Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.Zbot auf frisch neu aufgesetztem Rechner?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.11.2012, 01:53   #1
apollo1790
 
Trojan.Zbot auf frisch neu aufgesetztem Rechner? - Standard

Trojan.Zbot auf frisch neu aufgesetztem Rechner?



Guten Abend

Ich habe kürzlich auf meinem Rechner Windows 7 Professional 64 Bit Neu installiert. Ich hatte noch nicht einmal alle Treiber wieder drauf, als ich auf eine Seite geriet,
die mich etwas misstrauisch werden liess, da sie mich ständig redirectete. Ich habe daraufhin Malwarebytes heruntergeladen und upgedatet.
Nach einem vollständigen Scan kam die Meldung, dass 2 Dateien mit einem Rootkit infiziert seien. Grossartig..

Nach einigem Überlegen, dachte ich mir, dass das beste wohl einfach eine erneute Neuaufsetzung sei.. Gedacht, getan.

Ich habe vor der Neuinstallation alle Laufwerke/Partitionen formatiert und danach Windows 7 zum zweiten Mal neu installiert.
Nachdem dies abgeschlossen war wollte ich das Updatepack von Windows installieren, erhielt aber die Fehlermeldung, dass dieses für meine OS-Version nicht zu gebrauchen sei, also erfolgte eine manuelle Updatesession bis Windows Update meldete, dass der Computer auf dem neusten Stand sei.

Ich hatte die mbam.exe auf meinem Stick gespeichert, also installierte ich vom Stick aus und klickte dann auf Update. Es folgte ein erneuter Vollscan (Welcher merkwürdigerweise viel schneller beendet wurtde als der erste..) und siehe da: erneut kam die Meldung, dass 2 Dateien infiziert sind, diesmal aber mit dem Trojan.Zbot

Ich verstehe nicht, wie das passieren kann, da ich nach der zweiten Neuinstallation nicht surfte und trotzdem bereits wieder den Käfer hatte..

Ich wäre froh, wenn sich dies jemand anschauen und mir allenfalls einen Ratschlag erteilen könnte.

Hier die Malwarebytes log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org
 
Datenbank Version: v2012.11.01.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sal :: SAL-PC [Administrator]
 
Schutz: Aktiviert
 
02.11.2012 00:32:32
mbam-log-2012-11-02 (00-32-32).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 319812
Laufzeit: 23 Minute(n), 59 Sekunde(n)
 
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien: 2
C:\Windows\System32\InstallShield\_isdel.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e\_isdel.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 
(Ende)
         
defogger_disable:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:25 on 02/11/2012 (Sal)
 
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
 
Checking for services/drivers...
 
 
-=E.O.F=-
         

OTL:

Code:
ATTFilter
OTL logfile created on: 02.11.2012 01:27:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sal\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
5.91 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 65.24% Memory free
11.82 Gb Paging File | 9.70 Gb Available in Paging File | 82.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 243.21 Gb Total Space | 213.33 Gb Free Space | 87.72% Space Free | Partition Type: NTFS
Drive E: | 15.12 Gb Total Space | 13.88 Gb Free Space | 91.85% Space Free | Partition Type: NTFS
Drive F: | 465.73 Gb Total Space | 309.41 Gb Free Space | 66.44% Space Free | Partition Type: NTFS
 
