Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner in kernel32.dll?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.09.2011, 18:02   #1
PCFREAK86
 
Trojaner in kernel32.dll? - Standard

Trojaner in kernel32.dll?



Hallo,

offenbar hab ich mir irgendwo einen Virus eingefangen, denn als heute der Komplett Scan lief, fand er 3 Mal den selber Virus, einmal in dem Pfad:
C:\Windows\SysWOW64\kernel32.dll|>[Emul] (Dies zeigt er zweimal an)
und dann noch im Pfad C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll|>[Emul]
In beiden Dateien findet er die Win32:Cycbot-KI[Trj]
Was könnte das sein, wenn ich die Dateien bei Virustotal hochlade findet er nichts, aber avast auf meinem Pc findet immer wieder etwas, auch wenn ich es entfernen lasse, woran könnte das liegen? Malwarebytes findet auch nichts.

mfg,
Manuel

Alt 23.09.2011, 20:50   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner in kernel32.dll? - Standard

Trojaner in kernel32.dll?



Ist das ein anderer Rechner als dieser => http://www.trojaner-board.de/102778-...-rundll32.html
__________________

__________________

Alt 23.09.2011, 20:59   #3
PCFREAK86
 
Trojaner in kernel32.dll? - Standard

Trojaner in kernel32.dll?



Der gleiche, aber seit längerem neu aufgesetzt, da ich nach dem Virus Kelihos, alle Daten gesichert hab und neu aufgesetzt habe, um ein "sauberes" Image zu erstellen, auch wenn das andere auch eins war, naja, aber irgendwie kann ich mir das auch nicht erklären, da ich immer mit Sandbox Ie browse und Dateien die kleiner als 20mb in der Sandbox runterlade und dann bei Virustotal hochlade, wenn sie dann sauber ist lade ich sie mir auch richtig, Kontakt mit verseuchten usb sticks hatte ich auch nicht, vielleicht ist es ja wieder nur ein Fehlalarm?

mfg,
Manuel
__________________

Alt 23.09.2011, 21:06   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner in kernel32.dll? - Standard

Trojaner in kernel32.dll?



Wurde Malwarebytes und ESET schon ausgeführt?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.09.2011, 21:11   #5
PCFREAK86
 
Trojaner in kernel32.dll? - Standard

Trojaner in kernel32.dll?



Malwarebytes ja: kein fund eset mach ich gerade.

mfg,
Manuel


Alt 23.09.2011, 22:55   #6
PCFREAK86
 
Trojaner in kernel32.dll? - Standard

Trojaner in kernel32.dll?



eset hat nichts gefunden bis auf Cheat Engine nichts gefunden, könnte das auch damit zusammenhängen, aber die hab ich schon länger und dort hat er noch nie etwas zu meckern gehabt. Hier die genaue Definition:
D:\Programs\Cheat Engine 6\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
D:\Programs\Cheat Engine 6\dbk32.sys probably a variant of Win32/HackTool.CheatEngine.AA application

mfg,
Manuel

Alt 24.09.2011, 10:54   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner in kernel32.dll? - Standard

Trojaner in kernel32.dll?



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.09.2011, 15:26   #8
PCFREAK86
 
Trojaner in kernel32.dll? - Standard

Trojaner in kernel32.dll?



Ok hier der Inahlt aus der Otl.txt:
Code:
ATTFilter
OTL logfile created on: 24.09.2011 16:16:20 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = D:\Daten\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,48 Gb Available Physical Memory | 81,08% Memory free
8,39 Gb Paging File | 6,68 Gb Available in Paging File | 79,68% Paging File free
Paging file location(s): c:\pagefile.sys 400 1024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 95,71 Gb Free Space | 80,27% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 180,98 Gb Free Space | 77,71% Space Free | Partition Type: NTFS
 
