|
Windows 7 Explorer.exe startet nicht Hallo zusammen, wie der obige Titel schon sagt, seit heute morgen startet die explorer.exe nicht mehr. alle anderen Dienste scheinen zu laufen, den Firefox habe ich über den Taskmanager gestartet....auch das WLAN scheint zu gehen. ich weiss nur nicht, wie ich die "verschriebenen" ersten Schritte bzw. deren download ausführen soll, da ich keine Benutzerobefläche habe. unter "task ausführen" erscheint der explorer 1 Sekunde kurz und danach nie mehr wieder. Ich habe ein Asus Altec Notebook mit Win7 64bit. Da ich auf mein Noteboook arbeitstechnisch angewiesen bin, fänd ich es prima wenn man mir helfen könnte :) So, mehr weiss ich nicht zu sagen ausser Hiiiiilfeee :( edit MBAM: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4655 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 20.09.2010 11:01:00 mbam-log-2010-09-20 (11-01-00).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 140034 Laufzeit: 3 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
Hallo, z.Zt. kursieren Schädlinge, die die explorer.exe und winlogon.exe befallen. Hat Dein Virenscanner die explorer.exe gelöscht? |
also ich kann fast sehr sicher sagen, das er das nicht gemacht hat, zumindest gabs zwischen gestern abend und heute keinen avira-scan. was auch merkwürdig ist, eben konnte ich beobachten wie eine explorer.exe (jedoch nur mit 17,000k ca.) kurz in der prozessübersicht war. ich mach mich mal jetzt, so gut wies geht auf die suche, ob ich noch eine explorer.exe habe. Edit: So wies aussieht hab ich mindestens eine explorer.exe, welche 2803kb gross ist....eine unter c/windows und eine und wow64 |
CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code: netsvcs
|
OTL Log: [list]OTL logfile created on: 20.09.2010 12:12:35 - Run 2 OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\space\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free 10,00 Gb Paging File | 8,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): c:\pagefile.sys 5922 5922 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 71,21 Gb Free Space | 61,16% Space Free | Partition Type: NTFS Drive D: | 329,79 Gb Total Space | 317,00 Gb Free Space | 96,12% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ASUS Current User Name: space Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.09.20 11:05:17 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users/space\Downloads\OTL.exe PRC - [2010.08.14 15:33:24 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.07.29 22:23:45 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.02.28 02:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009.11.24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009.11.10 04:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.10.26 19:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2009.05.19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.12.04 16:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008.10.14 16:10:42 | 002,895,872 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\Extended\ADS9.0\Server\ADS.EXE PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Program Files (x86)\Common Files\Marmiko Shared\MZCCntrl.exe ========== Modules (SafeList) ========== MOD - [2010.09.20 11:05:17 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\paces\Downloads\OTL.exe MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.07.06 13:20:46 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.12.08 01:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.11.27 05:39:45 | 000,243,712 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.11.11 10:29:13 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.08.03 01:54:14 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2010.08.14 15:33:24 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.08.14 15:26:52 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.07.06 13:25:12 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.07.06 13:20:38 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2010.02.28 02:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009.11.10 04:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.07.16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2008.12.08 17:01:58 | 000,533,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2008.12.04 16:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008.10.14 16:10:42 | 002,895,872 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Extended\ADS9.0\Server\ADS.EXE -- (Advantage) SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Program Files (x86)\Common Files\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.03.02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.02.16 13:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009.12.02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2009.12.02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009.12.02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2009.12.02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009.11.27 05:39:45 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.11.13 11:47:35 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.11.11 11:02:11 | 006,104,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.10.15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009.10.05 03:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.30 03:34:31 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.12 05:38:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009.08.06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.01 06:46:57 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009.07.01 06:46:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.07.01 06:46:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.07.01 06:46:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009.05.09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2009.04.07 09:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2008.12.08 17:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007.07.16 23:29:33 | 000,023,064 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64fax.sys -- (HPFXFAX) DRV:64bit: - [2007.07.16 23:29:23 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK) DRV - [2010.08.14 14:48:32 | 000,060,112 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWow64\NULL -- (Null) DRV - [2010.02.24 14:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "stern.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.29 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.18 09:52:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.18 09:52:33 | 000,000,000 | ---D | M] [2010.08.13 15:55:10 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\mozilla\Extensions [2010.08.13 15:55:10 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\mozilla\Firefox\Profiles\8d6sxwmb.default\extensions [2010.09.20 00:30:19 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\mozilla\Firefox\Profiles\yzh58dx9.default\extensions [2010.08.14 18:02:16 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\space\AppData\Roaming\mozilla\Firefox\Profiles\yzh58dx9.