|  | 
| 
 | |||||||
| Log-Analyse und Auswertung: Beim öffnen von firefox bginnt Musik im HintergrundWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. | 
|  27.09.2011, 17:23 | #1 | 
|  |   Beim öffnen von firefox bginnt Musik im Hintergrund Es hat alles schon mit meinem alten Laptop begonnen. Plötzlich lief Musik im Hintergrund obwohl ich weder einen Player an hatte, noch bei youtube war oder sonstige Videos gestreamt wurden. Hinzu kam noch, dass bei Google die Suchergebnisse zwar richtig angezeigt wurden, ich beim klicken allerdings auf Werbewebseiten gelandet bin. Seit 2 Tagen habe ich nun einen neuen Laptop. Im Vorfeld muss ich wohl noch erwähnen, dass ich fast ausschliesslich nur auf einer externen Festplatte speichere. Jedenfalls ertönt wieder diese Musik im Hintergrund sobald ich Firefox öffne. Die Googleproblematik gibt es anscheinend nicht mehr. Ich verstehe nicht woran es liegen kann, denn bei der Installation von Firefox habe ich mir die Software frisch von chip.de besorgt und meine externe Festplatte habe ich öfters mit einem Antivirus programm gescannt (Trend Micro Titanium Internet Security) allerdings ohne Befunde. Hier nun meine OTL logfile Code: 
  ATTFilter OTL logfile created on: 27.09.2011 16:44:22 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,41 Gb Available Physical Memory | 80,37% Memory free 15,96 Gb Paging File | 14,23 Gb Available in Paging File | 89,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200,28 Gb Total Space | 161,16 Gb Free Space | 80,47% Space Free | Partition Type: NTFS Drive D: | 240,48 Gb Total Space | 240,39 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 752,98 Gb Free Space | 80,83% Space Free | Partition Type: NTFS Computer Name: CEREBRO | User Name: Andreas Malleschitz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.27 16:17:45 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.23 21:14:22 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.07.18 15:27:40 | 001,170,432 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe PRC - [2011.06.10 19:49:10 | 002,255,360 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011.05.20 20:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.03.13 19:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010.11.15 19:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010.10.07 23:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.08.17 23:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.07.10 07:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe ========== Modules (No Company Name) ========== MOD - [2011.07.18 15:27:40 | 000,203,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll MOD - [2011.06.10 19:49:10 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll MOD - [2011.02.19 06:23:39 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2011.02.19 06:23:39 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2011.02.19 06:23:24 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2011.02.18 22:13:30 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\299d0b38053fd7cbd84bac2178c3703b\PresentationFramework.Aero.ni.dll MOD - [2011.02.18 22:13:26 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll MOD - [2011.02.18 22:13:16 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll MOD - [2011.02.18 22:13:09 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll MOD - [2011.02.18 22:12:53 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll MOD - [2011.02.18 22:12:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll MOD - [2011.02.18 22:12:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll MOD - [2011.02.18 22:12:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll MOD - [2011.02.18 22:12:24 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll MOD - [2011.02.18 22:12:18 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.06.08 07:09:26 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011.06.08 03:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.02.16 20:20:04 | 000,256,336 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp) SRV:64bit: - [2011.01.25 23:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.04.13 04:33:32 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service) SRV - [2011.03.13 19:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.03.13 19:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011.03.02 06:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.06.08 04:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.06.08 03:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.30 20:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.13 19:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.03.13 19:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.03.13 19:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.03.13 19:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.03.13 19:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.03.13 19:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.03.13 19:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.03.07 20:22:46 | 002,228,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.04 17:16:20 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.01.18 11:16:46 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.12.31 12:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.11.29 10:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 15:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 15:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.04 12:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.11.04 12:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.09.23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.09.17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2010.09.17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010.09.17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2010.09.17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2010.02.18 18:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.12.02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2009.12.02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009.12.02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2009.12.02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.05.26 04:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\firefoxextension\ [2011.09.26 20:02:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.27 15:30:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.27 15:29:41 | 000,000,000 | ---D | M] [2011.09.27 15:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.09.27 15:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n6j6swjr.default\extensions [2011.09.27 15:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.09.26 20:02:19 | 000,000,000 | ---D | M] (Trend Micro NSC Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\1.5.1464\6.6.1081\FIREFOXEXTENSION [2011.09.03 01:49:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.03 01:49:07 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.03 01:49:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.03 01:49:07 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.03 01:49:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ECB58AB-916C-4CEF-BDFD-C7996FE650BB}: NameServer = 217.0.43.33 217.0.43.17 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.11 05:12:17 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.16 19:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {47B3BDBB-F2AE-4B55-95C8-921C25DB3B76} - .NET Framework ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9793EDE2-499E-4A14-8220-523691D8F91B} - .NET Framework ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {FE600E50-2C69-46D5-ACAA-2B617006245C} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.27 16:41:31 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2011.09.27 16:17:01 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas Malleschitz\Desktop\OTL.exe [2011.09.27 15:30:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2011.09.27 15:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox [2011.09.27 15:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011.09.26 20:02:19 | 000,000,000 | ---D | C] -- C:\temp [2011.09.26 19:28:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.09.26 19:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.26 19:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.26 19:27:50 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.09.26 19:27:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.09.26 18:19:32 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.51.2.1300.exe [2011.09.26 18:07:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SoftGrid Client [2011.09.26 18:07:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2011.09.26 18:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch) [2011.09.26 18:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011.09.26 18:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011.09.26 18:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client [2011.09.26 18:03:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TP [2011.09.26 17:13:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2011.09.26 16:28:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics [2011.09.25 20:08:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2011.09.25 20:02:08 | 000,000,000 | -HSD | C] -- C:\aws [2011.09.25 20:02:08 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ASUS WebStorage [2011.09.25 20:02:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2011.09.25 20:01:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2011.09.24 13:39:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Games [2011.09.24 13:38:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\iWin [2011.09.24 13:34:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ASUS WebStorage [2011.09.24 13:34:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FLEXnet [2011.09.24 13:34:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nuance [2011.09.24 13:33:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Zeon [2011.09.24 13:26:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\BMExplorer [2011.09.24 13:26:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Bluetooth Folder [2011.09.24 13:26:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security [2011.09.24 13:25:07 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.09.24 13:25:07 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.09.24 13:25:06 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2011.09.24 13:24:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2011.09.24 13:24:53 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2011.09.24 13:24:29 | 000,000,000 | R-SD | C] -- C:\Users\Public\Desktop\AsusTools [2011.09.24 13:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView [2011.09.24 13:24:28 | 000,000,000 | -H-D | C] -- C:\ASUS.DAT [2011.09.24 13:24:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Power2Go [2011.09.24 13:24:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2011.09.24 13:23:45 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2011.09.24 13:23:45 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2011.09.24 13:23:45 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2011.09.24 