Computer Name: µL§X-PC | User Name: µ@l§X | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.24 16:13:49 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\Daten\Desktop\OTL.exe
PRC - [2011.09.15 18:06:08 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) -- D:\Programs\PSI\psia.exe
PRC - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- D:\Programs\PSI\sua.exe
PRC - [2011.04.19 08:44:40 | 000,291,896 | ---- | M] (Secunia) -- D:\Programs\PSI\psi_tray.exe
PRC - [2010.01.22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.07.28 17:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011.06.17 15:30:54 | 000,094,480 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.09.23 22:02:53 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.09.15 18:06:08 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- D:\Programs\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- D:\Programs\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.09.06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.09.06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.09.06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.09.06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.09.06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.09.06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.08.15 14:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.02.16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.01.11 13:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.10.07 12:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.07 12:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.09.30 03:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2011.06.24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011.06.17 15:30:50 | 000,154,752 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD D1 62 FA 50 63 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Programs\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = D:\Programs\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\µ@l§X\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B245AC3E-881E-43F3-983E-8ADABC0EA728}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.24 16:13:46 | 000,582,656 | ---- | C] (OldTimer Tools) -- D:\Daten\Desktop\OTL.exe
[2011.09.23 22:21:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.09.21 18:46:09 | 000,000,000 | ---D | C] -- D:\Daten\Dokumente\gothic3
[2011.09.20 21:18:57 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\Foxit Software
[2011.09.20 20:41:11 | 000,000,000 | ---D | C] -- D:\Daten\Dokumente\Gothic3ForsakenGods
[2011.09.20 20:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2011.09.19 15:08:47 | 000,000,000 | ---D | C] -- D:\Daten\Dokumente\My Cheat Tables
[2011.09.19 14:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
[2011.09.19 14:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoIt3
[2011.09.19 14:38:28 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\SoundSpectrum
[2011.09.19 14:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoundSpectrum
[2011.09.18 11:14:25 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\IrfanView
[2011.09.18 11:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2011.09.18 10:39:00 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\gtk-2.0
[2011.09.18 00:06:00 | 000,000,000 | ---D | C] -- D:\Daten\Dokumente\gegl-0.0
[2011.09.18 00:06:00 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\.gimp-2.6
[2011.09.17 23:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011.09.17 23:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2011.09.17 15:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.09.17 15:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011.09.17 13:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.09.17 13:58:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.09.17 13:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.09.17 13:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.09.17 13:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011.09.17 13:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011.09.17 13:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011.09.17 13:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011.09.17 13:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011.09.15 18:39:17 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Regnum Online
[2011.09.15 18:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Regnum Online
[2011.09.15 18:06:05 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Local\PunkBuster
[2011.09.15 17:59:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011.09.14 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Local\VMware
[2011.09.14 18:03:11 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\VMware
[2011.09.14 18:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2011.09.13 22:11:49 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\atitray
[2011.09.13 22:10:30 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATI Tray Tools
[2011.09.13 17:04:40 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\riotsGamesLogs
[2011.09.13 16:42:52 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\LolClient
[2011.09.12 21:29:09 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.09.12 21:28:44 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Local\Microsoft Games
[2011.09.12 20:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011.09.12 20:08:18 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011.09.11 21:21:42 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\FileZilla
[2011.09.11 21:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011.09.11 19:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2011.09.11 19:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2011.09.11 19:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2011.09.11 19:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LuxRender
[2011.09.11 13:29:46 | 000,000,000 | ---D | C] -- D:\Daten\Dokumente\Programme
[2011.09.11 13:28:26 | 000,000,000 | ---D | C] -- D:\Daten\Dokumente\Informatik
[2011.09.11 13:28:26 | 000,000,000 | ---D | C] -- D:\Daten\Dokumente\Deutsch
[2011.09.10 23:25:17 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\.minecraft
[2011.09.10 23:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.09.10 23:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.09.10 23:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.09.06 18:03:41 | 000,000,000 | ---D | C] -- D:\Daten\Dokumente\Games for Windows - LIVE Demos
[2011.09.06 17:43:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2011.09.06 17:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011.09.06 17:43:07 | 000,000,000 | ---D | C] -- D:\Daten\Dokumente\My Games
[2011.09.06 17:42:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.09.06 17:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.09.06 17:42:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.09.06 17:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2011.09.06 17:41:22 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2011.09.06 17:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2011.09.06 17:41:19 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.09.06 17:41:19 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.09.06 17:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011.09.06 14:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011.09.06 14:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011.09.06 00:31:01 | 000,230,864 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011.09.05 23:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.0
[2011.09.05 21:33:09 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sauerbraten
[2011.09.05 21:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sauerbraten
[2011.09.05 20:53:20 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\Blender Foundation
[2011.09.05 20:52:12 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\.thumbnails
[2011.08.27 22:53:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.08.27 19:15:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.08.27 19:15:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011.08.27 19:10:02 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011.08.27 19:09:53 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011.08.26 01:35:10 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Local\Secunia PSI
[2011.08.26 00:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Binarysense
[2011.08.26 00:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSDlife
[2011.08.26 00:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2011.08.26 00:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.08.26 00:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.26 00:30:30 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\Malwarebytes
[2011.08.26 00:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.26 00:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.26 00:30:21 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.26 00:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.08.25 20:43:51 | 000,000,000 | -HSD | C] -- C:\Boot
[2011.08.25 20:40:06 | 000,000,000 | R--D | C] -- C:\Sandbox
[2011.08.25 20:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2011.08.25 20:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2011.08.25 20:28:48 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Local\AMD
[2011.08.25 20:28:40 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\ATI
[2011.08.25 20:28:40 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Local\ATI
[2011.08.25 20:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011.08.25 20:26:15 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\Skype
[2011.08.25 20:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.08.25 20:26:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011.08.25 20:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011.08.25 20:25:26 | 000,000,000 | ---D | C] -- C:\ATI
[2011.08.25 20:25:14 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Local\ElevatedDiagnostics
[2011.08.25 20:21:04 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\Macromedia
[2011.08.25 20:21:04 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\Adobe
[2011.08.25 20:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.08.25 20:06:03 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Local\Google
[2011.08.25 20:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011.08.25 20:06:02 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011.08.25 20:06:02 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011.08.25 20:06:02 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.08.25 20:06:02 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011.08.25 20:06:02 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011.08.25 20:06:02 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011.08.25 20:06:02 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011.08.25 20:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.08.25 20:05:55 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011.08.25 20:05:55 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.08.25 20:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.08.25 20:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011.08.25 20:00:25 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool
[2011.08.25 20:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics
[2011.08.25 20:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEC Electronics
[2011.08.25 20:00:02 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Local\Downloaded Installations
[2011.08.25 19:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011.08.25 19:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011.08.25 19:58:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011.08.25 19:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011.08.25 19:58:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.08.25 19:57:44 | 000,242,176 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2011.08.25 19:57:44 | 000,193,024 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2011.08.25 19:57:44 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2011.08.25 19:57:44 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2011.08.25 19:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2011.08.25 19:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.08.25 19:57:15 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.08.25 19:54:28 | 000,000,000 | R--D | C] -- C:\Users\µ@l§X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.08.25 19:54:28 | 000,000,000 | R--D | C] -- C:\Users\µ@l§X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.08.25 19:54:22 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\Identities
[2011.08.25 19:54:19 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Local\VirtualStore
[2011.08.25 19:54:15 | 000,000,000 | --SD | C] -- C:\Users\µ@l§X\AppData\Roaming\Microsoft
[2011.08.25 19:54:15 | 000,000,000 | R--D | C] -- C:\Users\µ@l§X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.08.25 19:54:15 | 000,000,000 | R--D | C] -- C:\Users\µ@l§X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.08.25 19:54:15 | 000,000,000 | -HSD | C] -- C:\Users\µ@l§X\Vorlagen
[2011.08.25 19:54:15 | 000,000,000 | -HSD | C] -- C:\Users\µ@l§X\AppData\Local\Verlauf
[2011.08.25 19:54:15 | 000,000,000 | -HSD | C] -- C:\Users\µ@l§X\AppData\Local\Temporary Internet Files
[2011.08.25 19:54:15 | 000,000,000 | -HSD | C] -- C:\Users\µ@l§X\Startmenü
[2011.08.25 19:54:15 | 000,000,000 | -HSD | C] -- C:\Users\µ@l§X\SendTo
[2011.08.25 19:54:15 | 000,000,000 | -HSD | C] -- C:\Users\µ@l§X\Recent
[2011.08.25 19:54:15 | 000,000,000 | -HSD | C] -- C:\Users\µ@l§X\Netzwerkumgebung
[2011.08.25 19:54:15 | 000,000,000 | -HSD | C] -- C:\Users\µ@l§X\Lokale Einstellungen
[2011.08.25 19:54:15 | 000,000,000 | -HSD | C] -- C:\Users\µ@l§X\Eigene Dateien
[2011.08.25 19:54:15 | 000,000,000 | -HSD | C] -- C:\Users\µ@l§X\Druckumgebung
[2011.08.25 19:54:15 | 000,000,000 | -HSD | C] -- C:\Users\µ@l§X\Cookies
[2011.08.25 19:54:15 | 000,000,000 | -HSD | C] -- C:\Users\µ@l§X\AppData\Local\Anwendungsdaten
[2011.08.25 19:54:15 | 000,000,000 | -HSD | C] -- C:\Users\µ@l§X\Anwendungsdaten
[2011.08.25 19:54:15 | 000,000,000 | -H-D | C] -- C:\Users\µ@l§X\AppData
[2011.08.25 19:54:15 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Local\Temp
[2011.08.25 19:54:15 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Local\Microsoft
[2011.08.25 19:54:15 | 000,000,000 | ---D | C] -- C:\Users\µ@l§X\AppData\Roaming\Media Center Programs
[2011.08.25 19:52:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.08.25 19:52:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.08.25 19:52:35 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.08.25 19:52:35 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.08.25 19:52:35 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2011.08.25 19:52:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.08.25 19:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.08.25 19:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.08.25 19:52:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.08.25 19:52:35 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.08.25 19:52:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.08.25 19:52:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2011.08.25 19:52:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.08.25 19:52:33 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.08.25 19:45:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011.08.25 19:45:01 | 000,000,000 | ---D | C] -- C:\Windows\CSC
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.24 16:17:32 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.24 16:17:32 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.24 16:17:32 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.24 16:17:32 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.24 16:17:32 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.24 16:17:26 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.24 16:17:26 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.24 16:13:49 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\Daten\Desktop\OTL.exe
[2011.09.24 16:12:37 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.24 16:12:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.24 16:12:14 | 2145,251,327 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.24 02:26:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.24 01:41:28 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.09.24 01:41:28 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.09.23 20:38:32 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.09.23 19:12:25 | 000,001,744 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011.09.23 18:49:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.09.20 19:27:32 | 000,000,654 | ---- | M] () -- C:\Users\µ@l§X\SciTE.session
[2011.09.20 15:43:48 | 000,000,000 | ---- | M] () -- C:\Users\µ@l§X\__ng3d.lock
[2011.09.18 22:28:53 | 000,050,438 | ---- | M] () -- C:\Users\µ@l§X\.recently-used.xbel
[2011.09.15 18:06:08 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.14 18:01:47 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011.09.14 18:01:45 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.06 22:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011.09.06 22:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.09.06 22:45:17 | 000,254,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.09.06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011.09.06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011.09.06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011.09.06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011.09.06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011.09.06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011.09.06 17:41:19 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.09.06 17:41:19 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.09.06 00:31:01 | 000,230,864 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.27 22:47:25 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.08.26 01:52:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.08.26 01:52:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011.08.26 01:35:07 | 000,000,635 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011.08.26 00:51:20 | 169,367,094 | ---- | M] () -- D:\Daten\Dokumente\Registry Von Anfang An.reg
[2011.08.26 00:34:28 | 000,007,092 | ---- | M] () -- D:\Daten\Dokumente\cc_20110826_003425.reg
[2011.08.25 20:43:52 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011.08.25 20:28:25 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011.08.25 20:06:03 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.08.25 20:01:37 | 000,044,695 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2011.08.25 19:56:22 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2011.08.25 19:56:10 | 000,031,115 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2011.08.25 19:52:52 | 000,171,136 | RHS- | M] () -- C:\w7ldr
[2011.08.25 19:47:16 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.08.25 19:47:16 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.08.25 19:45:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2011.09.20 15:43:48 | 000,000,000 | ---- | C] () -- C:\Users\µ@l§X\__ng3d.lock
[2011.09.19 15:00:06 | 000,000,654 | ---- | C] () -- C:\Users\µ@l§X\SciTE.session
[2011.09.18 22:28:53 | 000,050,438 | ---- | C] () -- C:\Users\µ@l§X\.recently-used.xbel
[2011.09.15 18:06:27 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.09.15 18:06:27 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.09.15 18:06:14 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.09.15 18:06:08 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.14 18:01:47 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011.09.14 18:01:45 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.11 19:43:06 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\rtvcvfw32.dll
[2011.09.11 13:28:26 | 000,027,497 | ---- | C] () -- D:\Daten\Dokumente\hd5850 phenom ii x6 1055t.3dr
[2011.09.06 17:42:18 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011.08.27 19:10:34 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2011.08.27 19:10:27 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011.08.27 19:09:47 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011.08.27 19:09:41 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011.08.27 19:09:41 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011.08.27 19:09:31 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011.08.27 19:09:31 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011.08.26 01:52:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.08.26 01:52:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011.08.26 01:35:07 | 000,000,635 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011.08.26 01:35:07 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011.08.26 00:51:13 | 169,367,094 | ---- | C] () -- D:\Daten\Dokumente\Registry Von Anfang An.reg
[2011.08.26 00:48:13 | 000,007,092 | ---- | C] () -- D:\Daten\Dokumente\cc_20110826_003425.reg
[2011.08.25 20:43:52 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011.08.25 20:43:51 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011.08.25 20:39:13 | 000,001,744 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.08.25 20:28:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.25 20:06:04 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.25 20:06:04 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.25 20:06:02 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.08.25 20:06:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011.08.25 19:57:57 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2011.08.25 19:56:26 | 000,044,695 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.08.25 19:55:59 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.08.25 19:55:56 | 000,031,115 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.08.25 19:54:34 | 000,001,405 | ---- | C] () -- C:\Users\µ@l§X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.08.25 19:54:30 | 000,001,439 | ---- | C] () -- C:\Users\µ@l§X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.08.25 19:52:52 | 000,171,136 | RHS- | C] () -- C:\w7ldr
[2011.08.25 19:45:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.08.25 19:44:54 | 2145,251,327 | -HS- | C] () -- C:\hiberfil.sys
[2011.07.17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009.03.30 08:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe
 
