11.02 01:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.11.02 01:19:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sal\Desktop\OTL.exe [2012.11.02 00:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.11.02 00:04:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2012.11.02 00:04:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2012.11.02 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\Mozilla [2012.11.02 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\Mozilla [2012.11.02 00:02:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.01 23:11:21 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\Malwarebytes [2012.11.01 23:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.01 23:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.01 23:11:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.01 23:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.01 23:04:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2012.11.01 22:52:31 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\Cyberlink [2012.11.01 22:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic [2012.11.01 22:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2012.11.01 22:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2012.11.01 22:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2012.11.01 22:50:43 | 000,000,000 | -H-D | C] -- C:\ASUS.DAT [2012.11.01 22:50:37 | 000,379,520 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\FBAgent.exe [2012.11.01 22:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS [2012.11.01 22:48:26 | 000,000,000 | -H-D | C] -- C:\ExpressGate [2012.11.01 22:48:09 | 000,000,000 | -H-D | C] -- C:\ExpressGateUtil [2012.11.01 22:45:08 | 000,080,512 | ---- | C] (ASUS) -- C:\Windows\ASUS_N3_Series Uninstaller.exe [2012.11.01 22:44:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.11.01 22:44:56 | 003,058,304 | ---- | C] (ASUS) -- C:\Windows\AsScrPro.exe [2012.11.01 22:43:11 | 000,000,000 | ---D | C] -- C:\eSupport [2012.11.01 22:41:24 | 000,183,296 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\ACEngSvr.exe [2012.11.01 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility [2012.11.01 22:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G [2012.11.01 22:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\P4G [2012.11.01 22:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2012.11.01 22:37:41 | 001,800,832 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\snp2uvc.sys [2012.11.01 22:37:41 | 000,909,824 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\vsnp2uvc.exe [2012.11.01 22:37:41 | 000,376,832 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\vsnp2uvc.dll [2012.11.01 22:37:41 | 000,307,712 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysWow64\vsnp2uvc.dll [2012.11.01 22:37:41 | 000,238,592 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\csnp2uvc.dll [2012.11.01 22:37:41 | 000,035,328 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\sncduvc.sys [2012.11.01 22:37:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Atheros [2012.11.01 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\BMExplorer [2012.11.01 22:35:35 | 002,228,736 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys [2012.11.01 22:34:22 | 000,000,000 | ---D | C] -- C:\Users\Sal\Documents\Bluetooth Folder [2012.11.01 22:34:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program [2012.11.01 22:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros [2012.11.01 22:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros [2012.11.01 22:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2012.11.01 22:33:22 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\InstallShield [2012.11.01 22:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech [2012.11.01 22:33:13 | 004,678,024 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\ETDUI.cpl [2012.11.01 22:33:13 | 000,129,024 | ---- | C] (ELAN Microelectronic Corp.) -- C:\Windows\SysNative\drivers\ETD.sys [2012.11.01 22:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Fresco Logic Inc [2012.11.01 22:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor [2012.11.01 22:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmIcoSingLun [2012.11.01 22:31:05 | 000,076,912 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys [2012.11.01 22:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virage Logic, Corp [2012.11.01 22:30:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2012.11.01 22:30:42 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\Downloaded Installations [2012.11.01 22:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus [2012.11.01 22:30:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.11.01 22:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.11.01 22:30:22 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012.11.01 22:30:22 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.11.01 22:30:22 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.11.01 22:30:22 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.11.01 22:30:22 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.11.01 22:30:21 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll [2012.11.01 22:30:21 | 000,180,048 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFProc64.dll [2012.11.01 22:30:21 | 000,086,352 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFComm64.dll [2012.11.01 22:30:21 | 000,083,792 