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.08.14 17:11:51 | 000,000,000 | ---D | M] (Search Images With a Single Click) -- C:\Users\space\AppData\Roaming\mozilla\Firefox\Profiles\yzh58dx9.default\extensions\{c5abb539-a0ac-45d9-9535-dbf23a25966b} [2010.08.18 18:49:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\space\AppData\Roaming\mozilla\Firefox\Profiles\yzh58dx9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.07.06 22:27:17 | 000,002,352 | ---- | M] () -- C:\Users\space\AppData\Roaming\Mozilla\FireFox\Profiles\yzh58dx9.default\searchplugins\sternde-suche.xml [2010.09.20 00:30:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll [2010.09.09 16:23:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.09.09 16:23:46 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.09.09 16:23:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.09.09 16:23:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.09.09 16:23:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [zinit32] C:\Windows\Zinit32.exe (Agenda Informationssysteme GmbH) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files (x86)\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - HKCU..\Run: [UNO Office ServiceCenter] C:\Program Files (x86)\Heilmann Software\Uno\Tools\ServiceCenter.exe (Heilmann Software IT GmbH) O4 - Startup: C:\Users\space\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters[list] |
sry, list bei mir irgendwie nicht 2ter teil: SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point |
3ter teil: ========== Files/Folders - Created Within 90 Days ========== [2010.09.20 12:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2010.09.20 11:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2010.09.20 10:55:45 | 000,000,000 | ---D | C] -- C:\Users\space\Desktop\MFTools [2010.09.20 10:51:34 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\Malwarebytes [2010.09.20 10:51:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.09.20 10:51:26 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.09.20 10:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.09.20 10:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.20 10:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2010.09.19 18:05:25 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server [2010.09.19 18:04:03 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\WinRAR [2010.09.19 18:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2010.09.18 09:58:46 | 000,000,000 | ---D | C] -- C:\Users\space\Documents\Mount&Blade Warband Savegames [2010.09.18 09:56:59 | 000,000,000 | ---D | C] -- C:\Users\space\Documents\Mount&Blade Warband [2010.09.18 09:56:59 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\Mount&Blade Warband [2010.09.09 14:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2010.09.09 14:26:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2010.09.09 09:52:21 | 000,000,000 | ---D | C] -- C:\Users\space\Documents\My Widgets [2010.09.09 09:52:15 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\Yahoo [2010.09.09 09:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo! [2010.09.03 15:13:28 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\DivX [2010.09.03 15:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2010.09.03 15:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010.09.03 15:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2010.09.03 15:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2010.09.03 15:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.09.03 13:03:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2010.09.03 12:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2010.09.03 12:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client [2010.09.03 12:19:01 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\TP [2010.09.03 07:55:15 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\LolClient [2010.09.02 19:12:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2010.09.02 19:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\League of Legends [2010.09.02 15:46:38 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\PMB Files [2010.09.02 15:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2010.09.02 15:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2010.09.02 15:45:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.09.01 16:35:37 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\TeamViewer [2010.08.18 17:38:35 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\skypePM [2010.08.18 17:16:00 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\Skype [2010.08.15 09:06:49 | 000,000,000 | ---D | C] -- C:\Users\space\.assistant [2010.08.15 07:42:45 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\OpenOffice.org [2010.08.15 06:34:37 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\ElevatedDiagnostics [2010.08.15 06:23:43 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\Adobe [2010.08.14 18:59:50 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\Avira [2010.08.14 18:55:13 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\HP [2010.08.14 18:35:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\HP [2010.08.14 18:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2010.08.14 18:32:33 | 000,276,480 | ---- | C] (Hewlett Packard Corporation) -- C:\Windows\SysWow64\hpcc3093.DLL [2010.08.14 18:17:13 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\elsterformular [2010.08.14 17:47:10 | 000,000,000 | ---D | C] -- C:\Users\space\Documents\AGENDA [2010.08.14 17:20:53 | 006,666,752 | ---- | C] (Agenda Informationssysteme GmbH) -- C:\Windows\Zinit32.exe [2010.08.14 17:20:53 | 001,389,848 | ---- | C] (iAnywhere Solutions, Inc.) -- C:\Windows\ace32.dll [2010.08.14 17:20:53 | 000,206,104 | ---- | C] (iAnywhere Solutions, Inc.) -- C:\Windows\axcws32.dll [2010.08.14 17:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Agenda [2010.08.14 17:20:52 | 002,626,560 | ---- | C] (Agenda Informationssysteme GmbH) -- C:\Windows\NtLog.dll [2010.08.14 17:20:51 | 003,583,488 | ---- | C] (Agenda Informationssysteme GmbH) -- C:\Windows\Aguninst.exe [2010.08.14 17:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Extended [2010.08.14 17:19:16 | 002,187,264 | ---- | C] (IDEAL Software® GmbH, Neuss, Germany) -- C:\Windows\SysWow64\vpee3240.dll [2010.08.14 17:19:16 | 000,512,000 | ---- | C] (IDEAL Software® GmbH, Neuss, Germany) -- C:\Windows\SysWow64\vJavaScript3240.dll [2010.08.14 17:17:58 | 000,000,000 | R--D | C] -- C:\AGENDA [2010.08.14 16:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2010.08.14 16:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.08.14 16:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.08.14 16:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.08.14 16:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2010.08.14 16:15:36 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2010.08.14 16:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio [2010.08.14 16:14:27 | 000,031,256 | ---- | C] (Hewlett Packard) -- C:\Windows\SysNative\drivers\hpfx64gen.sys [2010.08.14 16:14:27 | 000,023,064 | ---- | C] (Hewlett Packard) -- C:\Windows\SysNative\drivers\hpfx64fax.sys [2010.08.14 16:14:27 | 000,020,504 | ---- | C] (Hewlett Packard) -- C:\Windows\SysNative\drivers\hpfx64bulk.sys [2010.08.14 16:14:26 | 000,234,496 | ---- | C] (Hewlett Packard) -- C:\Windows\SysNative\hppdew11_x64.dll [2010.08.14 16:14:26 | 000,234,496 | ---- | C] (Hewlett Packard) -- C:\Windows\SysNative\hppafx11_x64.dll [2010.08.14 16:13:30 | 000,000,000 | ---D | C] -- C:\CM1312_Full_Solution_Win7_5_1_AM-EMEA1 [2010.08.14 15:45:18 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\Diagnostics [2010.08.14 15:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2010.08.14 15:31:58 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\T-DSL SpeedManager [2010.08.14 15:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\T-DSL SpeedManager [2010.08.14 15:31:16 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2010.08.14 15:28:48 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\Macromedia [2010.08.14 15:28:48 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\Adobe [2010.08.14 15:27:00 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2010.08.14 15:26:58 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2010.08.14 15:26:58 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2010.08.14 15:26:58 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2010.08.14 15:26:58 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2010.08.14 15:26:47 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\TuneUp Software [2010.08.14 15:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2010 [2010.08.14 15:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2010.08.14 15:26:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.08.14 15:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kyodai [2010.08.14 15:12:13 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\Microsoft Games [2010.08.14 15:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\aladin [2010.08.14 15:09:44 | 000,828,752 | ---- | C] (Netviewer AG) -- C:\Users\space\Desktop\NV_o2o_Teilnehmer_DE.exe [2010.08.14 15:09:44 | 000,779,920 | ---- | C] (Symantec Corporation) -- C:\Users\space\Desktop\SymNRT.exe [2010.08.14 15:09:43 | 000,828,752 | ---- | C] (Netviewer AG) -- C:\Users\space\Desktop\NV_o2o_Teilnehmer_DE(2).exe [2010.08.14 15:09:22 | 000,000,000 | ---D | C] -- C:\Users\space\Desktop\Krempel [2010.08.14 15:07:26 | 000,000,000 | ---D | C] -- C:\Users\space\Desktop\Fotos [2010.08.14 15:07:26 | 000,000,000 | ---D | C] -- C:\Users\space\Desktop\Audit [2010.08.14 15:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2010.08.14 15:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular [2010.08.14 14:52:55 | 000,000,000 | ---D | C] -- C:\Users\space\Documents\TempUNO [2010.08.14 14:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Borland [2010.08.14 14:50:42 | 000,446,464 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\HHActivex.dll [2010.08.14 14:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heilmann Software [2010.08.14 14:48:46 | 000,000,000 | ---D | C] -- C:\PROFI [2010.08.14 14:48:40 | 000,000,000 | ---D | C] -- C:\Kyodai [2010.08.14 14:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deutsche Telekom [2010.08.14 14:47:56 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\T-Online [2010.08.14 14:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\T-Online [2010.08.14 14:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Marmiko Shared [2010.08.14 14:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\T-Online [2010.08.14 14:29:28 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\GHISLER [2010.08.14 04:19:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010.08.13 17:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2010.08.13 17:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2010.08.13 17:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010.08.13 17:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010.08.13 17:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2010.08.13 17:10:33 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\Microsoft Help [2010.08.13 17:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010.08.13 17:10:06 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010.08.13 16:05:35 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\ACD Systems [2010.08.13 16:05:35 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\ACD Systems [2010.08.13 16:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems [2010.08.13 16:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ACD Systems [2010.08.13 16:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ACD Systems [2010.08.13 16:00:35 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\Downloaded Installations [2010.08.13 15:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2010.08.13 15:58:36 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\NetSpeedMonitor [2010.08.13 15:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor [2010.08.13 15:57:50 | 000,000,000 | ---D | C] -- C:\Programme [2010.08.13 15:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2010.08.13 15:56:07 | 000,000,000 | ---D | C] -- C:\totalcmd [2010.08.13 15:55:06 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\Mozilla [2010.08.13 15:55:06 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\Mozilla [2010.08.13 15:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.08.13 15:52:41 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010.08.13 15:52:41 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.08.13 15:52:41 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010.08.13 15:52:41 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010.08.13 15:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.08.13 15:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.08.13 13:45:32 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\Google [2010.08.13 13:40:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\log [2010.08.13 13:40:39 | 000,000,000 | ---D | C] -- C:\Users\space\Documents\ASUS WebStorage [2010.08.13 13:40:39 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\Asus WebStorage [2010.08.13 13:40:37 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\ATI [2010.08.13 13:40:37 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\ATI [2010.08.13 13:40:35 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\Broadcom [2010.08.13 13:40:35 | 000,000,000 | ---D | C] -- C:\Users\space\Documents\Bluetooth Exchange Folder [2010.08.13 13:40:03 | 000,000,000 | R--D | C] -- C:\Users\space\Searches [2010.08.13 13:39:56 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\Identities [2010.08.13 13:39:49 | 000,000,000 | R--D | C] -- C:\Users\space\Contacts [2010.08.13 