Computer Name: SAL-PC | User Name: Sal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.02 01:19:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sal\Desktop\OTL.exe
PRC - [2012.11.01 22:44:57 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2012.10.25 20:02:18 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011.04.07 21:26:24 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
PRC - [2011.03.25 17:55:16 | 000,091,464 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe
PRC - [2010.11.23 18:31:56 | 000,965,728 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2010.11.15 10:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010.10.14 14:38:34 | 000,653,952 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2010.10.07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.10.07 09:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.09.23 16:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.08.17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.07.09 22:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
PRC - [2010.05.24 15:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe
PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010.02.03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2010.01.21 07:22:04 | 000,909,824 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\Windows\vsnp2uvc.exe
PRC - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.04.07 21:26:24 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
MOD - [2010.09.23 16:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.03.03 16:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.25 20:02:18 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011.03.25 17:55:16 | 000,091,464 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
SRV - [2010.11.25 20:29:54 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.05.24 15:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010.04.16 16:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.25 20:02:40 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.10.10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.04.08 15:46:08 | 000,177,152 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2011.04.08 15:46:08 | 000,056,320 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2010.11.25 20:30:12 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.11.25 20:30:12 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.11.25 20:30:12 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.11.25 20:30:12 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.11.25 20:30:12 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.11.25 20:30:12 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.11.25 20:30:10 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.14 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.09.08 12:39:32 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.09.07 10:19:38 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.08.24 10:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.04.16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.07.21 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.07.26 13:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.02 00:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.02 00:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sal\AppData\Roaming\mozilla\Extensions
[2012.11.02 00:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.24 18:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.24 18:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 18:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4509FF29-3174-4FC4-9E76-43E4DB8B21A2}: DhcpNameServer = 10.0.1.1
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1d81e681-2467-11e2-98f9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1d81e681-2467-11e2-98f9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\InstAll.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.02 01:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.02 01:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.11.02 01:19:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sal\Desktop\OTL.exe
[2012.11.02 00:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.11.02 00:04:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.11.02 00:04:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.11.02 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\Mozilla
[2012.11.02 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\Mozilla
[2012.11.02 00:02:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.01 23:11:21 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\Malwarebytes
[2012.11.01 23:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.01 23:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.01 23:11:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.01 23:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.01 23:04:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.11.01 22:52:31 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\Cyberlink
[2012.11.01 22:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
[2012.11.01 22:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2012.11.01 22:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.11.01 22:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.11.01 22:50:43 | 000,000,000 | -H-D | C] -- C:\ASUS.DAT
[2012.11.01 22:50:37 | 000,379,520 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\FBAgent.exe
[2012.11.01 22:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2012.11.01 22:48:26 | 000,000,000 | -H-D | C] -- C:\ExpressGate
[2012.11.01 22:48:09 | 000,000,000 | -H-D | C] -- C:\ExpressGateUtil
[2012.11.01 22:45:08 | 000,080,512 | ---- | C] (ASUS) -- C:\Windows\ASUS_N3_Series Uninstaller.exe
[2012.11.01 22:44:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.11.01 22:44:56 | 003,058,304 | ---- | C] (ASUS) -- C:\Windows\AsScrPro.exe
[2012.11.01 22:43:11 | 000,000,000 | ---D | C] -- C:\eSupport
[2012.11.01 22:41:24 | 000,183,296 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\ACEngSvr.exe
[2012.11.01 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
[2012.11.01 22:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G
[2012.11.01 22:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\P4G
[2012.11.01 22:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.11.01 22:37:41 | 001,800,832 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\snp2uvc.sys
[2012.11.01 22:37:41 | 000,909,824 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\vsnp2uvc.exe
[2012.11.01 22:37:41 | 000,376,832 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\vsnp2uvc.dll
[2012.11.01 22:37:41 | 000,307,712 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysWow64\vsnp2uvc.dll
[2012.11.01 22:37:41 | 000,238,592 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\csnp2uvc.dll
[2012.11.01 22:37:41 | 000,035,328 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\sncduvc.sys
[2012.11.01 22:37:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Atheros
[2012.11.01 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\BMExplorer
[2012.11.01 22:35:35 | 002,228,736 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2012.11.01 22:34:22 | 000,000,000 | ---D | C] -- C:\Users\Sal\Documents\Bluetooth Folder
[2012.11.01 22:34:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
[2012.11.01 22:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros
[2012.11.01 22:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2012.11.01 22:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012.11.01 22:33:22 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\InstallShield
[2012.11.01 22:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2012.11.01 22:33:13 | 004,678,024 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\ETDUI.cpl
[2012.11.01 22:33:13 | 000,129,024 | ---- | C] (ELAN Microelectronic Corp.) -- C:\Windows\SysNative\drivers\ETD.sys
[2012.11.01 22:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Fresco Logic Inc
[2012.11.01 22:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor
[2012.11.01 22:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmIcoSingLun
[2012.11.01 22:31:05 | 000,076,912 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2012.11.01 22:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virage Logic, Corp
[2012.11.01 22:30:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012.11.01 22:30:42 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\Downloaded Installations
[2012.11.01 22:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
[2012.11.01 22:30:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.11.01 22:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.11.01 22:30:22 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.11.01 22:30:22 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.11.01 22:30:22 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.11.01 22:30:22 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.11.01 22:30:22 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.11.01 22:30:21 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2012.11.01 22:30:21 | 000,180,048 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFProc64.dll
[2012.11.01 22:30:21 | 000,086,352 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFComm64.dll
[2012.11.01 22:30:21 | 000,083,792 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFSAPO64.dll
[2012.11.01 22:30:21 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFHAPO64.dll
[2012.11.01 22:30:21 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFDAPO64.dll
[2012.11.01 22:30:21 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2012.11.01 22:30:21 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2012.11.01 22:30:21 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.11.01 22:30:18 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.11.01 22:30:18 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.11.01 22:30:18 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.11.01 22:30:18 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.11.01 22:30:18 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.11.01 22:30:18 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.11.01 22:30:14 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.11.01 22:30:14 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.11.01 22:30:11 | 000,474,336 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.11.01 22:30:11 | 000,338,336 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.11.01 22:30:10 | 001,325,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.11.01 22:30:10 | 001,178,336 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.11.01 22:30:10 | 001,110,240 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.11.01 22:30:10 | 000,503,520 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.11.01 22:30:10 | 000,315,616 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.11.01 22:30:10 | 000,268,512 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.11.01 22:30:10 | 000,265,440 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.11.01 22:30:10 | 000,124,640 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.11.01 22:30:10 | 000,124,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.11.01 22:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.11.01 22:30:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.11.01 22:30:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.11.01 22:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.11.01 22:29:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2012.11.01 22:29:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2012.11.01 22:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.11.01 22:26:26 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.11.01 22:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.11.01 22:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.11.01 22:23:08 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.11.01 22:23:08 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.11.01 22:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.11.01 22:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012.11.01 22:21:05 | 000,000,000 | ---D | C] -- C:\NvidiaLogs
[2012.11.01 22:19:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012.11.01 22:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012.11.01 22:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012.11.01 22:13:14 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.11.01 22:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.11.01 22:12:15 | 000,000,000 | ---D | C] -- C:\Intel
[2012.11.01 22:08:18 | 000,000,000 | R--D | C] -- C:\Users\Sal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.11.01 22:08:18 | 000,000,000 | R--D | C] -- C:\Users\Sal\Searches
[2012.11.01 22:08:18 | 000,000,000 | R--D | C] -- C:\Users\Sal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.11.01 22:08:09 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\Identities
[2012.11.01 22:08:07 | 000,000,000 | R--D | C] -- C:\Users\Sal\Contacts
[2012.11.01 22:08:06 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\VirtualStore
[2012.11.01 22:07:52 | 000,000,000 | --SD | C] -- C:\Users\Sal\AppData\Roaming\Microsoft
[2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Videos
[2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Saved Games
[2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Pictures
[2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Music
[2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Links
[2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Favorites
[2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Downloads
[2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Documents
[2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Desktop
[2012.11.01 22:07:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Vorlagen
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\AppData\Local\Verlauf
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\AppData\Local\Temporary Internet Files
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Startmenü
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\SendTo
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Recent
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Netzwerkumgebung
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Lokale Einstellungen
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Documents\Eigene Videos
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Documents\Eigene Musik
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Eigene Dateien
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Documents\Eigene Bilder
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Druckumgebung
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Cookies
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\AppData\Local\Anwendungsdaten