13:23:45 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2011.09.24 13:23:45 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2011.09.24 13:23:45 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.09.24 13:23:45 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2011.09.24 13:23:45 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2011.09.24 13:23:45 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2011.09.24 13:23:45 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2011.09.24 13:23:45 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2011.09.24 13:23:45 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2011.09.24 13:23:45 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2011.09.24 13:23:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2011.09.24 13:23:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2011.09.24 13:23:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011.09.24 13:23:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite [2011.09.24 13:23:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData ========== Files - Modified Within 30 Days ========== [2011.09.27 16:48:34 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.27 16:48:34 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.27 16:48:18 | 008,511,174 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.09.27 16:48:18 | 000,696,810 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2011.09.27 16:48:18 | 000,695,856 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2011.09.27 16:48:18 | 000,693,212 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2011.09.27 16:48:18 | 000,691,866 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2011.09.27 16:48:18 | 000,681,940 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2011.09.27 16:48:18 | 000,678,588 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat [2011.09.27 16:48:18 | 000,655,722 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.09.27 16:48:18 | 000,619,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.09.27 16:48:18 | 000,553,008 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat [2011.09.27 16:48:18 | 000,438,874 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat [2011.09.27 16:48:18 | 000,390,604 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat [2011.09.27 16:48:18 | 000,358,530 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat [2011.09.27 16:48:18 | 000,137,642 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2011.09.27 16:48:18 | 000,134,524 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2011.09.27 16:48:18 | 000,133,546 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2011.09.27 16:48:18 | 000,132,830 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat [2011.09.27 16:48:18 | 000,131,008 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2011.09.27 16:48:18 | 000,130,332 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.09.27 16:48:18 | 000,127,944 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2011.09.27 16:48:18 | 000,107,506 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat [2011.09.27 16:48:18 | 000,107,506 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.09.27 16:48:18 | 000,089,858 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat [2011.09.27 16:48:18 | 000,080,102 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat [2011.09.27 16:48:18 | 000,070,212 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat [2011.09.27 16:41:11 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.27 16:41:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.27 16:40:42 | 2131,529,727 | -HS- | M] () -- C:\hiberfil.sys [2011.09.27 16:38:19 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2011.09.27 16:31:34 | 104,857,600 | ---- | M] () -- C:\Users\***\Desktop\bieof10g.part10.rar [2011.09.27 16:19:30 | 001,110,476 | ---- | M] () -- C:\Users\***\Desktop\7z920.exe [2011.09.27 16:17:45 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.09.27 16:16:44 | 000,050,477 | ---- | M] () -- C:\Users\A***\Desktop\Defogger.exe [2011.09.27 16:06:07 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.27 16:00:12 | 000,001,966 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2011.09.27 15:57:40 | 104,857,600 | ---- | M] () -- C:\Users\***\Desktop\bieof10g.part09.rar [2011.09.27 15:30:51 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2011.09.27 15:30:11 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.09.27 15:08:07 | 000,001,249 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2011.09.26 22:27:50 | 104,857,600 | ---- | M] () -- C:\Users\***\Desktop\bieof10g.part08.rar [2011.09.26 21:51:44 | 104,857,600 | ---- | M] () -- C:\Users\***\Desktop\bieof10g.part07.rar [2011.09.26 21:25:58 | 104,857,600 | ---- | M] () -- C:\Users\***\Desktop\bieof10g.part06.rar [2011.09.26 19:59:41 | 029,177,280 | ---- | M] () -- C:\Users\***\Desktop\bieof10g.part05.rar [2011.09.26 19:45:02 | 104,857,600 | ---- | M] () -- C:\Users\***\Desktop\bieof10g.part04.rar [2011.09.26 19:27:56 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.26 19:00:52 | 104,857,600 | ---- | M] () -- C:\Users\***\Desktop\bieof10g.part03.rar [2011.09.26 18:30:32 | 104,857,600 | ---- | M] () -- C:\Users\***\Desktop\bieof10g.part02.rar [2011.09.26 18:22:13 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Andreas Malleschitz\Desktop\mbam-setup-1.51.2.1300.exe [2011.09.26 18:10:36 | 000,684,297 | ---- | M] () -- C:\Users\Andreas Malleschitz\Desktop\unhide.exe [2011.09.26 18:04:52 | 008,618,964 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.26 17:57:55 | 104,857,600 | ---- | M] () -- C:\Users\***\Desktop\bieof10g.part01.rar [2011.09.26 17:37:23 | 000,223,790 | ---- | M] () -- C:\Users\***\l_15667e48c33040af8b06d08b4bdd20b9.jpg [2011.09.26 17:35:15 | 000,123,405 | ---- | M] () -- C:\Users\***\girls4.jpg [2011.09.26 17:35:08 | 000,101,761 | ---- | M] () -- C:\Users\***\girls3.jpg [2011.09.26 17:35:01 | 000,092,294 | ---- | M] () -- C:\Users\***\girls2.jpg [2011.09.26 17:34:54 | 000,089,536 | ---- | M] () -- C:\Users\***\joannakrupa01g.jpg [2011.09.26 17:34:20 | 000,160,562 | ---- | M] () -- C:\Users\***\wilde.jpg [2011.09.25 17:11:27 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini [2011.09.25 17:09:31 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2011.09.25 17:08:23 | 000,275,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.09.24 13:23:34 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2011.09.24 13:23:34 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011.09.27 16:38:19 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2011.09.27 16:18:50 | 001,110,476 | ---- | C] () -- C:\Users\***\Desktop\7z920.exe [2011.09.27 16:16:44 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2011.09.27 16:04:48 | 104,857,600 | ---- | C] () -- C:\Users\***\Desktop\bieof10g.part10.rar [2011.09.27 16:03:21 | 104,857,600 | ---- | C] () -- C:\Users\***\Desktop\bieof10g.part09.rar [2011.09.27 15:30:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.09.27 15:30:11 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.09.26 21:54:13 | 104,857,600 | ---- | C] () -- C:\Users\***\Desktop\bieof10g.part08.rar [2011.09.26 21:27:06 | 104,857,600 | ---- | C] () -- C:\Users\***\Desktop\bieof10g.part07.rar [2011.09.26 20:57:15 | 104,857,600 | ---- | C] () -- C:\Users\***\Desktop\bieof10g.part06.rar [2011.09.26 19:48:44 | 029,177,280 | ---- | C] () -- C:\Users\***\Desktop\bieof10g.part05.rar [2011.09.26 19:27:56 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.26 19:11:06 | 104,857,600 | ---- | C] () -- C:\Users\***\Desktop\bieof10g.part04.rar [2011.09.26 18:32:31 | 104,857,600 | ---- | C] () -- C:\Users\***\Desktop\bieof10g.part03.rar [2011.09.26 18:10:20 | 000,684,297 | ---- | C] () -- C:\Users\***\Desktop\unhide.exe [2011.09.26 18:04:52 | 008,618,964 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.26 18:02:10 | 104,857,600 | ---- | C] () -- C:\Users\***\Desktop\bieof10g.part02.rar [2011.09.26 17:37:22 | 000,223,790 | ---- | C] () -- C:\Users\***\l_15667e48c33040af8b06d08b4bdd20b9.jpg [2011.09.26 17:35:14 | 000,123,405 | ---- | C] () -- C:\Users\***\girls4.jpg [2011.09.26 17:35:07 | 000,101,761 | ---- | C] () -- C:\Users\***\girls3.jpg [2011.09.26 17:35:01 | 000,092,294 | ---- | C] () -- C:\Users\***\girls2.jpg [2011.09.26 17:34:54 | 000,089,536 | ---- | C] () -- C:\Users\***\joannakrupa01g.jpg [2011.09.26 17:34:19 | 000,160,562 | ---- | C] () -- C:\Users\***\wilde.jpg [2011.09.26 17:30:58 | 104,857,600 | ---- | C] () -- C:\Users\***\Desktop\bieof10g.part01.rar [2011.09.24 13:26:00 | 000,001,407 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011.09.24 13:25:12 | 000,001,441 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.09.24 13:24:09 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\acovcnt.exe [2011.08.23 21:07:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.23 21:03:33 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.06.08 07:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009.07.29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.02.26 08:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config ========== LOP Check ========== [2011.09.25 20:02:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage [2011.09.24 13:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iWin [2011.09.24 13:34:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance [2011.09.26 22:32:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2011.09.26 18:07:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2011.09.24 13:33:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon [2009.07.14 07:08:49 | 000,008,000 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.09.24 13:24:52 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.09.27 16:41:28 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT [2011.04.13 04:49:40 | 000,000,000 | ---D | M] -- C:\AsusVibeData [2011.09.25 20:02:08 | 000,000,000 | -HSD | M] -- C:\aws [2009.07.29 08:03:34 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.08.23 21:14:28 | 000,000,000 | ---D | M] -- C:\eSupport [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.09.26 18:04:15 | 000,000,000 | R--D | M] -- C:\Program Files [2011.09.27 15:29:34 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.09.26 19:27:54 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.09.24 13:21:41 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.09.27 16:51:03 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.09.26 20:02:19 | 000,000,000 | ---D | M] -- C:\temp [2011.09.24 13:23:44 | 000,000,000 | R--D | M] -- C:\Users [2011.09.27 15:30:51 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe [2010.11.20 14:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.20 15:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe [2010.11.20 15:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:81F83028 < End of report > hab gelesen, dass ihr bei Laptops gerne einen MBRCheck hättet; also bitteschön: Code: 
  ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:			
Windows Version:		Windows 7 Home Premium Edition
Windows Information:		Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:	ASUSTeK Computer Inc.
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		ASUSTeK Computer Inc.