13:39:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\eBay [2010.08.13 13:37:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2010.08.13 13:36:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010.08.13 13:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2010.08.13 13:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework [2010.08.13 13:35:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2010.08.13 13:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2010.08.13 13:34:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.08.13 13:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive [2010.08.13 13:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2010.08.13 13:33:34 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.08.13 13:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2010.08.13 13:32:19 | 000,000,000 | -H-D | C] -- C:\ASUS.DAT [2010.08.13 13:32:07 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\Power2Go [2010.08.13 13:32:05 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\VirtualStore [2010.08.13 13:31:56 | 000,000,000 | --SD | C] -- C:\Users\space\AppData\Roaming\Microsoft [2010.08.13 13:31:56 | 000,000,000 | R--D | C] -- C:\Users\space\Videos [2010.08.13 13:31:56 | 000,000,000 | R--D | C] -- C:\Users\space\Saved Games [2010.08.13 13:31:56 | 000,000,000 | R--D | C] -- C:\Users\space\Pictures [2010.08.13 13:31:56 | 000,000,000 | R--D | C] -- C:\Users\space\Music [2010.08.13 13:31:56 | 000,000,000 | R--D | C] -- C:\Users\space\Links [2010.08.13 13:31:56 | 000,000,000 | R--D | C] -- C:\Users\space\Favorites [2010.08.13 13:31:56 | 000,000,000 | R--D | C] -- C:\Users\space\Downloads [2010.08.13 13:31:56 | 000,000,000 | R--D | C] -- C:\Users\space\Documents [2010.08.13 13:31:56 | 000,000,000 | R--D | C] -- C:\Users\space\Desktop [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\Vorlagen [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\AppData\Local\Verlauf [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\AppData\Local\Temporary Internet Files [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\Startmenü [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\SendTo [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\Recent [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\Netzwerkumgebung [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\Lokale Einstellungen [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\Documents\Eigene Videos [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\Documents\Eigene Musik [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\Eigene Dateien [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\Documents\Eigene Bilder [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\Druckumgebung [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\Cookies [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\AppData\Local\Anwendungsdaten [2010.08.13 13:31:56 | 000,000,000 | -HSD | C] -- C:\Users\space\Anwendungsdaten [2010.08.13 13:31:56 | 000,000,000 | -H-D | C] -- C:\Users\space\AppData [2010.08.13 13:31:56 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\Temp [2010.08.13 13:31:56 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Local\Microsoft [2010.08.13 13:31:56 | 000,000,000 | ---D | C] -- C:\Users\space\AppData\Roaming\Media Center Programs [2010.07.29 22:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\P4G [2010.07.29 22:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G [2010.07.29 22:24:32 | 000,183,296 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\ACEngSvr.exe [2010.07.29 22:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010.07.29 22:24:11 | 000,000,000 | ---D | C] -- C:\eSupport [2010.07.29 22:24:02 | 000,379,520 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\FBAgent.exe [2010.07.29 22:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS [2010.07.29 22:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ControlDeck [2010.07.29 22:23:49 | 000,520,192 | ---- | C] (ScreenTime Media) -- C:\Windows\SysWow64\K_Series_ScreenSaver_EN.scr [2010.07.29 22:23:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\K_Series_ScreenSaver_EN dir [2010.07.29 22:23:45 | 003,054,136 | ---- | C] (ASUS) -- C:\Windows\AsScrPro.exe [2010.07.29 22:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor [2010.07.29 22:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmIcoSingLun [2010.07.29 22:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM [2010.07.29 22:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2010.07.29 22:18:12 | 012,532,736 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl [2010.07.29 22:18:12 | 003,309,568 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll [2010.07.29 22:18:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs [2010.07.29 22:17:47 | 001,435,136 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll [2010.07.29 22:17:47 | 000,616,448 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll [2010.07.29 22:17:47 | 000,505,344 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys [2010.07.29 22:17:47 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll [2010.07.29 22:17:47 | 000,209,920 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll [2010.07.29 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\IDT [2010.07.29 22:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.07.29 22:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2010.07.29 22:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2010.07.29 22:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2010.07.29 22:08:13 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2010.07.29 22:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2010.07.29 22:08:04 | 000,000,000 | ---D | C] -- C:\Intel [2010.07.29 22:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2010.07.29 22:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2010.07.29 22:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\syncables [2010.07.29 22:01:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010.07.29 22:01:23 | 001,542,656 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys [2010.07.29 22:01:14 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010.07.29 22:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.07.29 22:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.07.29 22:01:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ASUSAccess [2010.07.29 22:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\OberonGameConsole [2010.07.29 21:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media [2010.07.29 21:59:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2010.07.29 21:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\GoBoingo [2010.07.29 21:59:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Boingo [2010.07.29 21:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner [2010.07.29 21:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2010.07.29 21:58:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2010.07.29 21:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.07.29 21:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010.07.29 21:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010.07.29 21:55:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2010.07.29 21:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2010.07.29 21:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2010.07.29 21:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2010.07.29 21:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2010.07.29 21:47:14 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010.07.29 21:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech [2010.07.29 21:41:06 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution |
========== Files - Modified Within 90 Days ========== [2010.09.20 12:11:31 | 001,835,008 | -HS- | M] () -- C:\Users\space\NTUSER.DAT [2010.09.20 11:36:20 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.20 11:36:20 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.20 11:27:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.20 11:27:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.20 11:27:30 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys [2010.09.20 10:51:30 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.20 00:43:24 | 002,355,798 | -H-- | M] () -- C:\Users\space\AppData\Local\IconCache.db [2010.09.19 09:39:45 | 000,000,274 | ---- | M] () -- C:\Windows\Aroey95.ini [2010.09.18 23:57:05 | 000,106,223 | ---- | M] () -- C:\Users\space\Desktop\Belgica.jpg [2010.09.09 16:09:01 | 000,001,274 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2010.09.09 16:08:53 | 000,002,144 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2010.09.09 14:22:24 | 000,000,092 | ---- | M] () -- C:\Windows\Kyor.ini [2010.09.09 09:52:21 | 000,001,099 | ---- | M] () -- C:\Users\space\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk [2010.09.03 14:57:00 | 000,128,936 | ---- | M] () -- C:\Users\space\AppData\Local\GDIPFONTCACHEV1.DAT [2010.09.03 14:56:10 | 000,503,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.09.03 13:01:58 | 151,343,200 | ---- | M] () -- C:\Users\space\Desktop\OOo_3.2.1_Win_x86_install_de.exe [2010.09.03 12:19:27 | 007,122,826 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.03 12:19:27 | 000,644,310 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.09.03 12:19:27 | 000,607,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.09.03 12:19:27 | 000,126,580 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.09.03 12:19:27 | 000,103,754 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.09.02 19:12:34 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends.lnk [2010.09.01 16:33:28 | 007,024,528 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.09.01 07:38:43 | 000,000,572 | ---- | M] () -- C:\Windows\win.ini [2010.09.01 07:35:25 | 000,000,014 | ---- | M] () -- C:\Windows\hpmssnpjt.ini [2010.08.26 08:28:57 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini [2010.08.18 17:38:35 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.08.16 18:01:39 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\BENUTZER (2).lnk [2010.08.16 09:03:10 | 000,002,307 | ---- | M] () -- C:\Users\Public\Desktop\T-Online 6.0.lnk [2010.08.15 17:11:59 | 000,000,057 | ---- | M] () -- C:\Windows\ADS.ini [2010.08.15 17:11:58 | 000,002,656 | ---- | M] () -- C:\Windows\Aguninst.inf [2010.08.15 17:11:58 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\SYSTEMCHECK.lnk [2010.08.15 17:11:58 | 000,000,844 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cockpit.lnk [2010.08.15 17:11:58 | 000,000,843 | ---- | M] () -- C:\Users\Public\Desktop\ZAHLUNG.lnk [2010.08.15 17:11:58 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\AGENDA-TOOLS.lnk [2010.08.15 17:11:58 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\UPDATE.lnk [2010.08.15 17:11:58 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\FERNWARTUNG.lnk [2010.08.15 17:11:58 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\BENUTZER.lnk [2010.08.15 17:11:58 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\COCKPIT.lnk [2010.08.15 17:11:58 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\DELFIN.lnk [2010.08.15 17:11:58 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\ZMIV.lnk [2010.08.15 17:11:58 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\FIBU.lnk [2010.08.15 17:11:58 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\DASI.lnk [2010.08.14 18:38:47 | 000,199,151 | ---- | M] () -- C:\Windows\hppins11.dat [2010.08.14 18:35:39 | 000,002,101 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010.08.14 18:35:20 | 000,000,608 | -HS- | M] () -- C:\Windows\SysNative\winzvprt5.sys [2010.08.14 18:35:20 | 000,000,234 | ---- | M] () -- C:\Windows\SysNative\hppfaxprinter5.ini [2010.08.14 17:20:52 | 000,000,000 | ---- | M] () -- C:\Windows\tm.ini [2010.08.14 15:34:50 | 000,001,384 | ---- | M] () -- C:\Users\space\Desktop\Aladin.lnk [2010.08.14 15:16:57 | 000,001,015 | ---- | M] () -- C:\Users\space\Desktop\Kyodai 16.2D (DirectX 3.0).lnk [2010.08.14 15:04:31 | 000,001,050 | ---- | M] () -- C:\Users\space\Desktop\ElsterFormular.lnk [2010.08.14 15:04:31 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2010.08.14 14:51:18 | 000,001,135 | ---- | M] () -- C:\Users\space\Desktop\UNO.lnk [2010.08.14 14:48:32 | 000,060,112 | ---- | M] () -- C:\Windows\SysWow64\NULL [2010.08.14 04:29:53 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010.08.14 04:29:53 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010.08.13 16:01:47 | 000,000,252 | ---- | M] () -- C:\Windows\system.ini [2010.08.13 15:59:45 | 000,001,726 | ---- | M] () -- C:\Users\space\Desktop\Defraggler.lnk [2010.08.13 15:56:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf [2010.08.13 15:54:48 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.08.13 13:58:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_K72Jr.alu [2010.08.13 13:47:41 | 000,524,288 | -HS- | M] () -- C:\Users\space\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.08.13 13:47:41 | 000,524,288 | -HS- | M] () -- C:\Users\space\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.08.13 13:47:41 | 000,065,536 | -HS- | M] () -- C:\Users\space\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.08.13 13:46:39 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin [2010.08.13 13:46:36 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin [2010.08.13 13:35:01 | 000,000,020 | ---- | M] () -- C:\Windows\`ú’ [2010.08.13 13:31:56 | 000,000,020 | -HS- | M] () -- C:\Users\space\ntuser.ini [2010.08.13 13:31:26 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini [2010.07.29 22:28:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\1043_ASUSTEK_K72JR_V20_WIN7.MRK [2010.07.29 22:24:32 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk [2010.07.29 22:24:28 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\SmartLogon Manager.lnk [2010.07.29 22:24:10 | 000,002,595 | ---- | M] () -- C:\Users\Public\Desktop\AI Recovery Burner.lnk [2010.07.29 22:24:00 | 000,002,617 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010.07.29 22:23:49 | 000,520,192 | ---- | M] (ScreenTime Media) -- C:\Windows\SysWow64\K_Series_ScreenSaver_EN.scr [2010.07.29 22:23:45 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe [2010.07.29 22:20:38 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010.07.29 22:13:39 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2010.07.29 22:01:46 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\syncables desktop SE.lnk [2010.07.29 22:01:04 | 000,000,033 | ---- | M] () -- C:\Windows\0 [2010.07.29 21:59:16 | 000,000,128 | ---- | M] () -- C:\Users\Public\Desktop\ASUS AP Bank.url [2010.07.23 11:28:29 | 002,626,560 | ---- | M] (Agenda Informationssysteme GmbH) -- C:\Windows\NtLog.dll [2010.07.23 11:27:32 | 003,583,488 | ---- | M] (Agenda Informationssysteme GmbH) -- C:\Windows\Aguninst.exe [2010.07.12 11:10:58 | 006,666,752 | ---- | M] (Agenda Informationssysteme GmbH) -- C:\Windows\Zinit32.exe [2010.07.07 07:55:10 | 000,000,545 | ---- | M] () -- C:\Windows\UC.PIF [2010.07.07 07:55:10 | 000,000,545 | ---- | M] () -- C:\Windows\RAR.PIF [2010.07.07 07:55:10 | 000,000,545 | ---- | M] () -- C:\Windows\PKZIP.PIF [2010.07.07 07:55:10 | 000,000,545 | ---- | M] () -- C:\Windows\PKUNZIP.PIF [2010.07.07 07:55:10 | 000,000,545 | ---- | M] () -- C:\Windows\NOCLOSE.PIF [2010.07.07 07:55:10 | 000,000,545 | ---- | M] () -- C:\Windows\LHA.PIF [2010.07.07 07:55:10 | 000,000,545 | ---- | M] () -- C:\Windows\ARJ.PIF [2010.07.06 13:25:54 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2010.07.06 13:20:54 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2010.07.06 13:20:50 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2010.07.06 13:20:46 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2010.07.06 13:20:38 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll ========== Files Created - No Company Name ========== [2010.09.20 10:51:30 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.18 23:57:03 | 000,106,223 | ---- | C] () -- C:\Users\space\Desktop\Belgica.jpg [2010.09.09 09:52:21 | 000,001,099 | ---- | C] () -- C:\Users\space\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk [2010.09.03 12:58:27 | 151,343,200 | ---- | C] () -- C:\Users\space\Desktop\OOo_3.2.1_Win_x86_install_de.exe [2010.09.03 12:19:27 | 007,122,826 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.02 19:12:34 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends.lnk [2010.08.24 16:08:39 | 000,000,014 | ---- | C] () -- C:\Windows\hpmssnpjt.ini [2010.08.18 17:38:35 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.08.16 18:01:39 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\BENUTZER (2).lnk [2010.08.15 17:12:01 | 000,000,057 | ---- | C] () -- C:\Windows\ADS.ini [2010.08.15 07:45:40 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2010.08.14 19:38:50 | 000,000,092 | ---- | C] () -- C:\Windows\Kyor.ini [2010.08.14 18:35:39 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010.08.14 18:35:20 | 000,000,234 | ---- | C] () -- C:\Windows\SysNative\hppfaxprinter5.ini [2010.08.14 18:31:14 | 000,199,151 | ---- | C] () -- C:\Windows\hppins11.dat [2010.08.14 18:31:14 | 000,005,707 | ---- | C] () -- C:\Windows\hppmdl11.dat [2010.08.14 18:19:18 | 000,000,028 | ---- | C] () -- C:\Windows\stdwin.swa [2010.08.14 17:20:53 | 000,244,984 | ---- | C] () -- C:\Windows\TUTIL32.DLL [2010.08.14 17:20:52 | 000,000,000 | ---- | C] () -- C:\Windows\tm.ini [2010.08.14 17:20:50 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\SYSTEMCHECK.lnk [2010.08.14 17:20:50 | 000,000,843 | ---- | C] () -- C:\Users\Public\Desktop\ZAHLUNG.lnk [2010.08.14 17:20:50 | 000,000,835 | ---- | C] () -- C:\Users\Public\Desktop\AGENDA-TOOLS.lnk [2010.08.14 17:20:50 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\UPDATE.lnk [2010.08.14 17:20:50 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\FERNWARTUNG.lnk [2010.08.14 17:20:50 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\BENUTZER.lnk [2010.08.14 17:20:50 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\DELFIN.lnk [2010.08.14 17:20:50 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\ZMIV.lnk [2010.08.14 17:20:50 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\FIBU.lnk [2010.08.14 17:20:50 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\DASI.lnk [2010.08.14 17:20:49 | 000,000,844 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cockpit.lnk [2010.08.14 17:20:49 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\COCKPIT.lnk [2010.08.14 17:18:43 | 000,000,274 | ---- | C] () -- C:\Windows\Aroey95.ini [2010.08.14 17:18:10 | 000,002,656 | ---- | C] () -- C:\Windows\Aguninst.inf [2010.08.14 16:22:52 | 000,000,608 | -HS- | C] () -- C:\Windows\SysNative\winzvprt5.sys [2010.08.14 16:14:09 | 000,003,212 | ---- | C] () -- C:\Windows\SysNative\hppls1312.spf [2010.08.14 16:14:09 | 000,000,665 | ---- | C] () -- C:\Windows\SysNative\hppapr11.dat [2010.08.14 15:38:00 | 000,001,840 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.08.14 15:34:05 | 000,001,384 | ---- | C] () -- C:\Users\space\Desktop\Aladin.lnk [2010.08.14 15:19:48 | 000,000,356 | ---- | C] () -- C:\Users\space\Desktop\Hearts.lnk [2010.08.14 15:19:30 | 000,000,368 | ---- | C] () -- C:\Users\space\Desktop\Solitaire.lnk [2010.08.14 15:17:50 | 000,001,015 | ---- | C] () -- C:\Users\space\Desktop\Kyodai 16.2D (DirectX 3.0).lnk [2010.08.14 15:09:44 | 000,084,480 | ---- | C] () -- C:\Users\space\Desktop\steuersparen.xls [2010.08.14 15:09:44 | 000,000,472 | ---- | C] () -- C:\Users\space\Desktop\Profi cash.lnk [2010.08.14 15:09:43 | 000,001,050 | ---- | C] () -- C:\Users\space\Desktop\ElsterFormular.lnk [2010.08.14 15:09:43 | 000,000,364 | ---- | C] () -- C:\Users\space\Desktop\Freecell.lnk [2010.08.14 15:04:31 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2010.08.14 14:51:24 | 000,162,304 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE [2010.08.14 14:51:24 | 000,006,855 | ---- | C] () -- C:\Program Files (x86)\UNWISE.INI [2010.08.14 14:51:24 | 000,004,195 | ---- | C] () -- C:\Program Files (x86)\INSTALL.LOG [2010.08.14 14:51:22 | 000,184,832 | ---- | C] () -- C:\Windows\SysWow64\BDEADMIN.CPL [2010.08.14 14:51:18 | 000,001,135 | ---- | C] () -- C:\Users\space\Desktop\UNO.lnk [2010.08.14 14:50:42 | 000,244,984 | ---- | C] () -- C:\Windows\SysWow64\Tutil32.dll [2010.08.14 14:48:31 | 000,060,112 | ---- | C] () -- C:\Windows\SysWow64\NULL [2010.08.14 14:47:34 | 000,002,307 | ---- | C] () -- C:\Users\Public\Desktop\T-Online 6.0.lnk [2010.08.14 04:19:26 | 3105,259,520 | -HS- | C] () -- C:\hiberfil.sys [2010.08.13 15:59:45 | 000,001,726 | ---- | C] () -- C:\Users\space\Desktop\Defraggler.lnk [2010.08.13 15:56:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf [2010.08.13 15:56:08 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF [2010.08.13 15:56:08 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF [2010.08.13 15:56:08 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF [2010.08.13 15:56:08 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF [2010.08.13 15:56:08 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF [2010.08.13 15:56:08 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF [2010.08.13 15:56:08 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF [2010.08.13 15:54:48 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.08.13 13:58:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_K72Jr.alu [2010.08.13 13:35:01 | 000,000,020 | ---- | C] () -- C:\Windows\`ú’ [2010.08.13 13:31:56 | 000,524,288 | -HS- | C] () -- C:\Users\space\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.08.13 13:31:56 | 000,524,288 | -HS- | C] () -- C:\Users\space\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.08.13 13:31:56 | 000,262,144 | -HS- | C] () -- C:\Users\space\ntuser.dat.LOG1 [2010.08.13 13:31:56 | 000,065,536 | -HS- | C] () -- C:\Users\space\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.08.13 13:31:56 | 000,000,020 | -HS- | C] () -- C:\Users\space\ntuser.ini [2010.08.13 13:31:56 | 000,000,000 | -HS- | C] () -- C:\Users\space\ntuser.dat.LOG2 [2010.08.13 13:31:55 | 001,835,008 | -HS- | C] () -- C:\Users\space\NTUSER.DAT [2010.07.29 22:28:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\1043_ASUSTEK_K72JR_V20_WIN7.MRK [2010.07.29 22:24:32 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk [2010.07.29 22:24:28 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\SmartLogon Manager.lnk [2010.07.29 22:24:10 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2010.07.29 22:24:10 | 000,003,116 | ---- | C] () -- C:\Windows\SysNative\wimfltr.inf [2010.07.29 22:24:10 | 000,002,595 | ---- | C] () -- C:\Users\Public\Desktop\AI Recovery Burner.lnk [2010.07.29 22:24:02 | 000,002,144 | ---- | C] () -- C:\Windows\SysNative\AutoRunFilter.ini [2010.07.29 22:24:02 | 000,001,274 | ---- | C] () -- C:\Windows\SysNative\ServiceFilter.ini [2010.07.29 22:24:02 | 000,000,105 | ---- | C] () -- C:\Windows\SysNative\FastBoot.ini [2010.07.29 22:24:02 | 000,000,080 | ---- | C] () -- C:\Windows\SysNative\Defrag.ini [2010.07.29 22:24:02 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\RemoveFont.ini [2010.07.29 22:24:02 | 000,000,015 | ---- | C] () -- C:\Windows\SysNative\BootTime.ini [2010.07.29 22:24:00 | 000,002,617 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010.07.29 22:20:03 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010.07.29 22:13:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.07.29 22:01:46 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\syncables desktop SE.lnk [2010.07.29 22:01:07 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\ASUS ACCESS.lnk [2010.07.29 22:01:04 | 000,000,033 | ---- | C] () -- C:\Windows\0 [2010.07.29 21:59:39 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.07.29 21:59:16 | 000,000,128 | ---- | C] () -- C:\Users\Public\Desktop\ASUS AP Bank.url [2010.07.29 21:55:38 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2010.07.29 21:55:16 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2010.02.09 09:07:38 | 000,000,269 | ---- | C] () -- C:\Windows\OOBEPlayer.ini [2009.07.29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.05.19 05:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini ========== LOP Check ========== [2010.08.13 16:05:35 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\ACD Systems [2010.08.13 15:51:36 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\Asus WebStorage [2010.08.14 18:17:20 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\elsterformular [2010.09.03 07:55:15 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\LolClient [2010.09.18 09:57:42 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\Mount&Blade Warband [2010.08.13 15:58:39 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\NetSpeedMonitor [2010.08.15 07:42:45 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\OpenOffice.org [2010.08.14 15:31:58 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\T-DSL SpeedManager [2010.08.14 14:47:56 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\T-Online [2010.09.01 16:35:37 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\TeamViewer [2010.09.03 12:19:57 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\TP [2010.08.14 15:26:47 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\TuneUp Software [2009.07.14 07:08:49 | 000,030,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.08.13 16:05:35 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\ACD Systems [2010.09.02 19:12:49 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\Adobe [2010.08.13 15:51:36 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\Asus WebStorage [2010.08.13 13:40:37 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\ATI [2010.08.14 18:59:50 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\Avira [2010.09.03 15:13:28 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\DivX [2010.08.14 18:17:20 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\elsterformular [2010.08.13 13:45:32 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\Google [2010.08.13 13:39:56 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\Identities [2010.09.03 07:55:15 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\LolClient [2010.08.14 15:28:48 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\Macromedia [2010.09.20 10:51:34 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\Malwarebytes [2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\Media Center Programs [2010.09.02 19:15:17 | 000,000,000 | --SD | M] -- C:\Users\space\AppData\Roaming\Microsoft [2010.09.18 09:57:42 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\Mount&Blade Warband [2010.08.14 17:11:53 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\Mozilla [2010.08.13 15:58:39 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\NetSpeedMonitor [2010.08.15 07:42:45 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\OpenOffice.org [2010.09.20 00:40:35 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\Skype [2010.09.20 00:06:04 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\skypePM [2010.08.14 15:31:58 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\T-DSL SpeedManager [2010.08.14 14:47:56 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\T-Online [2010.09.01 16:35:37 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\TeamViewer [2010.09.03 12:19:57 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\TP [2010.08.14 15:26:47 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\TuneUp Software [2010.09.19 18:04:03 | 000,000,000 | ---D | M] -- C:\Users\space\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.09.18 09:52:48 | 000,188,152 | ---- | M] () -- C:\Users\space\AppData\Roaming\Mozilla\Firefox\Profiles\yzh58dx9.default\FlashGot.