========== LOP Check ==========
 
[2011.09.11 19:13:53 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\.minecraft
[2011.09.05 20:53:20 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\Blender Foundation
[2011.09.11 21:31:48 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\FileZilla
[2011.09.20 21:18:57 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\Foxit Software
[2011.09.18 22:28:07 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\gtk-2.0
[2011.09.18 11:14:25 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\IrfanView
[2011.09.13 16:42:52 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\LolClient
[2011.09.19 14:39:25 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\SoundSpectrum
[2009.07.14 07:08:49 | 000,018,018 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.11 19:13:53 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\.minecraft
[2011.08.25 20:21:04 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\Adobe
[2011.08.25 20:28:40 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\ATI
[2011.09.13 22:11:49 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\atitray
[2011.09.05 20:53:20 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\Blender Foundation
[2011.09.11 21:31:48 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\FileZilla
[2011.09.20 21:18:57 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\Foxit Software
[2011.09.18 22:28:07 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\gtk-2.0
[2011.08.25 19:54:22 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\Identities
[2011.09.18 11:14:25 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\IrfanView
[2011.09.13 16:42:52 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\LolClient
[2011.08.25 20:21:04 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\Macromedia
[2011.08.26 00:30:30 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\Media Center Programs
[2011.09.19 14:42:52 | 000,000,000 | --SD | M] -- C:\Users\µ@l§X\AppData\Roaming\Microsoft
[2011.09.24 16:13:24 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\Skype
[2011.09.19 14:39:25 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\SoundSpectrum
[2011.09.14 18:22:13 | 000,000,000 | ---D | M] -- C:\Users\µ@l§X\AppData\Roaming\VMware
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.08.26 01:52:10 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.08.26 01:52:10 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011.08.26 01:52:10 | 009,704,448 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2011.08.26 01:52:10 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

< End of report >
         

Alt 24.09.2011, 15:30   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner in kernel32.dll? - Standard

Trojaner in kernel32.dll?



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.09.2011, 15:38   #10
PCFREAK86
 
Trojaner in kernel32.dll? - Standard

Trojaner in kernel32.dll?