[2012.11.01 22:07:52 | 000,000,000 | -HSD | C] -- C:\Users\Sal\Anwendungsdaten
[2012.11.01 22:07:52 | 000,000,000 | -H-D | C] -- C:\Users\Sal\AppData
[2012.11.01 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\Temp
[2012.11.01 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\Microsoft
[2012.11.01 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\Media Center Programs
[2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.11.01 22:07:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.11.01 22:03:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.11.01 22:00:56 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.11.01 22:00:14 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.11.01 21:59:42 | 000,000,000 | ---D | C] -- C:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.02 01:25:28 | 000,000,000 | ---- | M] () -- C:\Users\Sal\defogger_reenable
[2012.11.02 01:19:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sal\Desktop\OTL.exe
[2012.11.02 01:19:19 | 000,050,477 | ---- | M] () -- C:\Users\Sal\Desktop\Defogger.exe
[2012.11.02 00:27:14 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.02 00:27:14 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.02 00:27:14 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.02 00:27:14 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.02 00:27:14 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.02 00:19:15 | 000,020,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.02 00:19:15 | 000,020,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.02 00:17:49 | 000,001,216 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.11.02 00:17:26 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.11.02 00:16:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.02 00:16:31 | 466,653,183 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.01 23:59:09 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.11.01 23:57:48 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini
[2012.11.01 23:57:40 | 000,276,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.01 23:28:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.11.01 23:28:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.11.01 23:13:17 | 000,001,674 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.11.01 23:00:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_N73SV.alu
[2012.11.01 22:50:43 | 000,002,617 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
[2012.11.01 22:45:09 | 000,080,512 | ---- | M] (ASUS) -- C:\Windows\ASUS_N3_Series Uninstaller.exe
[2012.11.01 22:44:57 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
[2012.11.01 22:35:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2012.11.01 22:34:24 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBt.bin
[2012.11.01 22:31:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_FLxHCIc_01009.Wdf
[2012.11.01 22:21:08 | 000,018,670 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2012.11.01 22:09:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.11.01 22:03:42 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.11.01 22:03:42 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.10.25 20:02:18 | 000,014,148 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.10.16 22:34:57 | 003,544,134 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.10.10 02:22:42 | 000,147,759 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012.10.10 02:22:42 | 000,136,873 | ---- | M] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012.10.10 02:22:42 | 000,080,384 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll
[2012.10.10 02:22:38 | 000,158,727 | ---- | M] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012.10.10 02:22:38 | 000,147,101 | ---- | M] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012.10.10 02:22:38 | 000,141,739 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012.10.10 02:22:36 | 000,163,120 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012.10.10 02:22:36 | 000,059,230 | ---- | M] () -- C:\Windows\SysNative\iglhxc64.vp
[2012.10.10 02:22:34 | 000,143,976 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012.10.10 02:22:34 | 000,143,657 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012.10.10 02:22:34 | 000,064,512 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 02:22:34 | 000,058,109 | ---- | M] () -- C:\Windows\SysNative\iglhxo64_dev.vp
[2012.10.10 02:22:32 | 000,144,378 | ---- | M] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012.10.10 02:22:30 | 000,143,730 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012.10.10 02:22:28 | 000,272,928 | ---- | M] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.10 02:22:28 | 000,272,928 | ---- | M] () -- C:\Windows\SysNative\igvpkrng600.bin
[2012.10.10 02:22:28 | 000,145,211 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012.10.10 02:22:28 | 000,142,617 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012.10.10 02:22:28 | 000,141,574 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012.10.10 02:22:28 | 000,137,621 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012.10.10 02:22:28 | 000,137,534 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012.10.10 02:22:28 | 000,059,398 | ---- | M] () -- C:\Windows\SysNative\iglhxg64.vp
[2012.10.10 02:22:26 | 001,981,696 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012.10.10 02:22:26 | 000,193,862 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012.10.10 02:22:26 | 000,142,008 | ---- | M] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012.10.10 02:22:26 | 000,058,796 | ---- | M] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2012.10.10 02:22:24 | 000,209,727 | ---- | M] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012.10.10 02:22:24 | 000,149,390 | ---- | M] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012.10.10 02:22:24 | 000,124,403 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012.10.10 02:22:22 | 000,223,233 | ---- | M] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012.10.10 02:22:22 | 000,145,715 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012.10.10 02:22:22 | 000,142,990 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012.10.10 02:22:22 | 000,142,423 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012.10.10 02:22:22 | 000,132,360 | ---- | M] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012.10.10 02:22:22 | 000,059,425 | ---- | M] () -- C:\Windows\SysNative\iglhxo64.vp
[2012.10.10 02:22:22 | 000,059,104 | ---- | M] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2012.10.10 02:22:22 | 000,000,259 | ---- | M] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012.10.10 02:22:20 | 000,963,452 | ---- | M] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.10.10 02:22:20 | 000,963,452 | ---- | M] () -- C:\Windows\SysNative\igcodeckrng600.bin
[2012.10.10 02:22:18 | 000,147,010 | ---- | M] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012.10.10 02:22:18 | 000,126,035 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012.10.10 02:22:18 | 000,001,074 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.vp
[2012.10.10 02:22:16 | 000,165,865 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012.10.10 02:22:16 | 000,140,779 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012.10.10 02:22:16 | 000,017,058 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2012.10.10 02:22:16 | 000,009,728 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
 