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2010.07.29 22:22:28 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2010.07.29 22:22:28 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2010.07.29 22:22:28 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2010.07.29 22:22:28 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=48BC1031376F43A05C2801EDA6BD9629 -- C:\Windows\explorer.exe [2010.07.29 22:08:47 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2010.07.29 22:22:28 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.07.29 22:08:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.07.29 22:22:28 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.07.29 22:08:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010.07.29 22:22:28 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2010.07.29 22:08:47 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2009.08.06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys < MD5 for: IASTORV.SYS > [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=5071C9ED17E74FF7456646B60410B556 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=5071C9ED17E74FF7456646B60410B556 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.07.29 22:22:28 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.07.29 22:22:28 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.07.29 22:22:28 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [2010.07.29 22:22:28 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F < End of report > |
explorer.exe ist bei Dir da. Kannst Du mal testweise AntiVir deaktivieren, geht das? Und wenn Du manuell die explorer.exe startest über den Taskmanager? |
wenn ich die explorer.exe über den taskmanager starte, ist sie nach systemneustart für ca. 1 sekunde lang da, verschwindet dann aber sofort wieder. danach wird im prozessbereich nichts mehr angezeigt wenn ich sie erneut ausführen will. ich weiss nicht so recht wie ich avguard über den taskmanager dekativieren soll. edit: ich hab versucht die avguard prozesse über den tskmngr zu beenden, jedoch kam dann "zugriff verweigert" |
Dann versuch eine Deinstallation von AntiVir. Im Taskmanager ausführen: appwiz.cpl |
ok ist deinstalliert und starte nun neu |
also die explorer.exe ist noch immer weg, avira auch. ich muss noch dazu sagen, das die f8-repair-funktion keine fehler fand, und ein wiederherstellungspunkt nicht vorhanden ist. windows meint, das es total in ordnung läuft :) edit: im moment läuft eine explorer.exe auf einmal mit ca. 14mb speicherbedarf....jedoch hat sich die oberfläche nicht verändert...kein hintergrund, kein desktop, keine taskleiste, etc. edit2: die explorer exe ist wieder verschwunden |
Also ohne dass irgendwelche Änderungen am System stattfanden finde ich dieses Verhalten äußerst rätselhaft! :confused: Du hast in der Vergangenheit nicht zufällig irgendwelche Meldungen über Viren bekommen? Wurden Updates eingespielt? Evtl. hat Dein Rechner eins nicht vertragen. |
wie gesagt...ich hab den pc gestern abend ausgeschaltet und heute angeschaltet....pop-up meldungen sind mir keine aufgefallen...das einzige was glaube ich war, kann sein das sich bei java was upgedatet hat, wiel das icon einmal kurz erschien....ansonsten nichts... kann ich das problem evtl. beheben wenn ich von meinem Desktop-PC, welcher einwandfrei läuft, die explorer exe brenne und sie mit der auf dem notebook ersetze? sind beide WIn7 Home premium 64bit. |
Probier es aus. Die explorer.exe von dem anderen 64-Bit-System solltest Du verwenden können. |
Aaaalso...ich hab rein vorsichtshalber mal den eset-online-scan während meiner 3h autofahrt drüberlaufen lassen und der hat 3 trojaner gefunden, wo runter einer wininit.exe(ich glaubs war ne exe) hiess....nach dem neustart hat auch allerdings da entfernen der 3 files nix gebracht....nu muss ich mal veruschen den explorer zu kopieren!. |
Oje, hier wirds sehr schwierig. Nun ist auch ne andere Systemdatei manipuliert. Mach es kurz und schmerzlos => format c und Neuinstallation von Windows ODER weiter rumdoktorn? ;) Wenn ja, probier ein sfc /scannow => Windows 7 und Vista reparieren, defekte Dateien wiederherstellen mit “sfc scannow” | Tipps, Tricks & Kniffe |
Naja..das doktorn is im moment recht wichtig, wiel da ein buchhaltungsprogramm drauf ist, was sich nich spieglen lässt und ohne datensicherung is das richtig...mies ^^ |
Dann probier Dein Glück mit sfc /scannow Wenn das auch so nicht wirklich hilft, müssten wir mal einige Systemdateien vom einen System ins andere Kopieren über eine Live-CD wie Knoppix oder Parted Magic, denn im laufenden Windowsbetrieb kann man Systemdateien so nicht ersetzen (man würde sich den Ast absägen auf dem man sitzt, grob/bildlich ausgedrückt ) |
mkay...morgen früh gibts dazu gleich n frisches update..und danke für deinen geopferten tag für mich... :) |
jipieh sfc /scannow hats gefixt...also zumindest hab ich jetzt nen desktop wieder. Soll ich noch weitere schritte durchgehn oder ab jetzt einfach nur glücklich sein? :) |
Poste bitte ein neues OTL.txt |
das standard-otl-log oder das spezifische welches du mir gepostet hattest? |
OTL Logfile: Code: OTL logfile created on: 21.09.2010 12:06:30 - Run 3 |
ah..ging doch |
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code: :OTLDas Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. |
All processes killed ========== OTL ========== C:\Users\Public\Documents\Server folder moved successfully. ADS C:\ProgramData\Temp:4CF61E54 deleted successfully. ADS C:\ProgramData\Temp:A724744F deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Tucholski ->Temp folder emptied: 4663980 bytes ->Temporary Internet Files folder emptied: 5750769 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 41471323 bytes ->Flash cache emptied: 675 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 51352 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 50,00 mb OTL by OldTimer - Version 3.2.14.0 log created on 09212010_142556 Files\Folders moved on Reboot... C:\Users\Tucholski\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! |
Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4655 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 21.09.2010 16:22:28 mbam-log-2010-09-21 (16-22-28).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 140527 Laufzeit: 2 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
der sas hatte 15 tracking cookies gefunden die nun auch weg sind. |
Mach bitte einen Vollscan mit Malwarebytes! |
ist in arbeit.... :) |
selbes ergebnis wie beim quickscan...hat nichts mehr gefunden :) |
Vorher aktualisiert? Was ist mit SASW? |
jup hab ich gemacht.....hab alles aktualiesieren lassen vor dem lauf |
Dann wären wir durch wenn sonst nichts mehr seitens von Dir offen ist! :abklatsch: Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es. |
Okay....also dann erst mal n riesen Danke an dich das du dich meiner angenommen hast und ich soll dir noch nen lieben Gruss von meinem neuen Notebook ausrichten :D |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 09:03 Uhr. |
Copyright ©2000-2024, Trojaner-Board