Ok ich wurde leider nicht gefragt, ob ich mit der aktuelle Virendefinition scannen will, ich hab trotzdem schonmal gescannt und den Log gespeichert:
Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-24 16:34:04
-----------------------------
16:34:04.702    OS Version: Windows x64 6.1.7601 Service Pack 1
16:34:04.702    Number of processors: 6 586 0xA00
16:34:04.703    ComputerName: µL§X-PC  UserName: µ@l§X
16:34:05.265    Initialize success
16:34:05.326    AVAST engine defs: 11092400
16:35:16.301    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:35:16.303    Disk 0 Vendor: C300-CTFDDAC128MAG 0006 Size: 122104MB BusType: 11
16:35:16.306    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-4
16:35:16.308    Disk 1 Vendor: ExcelStor_Technology_J9250S GM2OA52A Size: 238475MB BusType: 11
16:35:18.316    Disk 0 MBR read successfully
16:35:18.318    Disk 0 MBR scan
16:35:18.321    Disk 0 Windows 7 default MBR code
16:35:18.324    Service scanning
16:35:21.851    Modules scanning
16:35:21.854    Disk 0 trace - called modules:
16:35:21.857    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
16:35:21.861    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b83790]
16:35:21.863    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007ba2680]
16:35:22.784    AVAST engine scan C:\Windows
16:35:23.686    AVAST engine scan C:\Windows\system32
16:35:53.935    AVAST engine scan C:\Windows\system32\drivers
16:35:56.254    AVAST engine scan C:\Users\µ@l§X
16:36:00.214    AVAST engine scan C:\ProgramData
16:36:01.928    Scan finished successfully
16:36:20.693    Disk 0 MBR has been saved successfully to "D:\Daten\Desktop\MBR.dat"
16:36:20.698    The log file has been saved successfully to "D:\Daten\Desktop\aswMBR.txt"
         

Alt 24.09.2011, 16:29   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner in kernel32.dll? - Standard

Trojaner in kernel32.dll?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.09.2011, 17:04   #12
PCFREAK86
 
Trojaner in kernel32.dll? - Standard

Trojaner in kernel32.dll?