========== Files Created - No Company Name ==========
 
[2012.11.02 01:25:28 | 000,000,000 | ---- | C] () -- C:\Users\Sal\defogger_reenable
[2012.11.02 01:19:18 | 000,050,477 | ---- | C] () -- C:\Users\Sal\Desktop\Defogger.exe
[2012.11.01 23:28:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.11.01 23:28:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.11.01 23:00:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_N73SV.alu
[2012.11.01 22:50:43 | 000,002,617 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
[2012.11.01 22:50:37 | 000,001,674 | ---- | C] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.11.01 22:50:37 | 000,001,216 | ---- | C] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.11.01 22:50:37 | 000,000,105 | ---- | C] () -- C:\Windows\SysNative\FastBoot.ini
[2012.11.01 22:50:37 | 000,000,080 | ---- | C] () -- C:\Windows\SysNative\Defrag.ini
[2012.11.01 22:50:37 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\RemoveFont.ini
[2012.11.01 22:50:37 | 000,000,015 | ---- | C] () -- C:\Windows\SysNative\BootTime.ini
[2012.11.01 22:50:04 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\acovcnt.exe
[2012.11.01 22:43:08 | 000,003,116 | ---- | C] () -- C:\Windows\SysNative\wimfltr.inf
[2012.11.01 22:37:50 | 000,015,416 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\kbfiltr.sys
[2012.11.01 22:37:41 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012.11.01 22:37:41 | 000,013,021 | ---- | C] () -- C:\Windows\snp2uvc.src
[2012.11.01 22:37:20 | 000,000,035 | ---- | C] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.11.01 22:35:36 | 000,355,542 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2012.11.01 22:35:35 | 000,056,092 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2012.11.01 22:35:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2012.11.01 22:33:44 | 000,246,804 | ---- | C] () -- C:\Windows\SysNative\AtherosBT.bin
[2012.11.01 22:31:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_FLxHCIc_01009.Wdf
[2012.11.01 22:30:28 | 000,000,520 | R--- | C] () -- C:\Windows\SysNative\drivers\SamSfPa.dat
[2012.11.01 22:25:31 | 000,014,148 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.11.01 22:21:08 | 000,018,670 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2012.11.01 22:19:24 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.11.01 22:19:24 | 000,960,940 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2012.11.01 22:19:24 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.11.01 22:19:24 | 000,213,332 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2012.11.01 22:19:24 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.11.01 22:19:24 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin
[2012.11.01 22:19:24 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2012.11.01 22:09:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.11.01 22:08:23 | 000,001,405 | ---- | C] () -- C:\Users\Sal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.11.01 22:08:20 | 000,001,439 | ---- | C] () -- C:\Users\Sal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.11.01 22:03:36 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.11.01 22:03:25 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.11.01 22:00:14 | 466,653,183 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.10 02:22:42 | 000,147,759 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012.10.10 02:22:42 | 000,136,873 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012.10.10 02:22:42 | 000,080,384 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2012.10.10 02:22:38 | 000,158,727 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012.10.10 02:22:38 | 000,147,101 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012.10.10 02:22:38 | 000,141,739 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012.10.10 02:22:36 | 000,163,120 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012.10.10 02:22:36 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2012.10.10 02:22:34 | 000,143,976 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012.10.10 02:22:34 | 000,143,657 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 02:22:34 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp
[2012.10.10 02:22:32 | 000,144,378 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012.10.10 02:22:30 | 000,143,730 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysNative\igvpkrng600.bin
[2012.10.10 02:22:28 | 000,145,211 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012.10.10 02:22:28 | 000,142,617 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012.10.10 02:22:28 | 000,141,574 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012.10.10 02:22:28 | 000,137,621 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012.10.10 02:22:28 | 000,137,534 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012.10.10 02:22:28 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2012.10.10 02:22:26 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012.10.10 02:22:26 | 000,193,862 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012.10.10 02:22:26 | 000,142,008 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012.10.10 02:22:26 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2012.10.10 02:22:24 | 000,209,727 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012.10.10 02:22:24 | 000,149,390 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012.10.10 02:22:24 | 000,124,403 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012.10.10 02:22:22 | 000,223,233 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012.10.10 02:22:22 | 000,145,715 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012.10.10 02:22:22 | 000,142,990 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012.10.10 02:22:22 | 000,142,423 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012.10.10 02:22:22 | 000,132,360 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012.10.10 02:22:22 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2012.10.10 02:22:22 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2012.10.10 02:22:22 | 000,000,259 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysNative\igcodeckrng600.bin
[2012.10.10 02:22:18 | 000,147,010 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012.10.10 02:22:18 | 000,126,035 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012.10.10 02:22:18 | 000,001,074 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2012.10.10 02:22:16 | 000,165,865 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012.10.10 02:22:16 | 000,140,779 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012.10.10 02:22:16 | 000,017,058 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012.10.10 02:22:16 | 000,009,728 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
< End of report >
         
Vielen Dank schonmal im Voraus,

apollo

ÜBRIGENS.. Ich werde den Rechner sowieso nocheinmal neu aufsetzen.
Frage mich nur, welche Schritte zur Infektion geführt haben, um zu wissen ab wann der Rechner "sicher" unterwegs ist.

