| |
| |||||||
Log-Analyse und Auswertung: Versteckter Prozess (Rootkit) gefunden. Löschen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.04.2013, 00:53
| #1 |
| |  Versteckter Prozess (Rootkit) gefunden. Löschen? Hallo liebe Community, Ich habe anscheinend ein Rootkit in meinem System, was mir das Programm GMER bestätigt hat. Google hat "gesagt" ich soll bevor ich irgendeinen versteckten Prozess lösche in einem Forum nachfragen, ob es richtig ist, diesen Prozess zu killen, da eventuell auch irreparable Schäden möglich sind. Ich hoffe ihr könnt mir weiterhelfen. Vielen Dank schon mal im Voraus. GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-04-30 01:46:42 Windows 6.0.6000 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB Running: llikksn3.exe; Driver: C:\Users\MARCEL~1\AppData\Local\Temp\uxliruog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8C71959C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8CF9E388] ...... ...... ..... ---- Processes - GMER 2.1 ---- Process (*** hidden *** ) [4] 83A3E7B0 ---- EOF - GMER 2.1 ---- |
|
30.04.2013, 08:25
| #2 |
| /// Malwareteam    | Versteckter Prozess (Rootkit) gefunden. Löschen? Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 2: OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
Schritt 3: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ |
|
30.04.2013, 11:08
| #3 |
| | Versteckter Prozess (Rootkit) gefunden. Löschen? Hallo Marius,
__________________Erstmal schon mal vielen Dank für die schnelle Antwort. Das Problem bei der Formatierung ist, dass ich keine Vista-CD mit dem Laptop bekommen habe, ich konnte meinen Laptop nur mit Hilfe von solchen Recovery Cd's wieder auf den Auslieferungszustand zurücksetzen. Hier die Berichte zu den einzelnen Schritten: Schritt 1 Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:42 on 30/04/2013 (Marcel_)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Schritt 2 Code:
ATTFilter OTL logfile created on: 30.04.2013 11:49:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel_47\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16546) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,59% Memory free 4,21 Gb Paging File | 3,07 Gb Available in Paging File | 73,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,59 Gb Total Space | 117,96 Gb Free Space | 79,38% Space Free | Partition Type: NTFS Drive D: | 72,29 Gb Total Space | 72,21 Gb Free Space | 99,88% Space Free | Partition Type: NTFS Computer Name: MARCEL_47-PC | User Name: Marcel_47 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Marcel_47\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a4fd3b000abfd4712b02ec223df3e9dd\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\982c005f97eacba888acdda322c49362\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6d75eb3ca10a514754f5e87cc2134f07\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\19d027c3381110e60c003f2c8bd307ee\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll () MOD - C:\Users\Marcel_47\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Marcel_47\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Marcel_47\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Users\Marcel_47\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2840.38361__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2840.38587__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2840.38318__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2840.38373__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2840.38579__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2840.38353__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2840.38339__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2840.38616__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2840.38537__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2840.38473__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2840.38621__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2840.38332__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2840.38482__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2840.38387__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2840.38340__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2840.38565__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2840.38545__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2840.38380__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2840.38609__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2840.38504__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2840.38552__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2840.38481__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2840.38545__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2840.38609__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2840.38503__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2840.38580__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2840.38475__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2840.38524__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2840.38467__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2840.38392__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2840.38474__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2840.38392__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2840.38481__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2840.38523__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2791.32000__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2791.31999__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2791.32024__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2791.32011__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2791.32025__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2791.31986__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2791.31992__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2791.32016__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2791.32006__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2791.32002__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2791.32027__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2791.31988__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2791.32015__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2791.32041__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2791.32434__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2791.32041__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2791.32007__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2791.31999__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2791.31995__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2791.32016__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2791.32015__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2791.32001__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2791.32029__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2791.32040__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2791.32027__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2791.32014__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2833.15324__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2833.15304__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2791.32007__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2791.32014__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2791.32039__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2833.15206__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2791.32039__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2791.31987__90ba9c70f846762e\AEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