ok hier ist der Log:
Code:
ATTFilter
ComboFix 11-09-24.01 - µ@l§X 24.09.2011  17:52:00.1.6 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8189.6341 [GMT 2:00]
ausgeführt von:: d:\daten\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-24 bis 2011-09-24  ))))))))))))))))))))))))))))))
.
.
2011-09-24 15:55 . 2011-09-24 15:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-09-23 20:21 . 2011-09-23 20:21	--------	d-----w-	c:\program files (x86)\ESET
2011-09-19 12:42 . 2011-09-19 12:42	--------	d-----w-	c:\program files (x86)\AutoIt3
2011-09-19 12:38 . 2011-09-19 12:39	--------	d-----w-	c:\program files (x86)\SoundSpectrum
2011-09-17 21:11 . 2011-09-17 21:11	--------	d-----w-	c:\program files (x86)\GIMP-2.0
2011-09-17 13:35 . 2011-09-17 13:35	--------	d-----w-	c:\program files (x86)\7-Zip
2011-09-17 11:58 . 2011-09-17 11:58	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2011-09-17 11:58 . 2011-08-16 06:48	8862544	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2D66526-CE9E-4EB7-8BE5-EA9D16603859}\mpengine.dll
2011-09-17 11:52 . 2011-09-17 11:52	--------	d-----w-	c:\programdata\ATI
2011-09-17 11:51 . 2011-09-17 11:51	--------	d-----w-	c:\program files (x86)\AMD APP
2011-09-17 11:51 . 2011-09-17 11:51	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2011-09-17 11:51 . 2011-09-17 11:51	--------	d-----w-	c:\program files (x86)\Common Files\ATI Technologies
2011-09-17 11:50 . 2011-09-17 11:50	--------	d-----w-	c:\program files (x86)\ATI Technologies
2011-09-17 11:50 . 2011-09-17 11:51	--------	d-----w-	c:\program files\ATI Technologies
2011-09-15 16:39 . 2009-09-04 15:29	1974616	----a-w-	c:\windows\SysWow64\D3DCompiler_42.dll
2011-09-15 16:39 . 2009-09-04 15:29	235344	----a-w-	c:\windows\SysWow64\d3dx11_42.dll
2011-09-15 16:39 . 2009-09-04 15:29	5501792	----a-w-	c:\windows\SysWow64\d3dcsx_42.dll
2011-09-15 16:39 . 2006-09-28 14:05	2414360	----a-w-	c:\windows\SysWow64\d3dx9_31.dll
2011-09-15 16:06 . 2011-09-23 23:41	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-09-15 16:06 . 2011-09-23 18:38	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2011-09-15 16:06 . 2011-09-23 23:41	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-09-15 16:06 . 2011-09-15 16:06	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-09-10 21:24 . 2011-09-10 21:24	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-09-10 21:24 . 2011-09-10 21:24	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-09-10 21:24 . 2011-09-10 21:24	--------	d-----w-	c:\program files (x86)\Java
2011-09-06 15:43 . 2011-09-06 15:43	--------	d-sh--w-	c:\programdata\DSS
2011-09-06 15:43 . 2011-09-06 15:43	--------	d-----w-	c:\programdata\Codemasters
2011-09-06 15:42 . 2009-09-04 15:29	453456	----a-w-	c:\windows\SysWow64\d3dx10_42.dll
2011-09-06 15:42 . 2009-09-04 15:29	1892184	----a-w-	c:\windows\SysWow64\D3DX9_42.dll
2011-09-06 15:42 . 2011-09-06 15:42	--------	d-----w-	c:\windows\SysWow64\xlive
2011-09-06 15:42 . 2011-09-06 15:42	--------	d-----w-	c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-09-06 12:25 . 2011-09-23 20:30	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2011-09-05 22:31 . 2011-09-05 22:31	230864	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2011-08-27 20:53 . 2011-08-27 20:53	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2011-08-27 17:15 . 2011-08-27 17:15	--------	d-----w-	c:\windows\system32\SPReview
2011-08-27 17:14 . 2011-03-11 06:30	96768	----a-w-	c:\windows\system32\fsutil.exe
2011-08-27 17:10 . 2010-11-05 01:57	48976	----a-w-	c:\windows\system32\netfxperf.dll
2011-08-27 17:09 . 2010-11-20 13:33	94592	----a-w-	c:\windows\system32\drivers\mountmgr.sys
2011-08-27 17:08 . 2010-11-20 13:27	529408	----a-w-	c:\windows\system32\wbemcomn.dll
2011-08-27 17:08 . 2010-11-20 13:27	244736	----a-w-	c:\program files\Windows Portable Devices\sqmapi.dll
2011-08-27 17:08 . 2010-11-20 13:27	244736	----a-w-	c:\windows\system32\sqmapi.dll
2011-08-25 23:59 . 2011-08-25 23:59	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2011-08-25 23:59 . 2011-08-25 23:59	--------	d-----w-	c:\windows\system32\wbem\en-US
2011-08-25 23:42 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2011-08-25 23:35 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2011-08-25 23:34 . 2011-02-23 04:55	90624	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-08-25 23:32 . 2011-06-23 05:43	5561216	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-25 23:32 . 2011-06-23 04:33	3912576	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2011-08-25 23:32 . 2011-06-23 04:33	3967872	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2011-08-25 22:41 . 2011-08-25 22:41	--------	d-----w-	c:\programdata\Binarysense
2011-08-25 22:34 . 2011-08-25 22:34	--------	d-----w-	c:\program files\CCleaner
2011-08-25 22:30 . 2011-08-25 22:30	--------	d-----w-	c:\programdata\Malwarebytes
2011-08-25 22:30 . 2011-09-15 16:23	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-25 22:30 . 2011-08-31 15:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-25 18:43 . 2011-08-27 20:35	--------	d-----w-	C:\Boot
2011-08-25 18:40 . 2011-08-25 18:40	--------	d-----r-	C:\Sandbox
2011-08-25 18:38 . 2011-08-25 18:38	--------	d-----w-	c:\program files\Sandboxie
2011-08-25 18:28 . 2011-08-25 18:28	0	----a-w-	c:\windows\ativpsrm.bin
2011-08-25 18:26 . 2011-09-17 11:51	--------	d-----w-	c:\programdata\AMD
2011-08-25 18:26 . 2010-02-18 07:18	46136	----a-w-	c:\windows\system32\drivers\amdiox64.sys
2011-08-25 18:26 . 2011-08-25 18:26	--------	d-----r-	c:\program files (x86)\Skype
2011-08-25 18:26 . 2011-08-25 18:26	--------	d-----w-	c:\programdata\Skype
2011-08-25 18:25 . 2011-08-25 18:25	--------	d-----w-	C:\ATI
2011-08-25 18:06 . 2011-08-25 18:06	--------	d-----w-	c:\program files (x86)\Google
2011-08-25 18:06 . 2011-09-06 20:45	254400	----a-w-	c:\windows\system32\aswBoot.exe
2011-08-25 18:06 . 2011-09-06 20:38	601944	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-08-25 18:06 . 2011-09-06 20:38	301912	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-08-25 18:06 . 2011-09-06 20:36	58200	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-08-25 18:06 . 2011-09-06 20:36	42328	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-08-25 18:06 . 2011-09-06 20:36	65368	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-08-25 18:06 . 2011-09-06 20:36	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-08-25 18:05 . 2011-09-06 20:45	41184	----a-w-	c:\windows\avastSS.scr
2011-08-25 18:05 . 2011-09-06 20:45	199304	----a-w-	c:\windows\SysWow64\aswBoot.exe
2011-08-25 18:05 . 2011-08-25 18:05	--------	d-----w-	c:\programdata\AVAST Software
2011-08-25 18:05 . 2011-08-25 18:05	--------	d-----w-	c:\program files\AVAST Software
2011-08-25 18:00 . 2009-07-14 01:15	315904	----a-w-	c:\windows\SysWow64\Difxe1e5.rra
2011-08-25 18:00 . 2010-01-11 11:28	115824	----a-w-	c:\windows\system32\drivers\jraid.sys
2011-08-25 18:00 . 2011-08-25 18:00	--------	d-----w-	c:\windows\RaidTool
2011-08-25 18:00 . 2011-08-25 18:00	--------	d-----w-	c:\program files (x86)\NEC Electronics