System Product Name:		K73BY
Logical Drives Mask:		0x0001007c
Kernel Drivers (total 219):
  0x03066000 \SystemRoot\system32\ntoskrnl.exe
  0x0301D000 \SystemRoot\system32\hal.dll
  0x00BA0000 \SystemRoot\system32\kdcom.dll
  0x00CB3000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x00CC0000 \SystemRoot\system32\PSHED.dll
  0x00CD4000 \SystemRoot\system32\CLFS.SYS
  0x00D32000 \SystemRoot\system32\CI.dll
  0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00CA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00ED8000 \SystemRoot\system32\drivers\ACPI.sys
  0x00F2F000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00F38000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00F42000 \SystemRoot\system32\drivers\pci.sys
  0x00F75000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00F82000 \SystemRoot\System32\drivers\partmgr.sys
  0x00F97000 \SystemRoot\system32\drivers\compbatt.sys
  0x00FA0000 \SystemRoot\system32\drivers\BATTC.SYS
  0x00FAC000 \SystemRoot\system32\drivers\volmgr.sys
  0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00E5C000 \SystemRoot\system32\drivers\pciide.sys
  0x00E63000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00E73000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00E8D000 \SystemRoot\system32\drivers\atapi.sys
  0x00E96000 \SystemRoot\system32\drivers\ataport.SYS
  0x00EC0000 \SystemRoot\system32\drivers\msahci.sys
  0x00FC1000 \SystemRoot\system32\DRIVERS\amd_sata.sys
  0x0102F000 \SystemRoot\system32\DRIVERS\storport.sys
  0x01092000 \SystemRoot\system32\DRIVERS\amd_xata.sys
  0x0109F000 \SystemRoot\system32\drivers\amdxata.sys
  0x010AA000 \SystemRoot\system32\drivers\fltmgr.sys
  0x010F6000 \SystemRoot\system32\drivers\fileinfo.sys
  0x0123B000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0110A000 \SystemRoot\System32\Drivers\msrpc.sys
  0x013DE000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01168000 \SystemRoot\System32\Drivers\cng.sys
  0x01200000 \SystemRoot\System32\drivers\pcw.sys
  0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x01434000 \SystemRoot\system32\drivers\ndis.sys
  0x01527000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01587000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x016C7000 \SystemRoot\System32\drivers\tcpip.sys
  0x018CB000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01915000 \SystemRoot\system32\drivers\volsnap.sys
  0x01961000 \SystemRoot\System32\Drivers\spldr.sys
  0x01969000 \SystemRoot\System32\drivers\rdyboost.sys
  0x019A3000 \SystemRoot\System32\Drivers\mup.sys
  0x019B5000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x019BE000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01600000 \SystemRoot\system32\drivers\disk.sys
  0x01616000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x01687000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x016B1000 \SystemRoot\System32\Drivers\Null.SYS
  0x016BA000 \SystemRoot\System32\Drivers\Beep.SYS
  0x015B2000 \SystemRoot\System32\drivers\vga.sys
  0x015C0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x015E5000 \SystemRoot\System32\drivers\watchdog.sys
  0x015F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x01400000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x01409000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x01412000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x0141D000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x011DA000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x0121B000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x03A41000 \SystemRoot\system32\drivers\afd.sys
  0x03ACA000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x03B0F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x03B18000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x03B3E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x03B54000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x03B63000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x03B7E000 \SystemRoot\system32\DRIVERS\tmtdi.sys
  0x03B9A000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x03BAE000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x03A00000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x03A0C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x03A17000 \SystemRoot\System32\drivers\discache.sys
  0x01000000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03A26000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x03A37000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
  0x00FD7000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x02CC7000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x04804000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x03E87000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x03F7B000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x03FC1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x03FE5000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x03E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x03E56000 \SystemRoot\system32\DRIVERS\usbfilter.sys
  0x03E64000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x05144000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x05162000 \SystemRoot\system32\DRIVERS\ETD.sys
  0x03E75000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x03FF0000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
  0x05186000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x03FF8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x02D18000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x04291000 \SystemRoot\system32\DRIVERS\athrx.sys