2791.32029__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2791.32006__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2791.32001__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2840.38348__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2840.38594__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2840.38602__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2840.38310__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2840.38601__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2791.31996__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2791.32008__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2840.38644__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2791.31993__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2791.32039__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2840.38594_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2791.32009__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2840.38309__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2840.38327__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2840.38311__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2840.38310__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2840.38309__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2791.32004__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2840.38602__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2791.32010__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2791.32030__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56ita.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56esp.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56brz.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56kor.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56ger.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56fra.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56cht.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56chs.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () ========== Services (SafeList) ========== SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys () DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider) DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marcel_47\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marcel_47\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marcel_47\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Marcel_47\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marcel_47\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Marcel_47\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Google Docs = C:\Users\Marcel_47\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Marcel_47\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Marcel_47\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Marcel_47\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: avast! WebRep = C:\Users\Marcel_47\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\ CHR - Extension: Google Mail = C:\Users\Marcel_47\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [recinfo303] c:\RecInfo\RecInfo.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E79C7507-696C-472E-8A50-22BFB78D1B95}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.30 11:38:41 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Marcel_47\Desktop\aswMBR.exe [2013.04.30 11:38:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel_47\Desktop\OTL.exe [2013.04.30 00:19:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.04.29 23:58:50 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2013.04.29 23:58:46 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2013.04.29 23:58:46 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2013.04.29 22:41:23 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2013.04.29 22:41:22 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2013.04.29 00:05:22 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013.04.29 00:05:22 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2013.04.29 00:05:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2013.04.29 00:05:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013.04.29 00:05:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2013.04.29 00:04:52 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll [2013.04.29 00:04:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll [2013.04.29 00:03:55 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2013.04.29 00:03:55 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2013.04.29 00:03:55 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2013.04.29 00:03:02 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2013.04.29 00:03:01 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2013.04.29 00:03:01 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2013.04.29 00:03:01 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll [2013.04.29 00:03:01 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll [2013.04.29 00:02:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2013.04.29 00:02:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll [2013.04.29 00:00:52 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2013.04.29 00:00:52 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2013.04.29 00:00:52 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe [2013.04.29 00:00:52 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe [2013.04.29 00:00:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll [2013.04.29 00:00:51 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2013.04.29 00:00:19 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.29 00:00:18 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.28 23:57:05 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2013.04.28 23:57:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2013.04.28 23:56:16 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.04.28 23:56:16 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.04.28 23:55:47 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2013.04.28 23:54:58 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2013.04.28 23:53:11 | 001,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll [2013.04.28 23:53:11 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2013.04.28 23:53:11 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2013.04.28 23:53:11 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2013.04.28 23:53:11 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2013.04.28 23:53:11 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2013.04.28 23:53:11 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2013.04.28 23:53:10 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2013.04.28 23:50:52 | 000,109,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys [2013.04.28 23:50:52 | 000,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys [2013.04.28 23:50:36 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013.04.28 23:49:40 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe [2013.04.28 23:49:10 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2013.04.28 23:49:09 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2013.04.28 23:49:08 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2013.04.28 23:49:08 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2013.04.28 23:49:08 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2013.04.28 23:49:08 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2013.04.28 23:48:48 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2013.04.28 23:48:48 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2013.04.28 23:48:18 