Reicht es aus, wenn der Rechner nur eine Internetverbindung herstellt?
Ich habe lediglich Windows und Malwarebyte upgedatet, keinen Browser geöffnet. Woher komt in einem solchen Fall der Virus?

NACHTRAG: Habe etwas gegoogelt und die Meldung hat sich als false pisotive herausgestellt.. Malwarebytes upgedated, erneut gescannt: keine infizierten files

Alt 08.11.2012, 21:01   #2
M-K-D-B
/// TB-Ausbilder
 
Trojan.Zbot auf frisch neu aufgesetztem Rechner? - Standard

Trojan.Zbot auf frisch neu aufgesetztem Rechner?



Servus,



wie du bereits selbst festgestellt hast, handelt es sich bei den beiden Funden von MBAM um einen Fehlalarm, also kein Grund zur Sorge.



Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________


Antwort

Themen zu Trojan.Zbot auf frisch neu aufgesetztem Rechner?
administrator, asus, autorun, computer, error, explorer, fehlermeldung, firefox, focus, hotkey, infiziert, log, logfile, neu, neuaufsetzung, nvidia, nvidia update, nvpciflt.sys, programme, realtek, registry, rootkit, scan, software, stick, windows, windows xp, wlan, wscript.exe



Ähnliche Themen: Trojan.Zbot auf frisch neu aufgesetztem Rechner?


  1. Windows 8.1 frisch installiert und dennoch Malware auf dem Rechner
    Log-Analyse und Auswertung - 09.04.2015 (11)
  2. Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.-
    Plagegeister aller Art und deren Bekämpfung - 12.04.2014 (23)
  3. Avast Warnungen trotz neu aufgesetztem Windows 7
    Log-Analyse und Auswertung - 24.03.2014 (17)
  4. Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (23)
  5. Trojan Agent, Trojan Zbot und pup.blabbers
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (10)
  6. Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)
    Log-Analyse und Auswertung - 03.04.2013 (20)
  7. Trojan.Agent.IET / IPH.Trojan.Zbot.Rke / 100er Tan Abfrage OnlineBanking Deutsche Bank
    Log-Analyse und Auswertung - 27.03.2013 (10)
  8. PWS:Win32/Zbot malware : Trojan.Phex.TGen (File) und Trojan.Agent.IET (Registry Value und File)
    Log-Analyse und Auswertung - 16.01.2013 (15)
  9. zBot auf dem Rechner... was tun
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (18)
  10. Hilfe! Trojan.Small; Trojan.Sirefef; Rootkit.0Access; Trojan.Atraps.Gen2 auf meinem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (11)
  11. PUP.OfferBundler.ST; Trojan.FakeTwain; Trojan.Zbot.Gen
    Log-Analyse und Auswertung - 22.05.2012 (5)
  12. Rechner infiziert mit Win32Spy.Zbot Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.01.2012 (19)
  13. Viren auf neu aufgesetztem System?
    Log-Analyse und Auswertung - 12.07.2011 (15)
  14. Spyware.Zbot/Trojan Downloader/Trojan.Hiloti Viren Problem!
    Plagegeister aller Art und deren Bekämpfung - 04.10.2010 (3)
  15. Probleme trotz beseitigung von trojan.Zbot und Trojan.Downloader, OTL Logfile, MalwareByte Logfile!
    Plagegeister aller Art und deren Bekämpfung - 28.07.2010 (10)
  16. Trojan.Zbot/Hiloti auf dem rechner
    Plagegeister aller Art und deren Bekämpfung - 04.07.2010 (8)
  17. "Trojan-Spy.Win32.Zbot.ikh" hat Rechner lahm gelegt! Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 23.07.2009 (1)

Zum Thema Trojan.Zbot auf frisch neu aufgesetztem Rechner? - Guten Abend Ich habe kürzlich auf meinem Rechner Windows 7 Professional 64 Bit Neu installiert. Ich hatte noch nicht einmal alle Treiber wieder drauf, als ich auf eine Seite geriet, - Trojan.Zbot auf frisch neu aufgesetztem Rechner?...
Archiv
Du betrachtest: Trojan.Zbot auf frisch neu aufgesetztem Rechner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.