  0x044B8000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x044C5000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x044DA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x044E3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x044F3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x04509000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x0452D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x04539000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x04568000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x04583000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x045A4000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x045BE000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x04200000 \SystemRoot\system32\DRIVERS\ks.sys
  0x04243000 \SystemRoot\system32\DRIVERS\btath_bus.sys
  0x0424E000 \SystemRoot\system32\DRIVERS\amdiox64.sys
  0x04262000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x05195000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x04274000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x045C0000 \SystemRoot\system32\drivers\AtihdW76.sys
  0x02D84000 \SystemRoot\system32\drivers\portcls.sys
  0x02DC1000 \SystemRoot\system32\drivers\drmk.sys
  0x045E1000 \SystemRoot\system32\drivers\ksthunk.sys
  0x05EBC000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x00030000 \SystemRoot\System32\win32k.sys
  0x06180000 \SystemRoot\System32\drivers\Dxapi.sys
  0x0618C000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x0619A000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x061A4000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
  0x061BA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x061CD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x061EA000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x061EC000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0x05E00000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0x05E11000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x05E2C000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x05E3A000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x05E48000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x05E61000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x05E6A000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x05E98000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x02C00000 \SystemRoot\system32\DRIVERS\btfilter.sys
  0x045E7000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0x046FC000 \SystemRoot\System32\Drivers\bthport.sys
  0x00550000 \SystemRoot\System32\TSDDD.dll
  0x00790000 \SystemRoot\System32\cdd.dll
  0x04788000 \SystemRoot\system32\DRIVERS\rfcomm.sys
  0x047B4000 \SystemRoot\system32\DRIVERS\BthEnum.sys
  0x047C4000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0x04600000 \SystemRoot\system32\DRIVERS\btath_rcp.sys
  0x04625000 \SystemRoot\system32\drivers\btath_a2dp.sys
  0x0468C000 \SystemRoot\system32\DRIVERS\btath_hcrp.sys
  0x047E4000 \SystemRoot\system32\DRIVERS\btath_flt.sys
  0x05EA5000 \SystemRoot\system32\DRIVERS\btath_lwflt.sys
  0x02C48000 \SystemRoot\system32\drivers\luafv.sys
  0x047F3000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
  0x02C6B000 \SystemRoot\system32\drivers\WudfPf.sys
  0x02C8C000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x06C3A000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x06C8D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x06CA0000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x06CB8000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
  0x06CC0000 \SystemRoot\system32\drivers\HTTP.sys
  0x06D89000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x06DA7000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x06DBF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x07A87000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x07AD4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x07AF8000 \SystemRoot\system32\DRIVERS\tmcomm.sys
  0x07B1F000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys
  0x07B53000 \SystemRoot\system32\drivers\peauth.sys
  0x07A00000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x082C8000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
  0x0837F000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
  0x083CC000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x08200000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x08212000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x086E8000 \SystemRoot\System32\DRIVERS\srv.sys
  0x08780000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
  0x0878B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x087BC000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x087F2000 \??\C:\Windows\system32\drivers\mbam.sys
  0x08671000 \SystemRoot\system32\DRIVERS\tmactmon.sys
  0x77570000 \Windows\System32\ntdll.dll
  0x48420000 \Windows\System32\smss.exe
  0xFF890000 \Windows\System32\apisetschema.dll
  0xFF0F0000 \Windows\System32\autochk.exe
  0xFF7E0000 \Windows\System32\clbcatq.dll
  0xFF770000 \Windows\System32\gdi32.dll
  0x77410000 \Windows\System32\wininet.dll
  0xFF6D0000 \Windows\System32\comdlg32.dll
  0xFF670000 \Windows\System32\Wldap32.dll
  0xFF5A0000 \Windows\System32\usp10.dll
  0xFF4C0000 \Windows\System32\advapi32.dll
  0xFF390000 \Windows\System32\rpcrt4.dll
  0xFF280000 \Windows\System32\msctf.dll
  0x77740000 \Windows\System32\psapi.dll
  0x772C0000 \Windows\System32\urlmon.dll
  0xFF070000 \Windows\System32\ole32.dll
  0xFF050000 \Windows\System32\sechost.dll
  0xFEFD0000 \Windows\System32\shlwapi.dll
  0xFE240000 \Windows\System32\shell32.dll
  0xFE230000 \Windows\System32\lpk.dll
  0xFE1B0000 \Windows\System32\difxapi.dll
  0x771A0000 \Windows\System32\kernel32.dll
  0xFDFD0000 \Windows\System32\setupapi.dll
  0x770A0000 \Windows\System32\user32.dll
  0xFDFB0000 \Windows\System32\imagehlp.dll
  0xFDF10000 \Windows\System32\msvcrt.dll
  0xFDEE0000 \Windows\System32\imm32.dll
  0x77730000 \Windows\System32\normaliz.dll
  0xFDE90000 \Windows\System32\ws2_32.dll