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFSAPO64.dll [2012.11.01 22:30:21 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFHAPO64.dll [2012.11.01 22:30:21 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFDAPO64.dll [2012.11.01 22:30:21 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll [2012.11.01 22:30:21 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll [2012.11.01 22:30:21 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012.11.01 22:30:18 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.11.01 22:30:18 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.11.01 22:30:18 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.11.01 22:30:18 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.11.01 22:30:18 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.11.01 22:30:18 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.11.01 22:30:14 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012.11.01 22:30:14 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.11.01 22:30:11 | 000,474,336 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012.11.01 22:30:11 | 000,338,336 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.11.01 22:30:10 | 001,325,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012.11.01 22:30:10 | 001,178,336 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012.11.01 22:30:10 | 001,110,240 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012.11.01 22:30:10 | 000,503,520 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012.11.01 22:30:10 | 000,315,616 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012.11.01 22:30:10 | 000,268,512 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012.11.01 22:30:10 | 000,265,440 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012.11.01 22:30:10 | 000,124,640 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012.11.01 22:30:10 | 000,124,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012.11.01 22:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.11.01 22:30:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2012.11.01 22:30:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.11.01 22:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.11.01 22:29:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV [2012.11.01 22:29:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV [2012.11.01 22:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.11.01 22:26:26 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.11.01 22:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.11.01 22:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.11.01 22:23:08 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.11.01 22:23:08 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.11.01 22:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.11.01 22:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012.11.01 22:21:05 | 000,000,000 | ---D | C] -- C:\NvidiaLogs [2012.11.01 22:19:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2012.11.01 22:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2012.11.01 22:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2012.11.01 22:13:14 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2012.11.01 22:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2012.11.01 22:12:15 | 000,000,000 | ---D | C] -- C:\Intel [2012.11.01 22:08:18 | 000,000,000 | R--D | C] -- C:\Users\Sal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.11.01 22:08:18 | 000,000,000 | R--D | C] -- C:\Users\Sal\Searches [2012.11.01 22:08:18 | 000,000,000 | R--D | C] -- C:\Users\Sal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.11.01 22:08:09 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\Identities [2012.11.01 22:08:07 | 000,000,000 | R--D | C] -- C:\Users\Sal\Contacts [2012.11.01 22:08:06 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\VirtualStore [2012.11.01 22:07:52 | 000,000,000 | --SD | C] -- C:\Users\Sal\AppData\Roaming\Microsoft [2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Videos [2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Saved Games [2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Pictures [2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Music [2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Links [2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Favorites [2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Downloads [2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Documents [2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Desktop [2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Vorlagen [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\AppData\Local\Verlauf [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\AppData\Local\Temporary Internet Files [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Startmenü [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\SendTo [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Recent [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Netzwerkumgebung [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Lokale Einstellungen [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Documents\Eigene Videos [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Documents\Eigene Musik [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Eigene Dateien [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Documents\Eigene Bilder [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Druckumgebung [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Cookies [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\AppData\Local\Anwendungsdaten [2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Anwendungsdaten [2012.11.01 22:07:52 | 000,000,000 | -H-D | C] -- C:\Users\Sal\AppData [2012.11.01 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\Temp [2012.11.01 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\Microsoft [2012.11.01 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\Media Center Programs [2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\Programme [2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.11.01 22:03:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.11.01 22:00:56 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.11.01 22:00:14 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.11.01 21:59:42 | 000,000,000 | ---D | C] -- C:\Windows\Panther ========== Files - Modified Within 30 Days ========== [2012.11.02 01:25:28 | 000,000,000 | ---- | M] () -- C:\Users\Sal\defogger_reenable [2012.11.02 01:19:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sal\Desktop\OTL.exe [2012.11.02 01:19:19 | 000,050,477 | ---- | M] () -- C:\Users\Sal\Desktop\Defogger.exe [2012.11.02 00:27:14 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.02 00:27:14 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.02 00:27:14 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.02 00:27:14 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.02 00:27:14 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.02 00:19:15 | 000,020,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.02 00:19:15 | 000,020,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.02 00:17:49 | 000,001,216 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.11.02 00:17:26 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012.11.02 00:16:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.02 00:16:31 | 466,653,183 | -HS- | M] () -- C:\hiberfil.sys [2012.11.01 23:59:09 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012.11.01 23:57:48 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini [2012.11.01 23:57:40 | 000,276,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.01 23:28:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.11.01 23:28:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.11.01 23:13:17 | 000,001,674 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.11.01 23:00:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_N73SV.alu [2012.11.01 22:50:43 | 000,002,617 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2012.11.01 22:45:09 | 000,080,512 | ---- | M] (ASUS) -- C:\Windows\ASUS_N3_Series Uninstaller.exe [2012.11.01 22:44:57 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe [2012.11.01 22:35:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf [2012.11.01 22:34:24 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBt.bin [2012.11.01 22:31:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_FLxHCIc_01009.Wdf [2012.11.01 22:21:08 | 000,018,670 | ---- | M] () -- C:\Windows\SysNative\results.xml [2012.11.01 22:09:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.11.01 22:03:42 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.11.01 22:03:42 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.10.25 20:02:18 | 000,014,148 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.10.16 22:34:57 | 003,544,134 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2012.10.10 02:22:42 | 000,147,759 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources [2012.10.10 02:22:42 | 000,136,873 | ---- | M] () -- C:\Windows\SysNative\Gfxres.da-DK.resources [2012.10.10 02:22:42 | 000,080,384 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll [2012.10.10 02:22:38 | 000,158,727 | ---- | M] () -- C:\Windows\SysNative\Gfxres.he-IL.resources [2012.10.10 02:22:38 | 000,147,101 | ---- | M] () -- C:\Windows\SysNative\Gfxres.de-DE.resources [2012.10.10 02:22:38 | 000,141,739 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources [2012.10.10 02:22:36 | 000,163,120 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources [2012.10.10 02:22:36 | 000,059,230 | ---- | M] () -- C:\Windows\SysNative\iglhxc64.vp [2012.10.10 02:22:34 | 000,143,976 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources [2012.10.10 02:22:34 | 000,143,657 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources [2012.10.10 02:22:34 | 000,064,512 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 02:22:34 | 000,058,109 | ---- | M] () -- C:\Windows\SysNative\iglhxo64_dev.vp [2012.10.10 02:22:32 | 000,144,378 | ---- | M] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources [2012.10.10 02:22:30 | 000,143,730 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources [2012.10.10 02:22:28 | 000,272,928 | ---- | M] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.10.10 02:22:28 | 000,272,928 | ---- | M] () -- C:\Windows\SysNative\igvpkrng600.bin [2012.10.10 02:22:28 | 000,145,211 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources [2012.10.10 02:22:28 | 000,142,617 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources [2012.10.10 02:22:28 | 000,141,574 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources [2012.10.10 02:22:28 | 000,137,621 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources [2012.10.10 02:22:28 | 000,137,534 