2011-08-25 17:59 . 2011-06-10 04:34	107552	----a-w-	c:\windows\system32\RTNUninst64.dll
2011-08-25 17:59 . 2011-08-25 17:59	--------	d-----w-	c:\program files (x86)\Realtek
2011-08-25 17:58 . 2011-08-25 17:58	--------	d-----w-	c:\program files\DIFX
2011-08-25 17:58 . 2011-09-17 11:44	--------	dc----w-	c:\windows\system32\DRVSTORE
2011-08-25 17:58 . 2009-10-07 10:13	70200	----a-w-	c:\windows\system32\drivers\amdsata.sys
2011-08-25 17:58 . 2009-10-07 10:13	28728	----a-w-	c:\windows\system32\drivers\amdxata.sys
2011-08-25 17:58 . 2009-05-05 01:00	16440	----a-w-	c:\windows\system32\drivers\AtiPcie.sys
2011-08-25 17:58 . 2011-08-25 17:58	--------	d-----w-	c:\program files\ATI
2011-08-25 17:58 . 2011-09-12 18:08	--------	d--h--w-	c:\program files (x86)\InstallShield Installation Information
2011-08-25 17:54 . 2011-09-20 13:43	--------	d-----w-	c:\users\µ@l§X
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 15:59 . 2009-08-18 10:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-09-06 15:59 . 2009-08-18 09:24	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-27 20:32 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-08-27 20:32 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-08-15 12:32 . 2011-08-15 12:32	146736	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2011-07-28 22:23 . 2011-07-28 22:23	9980416	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-07-28 22:09 . 2011-07-28 22:09	23921664	----a-w-	c:\windows\system32\atio6axx.dll
2011-07-28 21:44 . 2011-07-28 21:44	18388480	----a-w-	c:\windows\SysWow64\atioglxx.dll
2011-07-28 21:40 . 2011-07-28 21:40	151552	----a-w-	c:\windows\system32\atiapfxx.exe
2011-07-28 21:40 . 2011-07-28 21:40	726528	----a-w-	c:\windows\SysWow64\aticfx32.dll
2011-07-28 21:39 . 2011-07-28 21:39	852992	----a-w-	c:\windows\system32\aticfx64.dll
2011-07-28 21:36 . 2011-07-28 21:36	462848	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-07-28 21:36 . 2011-07-28 21:36	485376	----a-w-	c:\windows\system32\atieclxx.exe
2011-07-28 21:35 . 2011-07-28 21:35	204288	----a-w-	c:\windows\system32\atiesrxx.exe
2011-07-28 21:34 . 2011-07-28 21:34	120320	----a-w-	c:\windows\system32\atitmm64.dll
2011-07-28 21:34 . 2011-07-28 21:34	423424	----a-w-	c:\windows\system32\atipdl64.dll
2011-07-28 21:33 . 2011-07-28 21:33	356352	----a-w-	c:\windows\SysWow64\atipdlxx.dll
2011-07-28 21:33 . 2011-07-28 21:33	278528	----a-w-	c:\windows\SysWow64\Oemdspif.dll
2011-07-28 21:33 . 2011-07-28 21:33	21504	----a-w-	c:\windows\system32\atimuixx.dll
2011-07-28 21:33 . 2011-07-28 21:33	59392	----a-w-	c:\windows\system32\atiedu64.dll
2011-07-28 21:33 . 2011-07-28 21:33	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2011-07-28 21:30 . 2011-07-28 21:30	4198912	----a-w-	c:\windows\SysWow64\atidxx32.dll
2011-07-28 21:20 . 2011-07-28 21:20	4943360	----a-w-	c:\windows\system32\atidxx64.dll
2011-07-28 21:12 . 2011-07-28 21:12	1113088	----a-w-	c:\windows\system32\atiumd6v.dll
2011-07-28 21:11 . 2011-07-28 21:11	1828864	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2011-07-28 21:11 . 2011-07-28 21:11	3871744	----a-w-	c:\windows\system32\atiumd6a.dll
2011-07-28 21:11 . 2011-07-28 21:11	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2011-07-28 21:11 . 2011-07-28 21:11	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2011-07-28 21:11 . 2011-07-28 21:11	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2011-07-28 21:11 . 2011-07-28 21:11	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2011-07-28 21:10 . 2011-07-28 21:10	9644544	----a-w-	c:\windows\system32\aticaldd64.dll
2011-07-28 21:09 . 2011-07-28 21:09	4256768	----a-w-	c:\windows\SysWow64\atiumdag.dll
2011-07-28 21:07 . 2011-07-28 21:07	8247296	----a-w-	c:\windows\SysWow64\aticaldd.dll
2011-07-28 21:03 . 2011-07-28 21:03	4056064	----a-w-	c:\windows\SysWow64\atiumdva.dll
2011-07-28 21:02 . 2011-07-28 21:02	5399040	----a-w-	c:\windows\system32\atiumd64.dll
2011-07-28 21:01 . 2011-07-28 21:01	58880	----a-w-	c:\windows\system32\coinst.dll
2011-07-28 20:54 . 2011-07-28 20:54	378368	----a-w-	c:\windows\system32\atiadlxx.dll
2011-07-28 20:54 . 2011-07-28 20:54	266240	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2011-07-28 20:54 . 2011-07-28 20:54	15360	----a-w-	c:\windows\system32\atig6pxx.dll
2011-07-28 20:54 . 2011-07-28 20:54	13312	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54	13312	----a-w-	c:\windows\system32\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54	39936	----a-w-	c:\windows\system32\atig6txx.dll
2011-07-28 20:54 . 2011-07-28 20:54	32768	----a-w-	c:\windows\SysWow64\atigktxx.dll
2011-07-28 20:54 . 2011-07-28 20:54	309248	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2011-07-28 20:53 . 2011-07-28 20:53	40960	----a-w-	c:\windows\system32\atiuxp64.dll
2011-07-28 20:53 . 2011-07-28 20:53	31744	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2011-07-28 20:53 . 2011-07-28 20:53	38912	----a-w-	c:\windows\system32\atiu9p64.dll
2011-07-28 20:53 . 2011-07-28 20:53	29184	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2011-07-28 20:52 . 2011-07-28 20:52	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-07-28 20:51 . 2011-07-28 20:51	53760	----a-w-	c:\windows\system32\atimpc64.dll
2011-07-28 20:51 . 2011-07-28 20:51	53760	----a-w-	c:\windows\system32\amdpcom64.dll
2011-07-28 20:51 . 2011-07-28 20:51	52736	----a-w-	c:\windows\SysWow64\atimpc32.dll
2011-07-28 20:51 . 2011-07-28 20:51	52736	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2011-07-28 15:49 . 2011-07-28 15:49	60416	----a-w-	c:\windows\system32\OVDecode64.dll
2011-07-28 15:48 . 2011-07-28 15:48	51200	----a-w-	c:\windows\system32\OpenCL.dll
2011-07-28 15:48 . 2011-07-28 15:48	16552960	----a-w-	c:\windows\system32\amdocl64.dll
2011-07-17 21:54 . 2011-07-17 21:54	59904	----a-w-	c:\windows\SysWow64\OVDecode.dll
2011-07-17 21:53 . 2011-07-17 21:53	51712	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-07-17 21:53 . 2011-07-17 21:53	12385280	----a-w-	c:\windows\SysWow64\amdocl.dll
2011-07-16 04:26 . 2011-08-25 23:36	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 604432]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-09-12 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - d:\programs\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 136176]
R3 cpuz135;cpuz135;c:\users\@LX~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;d:\programs\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;d:\programs\PSI\sua.exe [2011-04-19 399416]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 18:06]
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 18:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45	134384	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\DAODx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-24  18:00:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-09-24 16:00
.
Vor Suchlauf: 8 Verzeichnis(se), 102.256.885.760 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 102.115.254.272 Bytes frei
.
- - End Of File - - 6B4347F39A1EC49AF5DC352707BDB233
         