  0xFDE80000 \Windows\System32\nsi.dll
  0xFDDA0000 \Windows\System32\oleaut32.dll
  0x76E90000 \Windows\System32\iertutil.dll
  0xFDD30000 \Windows\System32\KernelBase.dll
  0xFDC90000 \Windows\System32\comctl32.dll
  0xFDB20000 \Windows\System32\crypt32.dll
  0xFDB00000 \Windows\System32\devobj.dll
  0xFDAC0000 \Windows\System32\wintrust.dll
  0xFDA80000 \Windows\System32\cfgmgr32.dll
  0xFDA70000 \Windows\System32\msasn1.dll
  0x767B0000 \Windows\SysWOW64\normaliz.dll
Processes (total 87):
       0 System Idle Process
       4 System
     232 C:\Windows\System32\smss.exe
     356 csrss.exe
     448 C:\Windows\System32\wininit.exe
     464 csrss.exe
     504 C:\Windows\System32\services.exe
     520 C:\Windows\System32\lsass.exe
     528 C:\Windows\System32\lsm.exe
     560 C:\Windows\System32\winlogon.exe
     704 C:\Windows\System32\svchost.exe
     784 C:\Windows\System32\svchost.exe
     832 C:\Windows\System32\atiesrxx.exe
     916 C:\Windows\System32\svchost.exe
     960 C:\Windows\System32\svchost.exe
    1004 C:\Windows\System32\svchost.exe
     636 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\atieclxx.exe
    1136 C:\Windows\System32\svchost.exe
    1324 C:\Windows\System32\FBAgent.exe
    1348 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    1376 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    1484 C:\Windows\System32\spoolsv.exe
    1520 C:\Windows\System32\svchost.exe
    1728 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    1776 C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    1860 C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    1952 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    2100 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    2120 C:\Windows\System32\svchost.exe
    2152 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2352 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    2368 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2432 WmiPrvSE.exe
    2548 C:\Windows\System32\taskhost.exe
    2616 C:\Windows\System32\dwm.exe
    2640 C:\Windows\explorer.exe
    2892 C:\Windows\System32\taskeng.exe
    2972 C:\Program Files\P4G\BatteryLife.exe
    3016 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    3060 C:\Windows\System32\taskeng.exe
    1588 C:\Windows\AsScrPro.exe
    2512 C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    2884 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    2812 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    1300 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    3112 C:\Windows\SysWOW64\ACEngSvr.exe
    3168 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    3180 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3260 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    3268 C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    3276 C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    3288 C:\Program Files\Elantech\ETDCtrl.exe
    3312 C:\Program Files\Windows Sidebar\sidebar.exe
    3388 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    3496 C:\Windows\System32\svchost.exe
    3608 C:\Windows\System32\svchost.exe
    3660 WUDFHost.exe
    3848 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    3944 C:\Windows\System32\svchost.exe
    4044 C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    4068 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    4076 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    4088 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    2508 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    3056 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    3920 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    1208 C:\Windows\System32\SearchIndexer.exe
    4372 C:\Program Files\Elantech\ETDCtrlHelper.exe
    5048 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    5456 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    1364 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    5612 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    3972 C:\Windows\System32\audiodg.exe
     496 C:\Windows\System32\msiexec.exe
    4320 C:\Windows\System32\dllhost.exe
    5792 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    5888 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
    5108 C:\Windows\System32\conhost.exe
    4580 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    5912 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
    3832 C:\Windows\System32\conhost.exe
    5952 C:\Windows\System32\SearchProtocolHost.exe
    5724 C:\Windows\System32\SearchFilterHost.exe
    2452 C:\Users\Andreas Malleschitz\Desktop\MBRCheck.exe
    3400 C:\Windows\System32\conhost.exe
    5384 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000006`40100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`51e00000  (NTFS)
\\.\G: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000  (NTFS)
\\.\Q: -->  error 5
PhysicalDrive0 Model Number: WDCWD5000BPVT-80HXZT3, Rev: 01.01A01
PhysicalDrive2 Model Number: WDExt HDD 1021, Rev: 2002
      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    931 GB  \\.\PhysicalDrive2   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
         Im Ahang ist noch das Extra des OTL. Hoffentlich ist es erstmal ausreichend und Ihr könnte mir weiterhelfen   | 
| Themen zu Beim öffnen von firefox bginnt Musik im Hintergrund | 
| 64-bit, alternate, antivirus, bho, bingbar, build 7601, c:\windows\system32\rundll32.exe, chip.de, defender, error, explorer, externe festplatte, festplatte, firefox, focus, format, google, helper, home, installation, internet, musik, programm, realtek, registry, rundll, security, software, version=1.0, version=2.0, webcheck, windows, windows xp, winlogon.exe, wlan, zeon/pdf |