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources [2012.10.10 02:22:28 | 000,059,398 | ---- | M] () -- C:\Windows\SysNative\iglhxg64.vp [2012.10.10 02:22:26 | 001,981,696 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.cpa [2012.10.10 02:22:26 | 000,193,862 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources [2012.10.10 02:22:26 | 000,142,008 | ---- | M] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources [2012.10.10 02:22:26 | 000,058,796 | ---- | M] () -- C:\Windows\SysNative\iglhxg64_dev.vp [2012.10.10 02:22:24 | 000,209,727 | ---- | M] () -- C:\Windows\SysNative\Gfxres.el-GR.resources [2012.10.10 02:22:24 | 000,149,390 | ---- | M] () -- C:\Windows\SysNative\Gfxres.it-IT.resources [2012.10.10 02:22:24 | 000,124,403 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources [2012.10.10 02:22:22 | 000,223,233 | ---- | M] () -- C:\Windows\SysNative\Gfxres.th-TH.resources [2012.10.10 02:22:22 | 000,145,715 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources [2012.10.10 02:22:22 | 000,142,990 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources [2012.10.10 02:22:22 | 000,142,423 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources [2012.10.10 02:22:22 | 000,132,360 | ---- | M] () -- C:\Windows\SysNative\Gfxres.en-US.resources [2012.10.10 02:22:22 | 000,059,425 | ---- | M] () -- C:\Windows\SysNative\iglhxo64.vp [2012.10.10 02:22:22 | 000,059,104 | ---- | M] () -- C:\Windows\SysNative\iglhxc64_dev.vp [2012.10.10 02:22:22 | 000,000,259 | ---- | M] () -- C:\Windows\SysNative\GfxUI.exe.config [2012.10.10 02:22:20 | 000,963,452 | ---- | M] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.10.10 02:22:20 | 000,963,452 | ---- | M] () -- C:\Windows\SysNative\igcodeckrng600.bin [2012.10.10 02:22:18 | 000,147,010 | ---- | M] () -- C:\Windows\SysNative\Gfxres.es-ES.resources [2012.10.10 02:22:18 | 000,126,035 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources [2012.10.10 02:22:18 | 000,001,074 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.vp [2012.10.10 02:22:16 | 000,165,865 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources [2012.10.10 02:22:16 | 000,140,779 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources [2012.10.10 02:22:16 | 000,017,058 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp [2012.10.10 02:22:16 | 000,009,728 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll ========== Files Created - No Company Name ========== [2012.11.02 01:25:28 | 000,000,000 | ---- | C] () -- C:\Users\Sal\defogger_reenable [2012.11.02 01:19:18 | 000,050,477 | ---- | C] () -- C:\Users\Sal\Desktop\Defogger.exe [2012.11.01 23:28:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.11.01 23:28:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.11.01 23:00:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_N73SV.alu [2012.11.01 22:50:43 | 000,002,617 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2012.11.01 22:50:37 | 000,001,674 | ---- | C] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.11.01 22:50:37 | 000,001,216 | ---- | C] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.11.01 22:50:37 | 000,000,105 | ---- | C] () -- C:\Windows\SysNative\FastBoot.ini [2012.11.01 22:50:37 | 000,000,080 | ---- | C] () -- C:\Windows\SysNative\Defrag.ini [2012.11.01 22:50:37 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\RemoveFont.ini [2012.11.01 22:50:37 | 000,000,015 | ---- | C] () -- C:\Windows\SysNative\BootTime.ini [2012.11.01 22:50:04 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\acovcnt.exe [2012.11.01 22:43:08 | 000,003,116 | ---- | C] () -- C:\Windows\SysNative\wimfltr.inf [2012.11.01 22:37:50 | 000,015,416 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\kbfiltr.sys [2012.11.01 22:37:41 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2012.11.01 22:37:41 | 000,013,021 | ---- | C] () -- C:\Windows\snp2uvc.src [2012.11.01 22:37:20 | 000,000,035 | ---- | C] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012.11.01 22:35:36 | 000,355,542 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf [2012.11.01 22:35:35 | 000,056,092 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat [2012.11.01 22:35:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf [2012.11.01 22:33:44 | 000,246,804 | ---- | C] () -- C:\Windows\SysNative\AtherosBT.bin [2012.11.01 22:31:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_FLxHCIc_01009.Wdf [2012.11.01 22:30:28 | 000,000,520 | R--- | C] () -- C:\Windows\SysNative\drivers\SamSfPa.dat [2012.11.01 22:25:31 | 000,014,148 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012.11.01 22:21:08 | 000,018,670 | ---- | C] () -- C:\Windows\SysNative\results.xml [2012.11.01 22:19:24 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.11.01 22:19:24 | 000,960,940 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin [2012.11.01 22:19:24 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.11.01 22:19:24 | 000,213,332 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin [2012.11.01 22:19:24 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.11.01 22:19:24 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin [2012.11.01 22:19:24 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll [2012.11.01 22:09:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.11.01 22:08:23 | 000,001,405 | ---- | C] () -- C:\Users\Sal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.11.01 22:08:20 | 000,001,439 | ---- | C] () -- C:\Users\Sal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.11.01 22:03:36 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.11.01 22:03:25 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.11.01 22:00:14 | 466,653,183 | -HS- | C] () -- C:\hiberfil.sys [2012.10.10 02:22:42 | 000,147,759 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources [2012.10.10 02:22:42 | 000,136,873 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources [2012.10.10 02:22:42 | 000,080,384 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll [2012.10.10 02:22:38 | 000,158,727 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources [2012.10.10 02:22:38 | 000,147,101 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources [2012.10.10 02:22:38 | 000,141,739 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources [2012.10.10 02:22:36 | 000,163,120 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources [2012.10.10 02:22:36 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp [2012.10.10 02:22:34 | 000,143,976 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources [2012.10.10 02:22:34 | 000,143,657 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources [2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 02:22:34 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp [2012.10.10 02:22:32 | 000,144,378 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources [2012.10.10 02:22:30 | 000,143,730 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources [2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysNative\igvpkrng600.bin [2012.10.10 02:22:28 | 000,145,211 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources [2012.10.10 02:22:28 | 000,142,617 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources [2012.10.10 02:22:28 | 000,141,574 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources [2012.10.10 02:22:28 | 000,137,621 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources [2012.10.10 02:22:28 | 000,137,534 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources [2012.10.10 02:22:28 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp [2012.10.10 02:22:26 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa [2012.10.10 02:22:26 | 000,193,862 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources [2012.10.10 02:22:26 | 000,142,008 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources [2012.10.10 02:22:26 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp [2012.10.10 02:22:24 | 000,209,727 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources [2012.10.10 02:22:24 | 000,149,390 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources [2012.10.10 02:22:24 | 000,124,403 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources [2012.10.10 02:22:22 | 000,223,233 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources [2012.10.10 02:22:22 | 000,145,715 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources [2012.10.10 02:22:22 | 000,142,990 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources [2012.10.10 02:22:22 | 000,142,423 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources [2012.10.10 02:22:22 | 000,132,360 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources [2012.10.10 02:22:22 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp [2012.10.10 02:22:22 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp [2012.10.10 02:22:22 | 000,000,259 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config [2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysNative\igcodeckrng600.bin [2012.10.10 02:22:18 | 000,147,010 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources [2012.10.10 02:22:18 | 000,126,035 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources [2012.10.10 02:22:18 | 000,001,074 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp [2012.10.10 02:22:16 | 000,165,865 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources [2012.10.10 02:22:16 | 000,140,779 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources [2012.10.10 02:22:16 | 000,017,058 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp [2012.10.10 02:22:16 | 000,009,728 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== < End of report > apollo ÜBRIGENS.. Ich werde den Rechner sowieso nocheinmal neu aufsetzen. Frage mich nur, welche Schritte zur Infektion geführt haben, um zu wissen ab wann der Rechner "sicher" unterwegs ist. Reicht es aus, wenn der Rechner nur eine Internetverbindung herstellt? Ich habe lediglich Windows und Malwarebyte upgedatet, keinen Browser geöffnet. Woher komt in einem solchen Fall der Virus? NACHTRAG: Habe etwas gegoogelt und die Meldung hat sich als false pisotive herausgestellt.. Malwarebytes upgedated, erneut gescannt: keine infizierten files |
08.11.2012, 21:01 | #2 |
/// TB-Ausbilder | Trojan.Zbot auf frisch neu aufgesetztem Rechner? Servus,
__________________wie du bereits selbst festgestellt hast, handelt es sich bei den beiden Funden von MBAM um einen Fehlalarm, also kein Grund zur Sorge. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
Themen zu Trojan.Zbot auf frisch neu aufgesetztem Rechner? |
administrator, asus, autorun, computer, error, explorer, fehlermeldung, firefox, focus, hotkey, infiziert, log, logfile, neu, neuaufsetzung, nvidia, nvidia update, nvpciflt.sys, programme, realtek, registry, rootkit, scan, software, stick, windows, windows xp, wlan, wscript.exe |