Alt 24.09.2011, 17:06   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner in kernel32.dll? - Standard

Trojaner in kernel32.dll?



Nix Auffälliges. Ich denke da liegt ein Fehlalarm vor.
Wird der angebliche Schädling immer noch gemeldet?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.09.2011, 17:44   #14
PCFREAK86
 
Trojaner in kernel32.dll? - Standard

Trojaner in kernel32.dll?



Nee er findet immer noch genau die gleichen Sachen, könnte das denn wirklich ein Fehlalarm sein?

Alt 24.09.2011, 18:07   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner in kernel32.dll? - Standard

Trojaner in kernel32.dll?



Kann sein oder auch nicht, ich bin kein Hellseher, aber ich sehe sonst unauffällige Logs.
Mach doch eine weitere Neuinstallation und schau nach wie die Meldungen dann sind.
Du kannst natürlich von Vollbackup via Systemimage vorher machen, das lässt sich dann leicht zurückspielen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Trojaner in kernel32.dll?
.dll, avast, dateien, eingefangen, entferne, entfernen, gefangen, heute, immer wieder, kernel, komplett, nichts, scan, troja, trojaner, virus, virus eingefangen, virustotal, win32, windows, winsxs, woran, zweimal



Ähnliche Themen: Trojaner in kernel32.dll?


  1. Win32 Anyprotect gelöscht, aber Kernel32.dll anscheinend noch infiziert
    Log-Analyse und Auswertung - 13.04.2015 (5)
  2. Habe irgendwie meine Kernel32.exe abgeschossen
    Alles rund um Windows - 16.07.2012 (4)
  3. fehlermeldung kernel32 nicht gefunden - festplatte beschädigt - was tun?
    Plagegeister aller Art und deren Bekämpfung - 16.06.2011 (33)
  4. kernel32.dll geändert brauche neue
    Alles rund um Windows - 07.09.2008 (18)
  5. Kernel32.dll muss beendet werden
    Plagegeister aller Art und deren Bekämpfung - 08.09.2007 (0)
  6. Trojaner kernel32
    Plagegeister aller Art und deren Bekämpfung - 25.03.2007 (2)
  7. Kernel32.exe und HiJacks log file
    Log-Analyse und Auswertung - 30.10.2006 (3)
  8. Explorer hat in Kernel32.dll
    Alles rund um Windows - 20.08.2006 (1)
  9. kernel32
    Alles rund um Windows - 23.05.2006 (15)
  10. Kernel32.dll
    Alles rund um Windows - 09.07.2005 (1)

Zum Thema Trojaner in kernel32.dll? - Hallo, offenbar hab ich mir irgendwo einen Virus eingefangen, denn als heute der Komplett Scan lief, fand er 3 Mal den selber Virus, einmal in dem Pfad: C:\Windows\SysWOW64\kernel32.dll|>[Emul] (Dies zeigt - Trojaner in kernel32.dll?...
Archiv
Du betrachtest: Trojaner in kernel32.dll? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.