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL [2013.04.28 23:48:18 | 000,213,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2013.04.28 23:48:18 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2013.04.28 23:48:18 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.04.28 23:48:18 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe [2013.04.28 23:47:49 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL [2013.04.28 23:47:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL [2013.04.28 23:47:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll [2013.04.28 23:47:39 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2013.04.28 23:47:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll [2013.04.28 23:47:23 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll [2013.04.28 23:47:07 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2013.04.28 23:47:06 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.04.28 23:46:23 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll [2013.04.28 23:46:12 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.28 23:46:00 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys [2013.04.28 23:46:00 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll [2013.04.28 23:45:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2013.04.28 23:45:42 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2013.04.28 23:45:13 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2013.04.28 23:45:13 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2013.04.28 23:45:13 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2013.04.28 23:45:13 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2013.04.28 23:45:13 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2013.04.28 23:45:13 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2013.04.28 23:45:13 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2013.04.28 23:45:13 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2013.04.28 23:45:13 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2013.04.28 23:44:58 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe [2013.04.28 23:44:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2013.04.28 23:44:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2013.04.28 23:44:17 | 004,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2013.04.28 23:44:17 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2013.04.28 23:43:50 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll [2013.04.28 23:43:40 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll [2013.04.28 23:43:14 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2013.04.28 23:41:52 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2013.04.28 23:41:44 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2013.04.28 23:40:48 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2013.04.28 23:40:48 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2013.04.28 23:40:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2013.04.28 23:39:59 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2013.04.28 23:39:47 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2013.04.28 23:39:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2013.04.28 23:39:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2013.04.28 23:39:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2013.04.28 23:39:42 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2013.04.28 18:39:33 | 000,000,000 | ---D | C] -- C:\Users\Marcel_47\AppData\Local\Google [2013.04.28 18:39:31 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.04.28 18:39:31 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.04.28 18:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013.04.28 18:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.04.28 18:39:30 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.04.28 18:39:30 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.04.28 18:39:30 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2013.04.28 18:39:28 | 000,228,600 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.04.28 18:39:28 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.04.28 18:38:55 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.04.28 18:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.04.28 18:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.04.28 18:35:54 | 000,000,000 | ---D | C] -- C:\Users\Marcel_47\AppData\Local\VirtualStore [2013.04.28 18:33:38 | 000,000,000 | ---D | C] -- C:\Users\Marcel_47\AppData\Roaming\Adobe [2013.04.28 18:33:38 | 000,000,000 | ---D | C] -- C:\Users\Marcel_47\AppData\Local\Adobe [2013.04.28 18:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\fsc-reg [2013.04.28 18:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2013.04.28 18:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites [2013.04.28 18:31:54 | 000,000,000 | ---D | C] -- C:\Users\Marcel_47\AppData\Local\Seven Zip [2013.04.28 18:30:32 | 000,000,000 | ---D | C] -- C:\Users\Marcel_47\AppData\Roaming\ATI [2013.04.28 18:30:32 | 000,000,000 | ---D | C] -- C:\Users\Marcel_47\AppData\Local\ATI [2013.04.28 18:30:12 | 000,000,000 | R--D | C] -- C:\Users\Marcel_47\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.04.28 18:30:12 | 000,000,000 | R--D | C] -- C:\Users\Marcel_47\Searches [2013.04.28 18:30:12 | 000,000,000 | R--D | C] -- C:\Users\Marcel_47\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.04.28 18:30:04 | 000,000,000 | ---D | C] -- C:\Users\Marcel_47\AppData\Roaming\Identities [2013.04.28 18:30:02 | 000,000,000 | R--D | C] -- C:\Users\Marcel_47\Contacts [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\Vorlagen [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\AppData\Local\Verlauf [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\AppData\Local\Temporary Internet Files [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\Startmenü [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\SendTo [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\Recent [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\Netzwerkumgebung [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\Lokale Einstellungen [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\Documents\Eigene Videos [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\Documents\Eigene Musik [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\Eigene Dateien [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\Documents\Eigene Bilder [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\Druckumgebung [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\Cookies [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\AppData\Local\Anwendungsdaten [2013.04.28 18:29:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcel_47\Anwendungsdaten [2013.04.28 18:29:49 | 000,000,000 | --SD | C] -- C:\Users\Marcel_47\AppData\Roaming\Microsoft [2013.04.28 18:29:49 | 000,000,000 | R--D | C] -- C:\Users\Marcel_47\Videos [2013.04.28 18:29:49 | 000,000,000 | R--D | C] -- C:\Users\Marcel_47\Saved Games [2013.04.28 18:29:49 | 000,000,000 | R--D | C] -- C:\Users\Marcel_47\Pictures [2013.04.28 18:29:49 | 000,000,000 | R--D | C] -- C:\Users\Marcel_47\Music [2013.04.28 18:29:49 | 000,000,000 | R--D | C] -- C:\Users\Marcel_47\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.04.28 18:29:49 | 000,000,000 | R--D | C] -- C:\Users\Marcel_47\Links [2013.04.28 18:29:49 | 000,000,000 | R--D | C] -- C:\Users\Marcel_47\Favorites [2013.04.28 18:29:49 | 000,000,000 | R--D | C] -- C:\Users\Marcel_47\Downloads [2013.04.28 18:29:49 | 000,000,000 | R--D | C] -- C:\Users\Marcel_47\Documents [2013.04.28 18:29:49 | 000,000,000 | R--D | C] -- C:\Users\Marcel_47\Desktop [2013.04.28 18:29:49 | 000,000,000 | R--D | C] -- C:\Users\Marcel_47\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.04.28 18:29:49 | 000,000,000 | -H-D | C] -- C:\Users\Marcel_47\AppData [2013.04.28 18:29:49 | 000,000,000 | ---D | C] -- C:\Users\Marcel_47\AppData\Local\Temp [2013.04.28 18:29:49 | 000,000,000 | ---D | C] -- C:\Users\Marcel_47\AppData\Local\Microsoft [2013.04.28 18:29:49 | 000,000,000 | ---D | C] -- C:\Users\Marcel_47\AppData\Roaming\Media Center Programs [2013.04.28 18:25:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.04.28 18:25:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.04.28 18:25:57 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.04.28 18:25:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.04.28 18:25:57 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.04.28 18:25:57 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.04.28 18:25:57 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.04.28 18:25:57 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.04.28 18:25:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.04.28 18:25:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.04.28 18:21:40 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.04.28 18:17:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.04.28 17:53:28 | 000,000,000 | ---D | C] -- C:\Users\Marcel_47\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.04.28 17:26:04 | 000,237,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013.04.28 16:34:11 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\Marcel_47\Desktop\chrome_installer141043.exe [2013.04.28 16:27:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel_47\Desktop\Marcels Geschenk [2013.04.28 16:27:06 | 000,000,000 | ---D | C] -- C:\Users\Marcel_47\Desktop\Job Uni [2013.04.28 16:27:03 | 000,000,000 | ---D | C] -- C:\Users\Marcel_47\Desktop\Hasi ========== Files - Modified Within 30 Days ========== [2013.04.30 11:42:12 | 000,000,000 | ---- | M] () -- C:\Users\Marcel_47\defogger_reenable [2013.04.30 11:40:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Marcel_47\Desktop\aswMBR.exe [2013.04.30 11:38:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel_47\Desktop\OTL.exe [2013.04.30 11:37:30 | 000,050,477 | ---- | M] () -- C:\Users\Marcel_47\Desktop\Defogger.exe [2013.04.30 11:36:07 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.30 11:36:07 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.30 11:36:07 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.30 11:36:07 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.30 11:30:47 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.30 11:30:46 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.30 11:30:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.30 11:30:16 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2013.04.30 02:10:25 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\http.sys.mui [2013.04.30 02:05:59 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3646662971-690315786-1530752921-1000UA.job [2013.04.30 00:19:03 | 260,946,798 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.30 00:12:42 | 032,243,712 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl [2013.04.30 00:12:42 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf [2013.04.30 00:12:41 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx [2013.04.29 23:58:50 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2013.04.29 23:58:46 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2013.04.29 23:58:46 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2013.04.29 22:41:23 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2013.04.29 22:41:22 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2013.04.29 21:10:06 | 000,298,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.29 03:16:43 | 000,000,009 | ---- | M] () -- C:\DVD.TAG [2013.04.29 00:05:22 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013.04.29 00:05:22 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2013.04.29 00:05:22 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2013.04.29 00:05:22 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013.04.29 00:05:22 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2013.04.29 00:04:52 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll [2013.04.29 00:04:52 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll [2013.04.29 00:03:55 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2013.04.29 00:03:55 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2013.04.29 00:03:55 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2013.04.29 00:03:02 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf [2013.04.29 00:03:02 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2013.04.29 00:03:01 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2013.04.29 00:03:01 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2013.04.29 00:03:01 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll [2013.04.29 00:03:01 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll [2013.04.29 00:02:27 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2013.04.29 00:02:26 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll [2013.04.29 00:00:52 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2013.04.29 00:00:52 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2013.04.29 00:00:52 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe [2013.04.29 00:00:52 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe [2013.04.29 00:00:52 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll [2013.04.29 00:00:51 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2013.04.29 00:00:19 | 003,502,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.29 00:00:19 | 003,468,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.28 23:57:05 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2013.04.28 23:57:05 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2013.04.28 23:56:16 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.04.28 23:56:16 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.04.28 23:55:47 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2013.04.28 23:54:58 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2013.04.28 23:53:11 | 001,244,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll [2013.04.28 23:53:11 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2013.04.28 23:53:11 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2013.04.28 23:53:11 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2013.04.28 23:53:11 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2013.04.28 23:53:11 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2013.04.28 23:53:10 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2013.04.28 23:50:52 | 000,109,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys [2013.04.28 23:50:52 | 000,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys [2013.04.28 23:50:36 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013.04.28 23:49:40 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe [2013.04.28 23:49:10 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2013.04.28 23:49:09 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2013.04.28 23:49:09 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2013.04.28 23:49:08 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2013.04.28 23:49:08 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2013.04.28 23:49:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2013.04.28 23:48:48 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2013.04.28 23:48:48 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2013.04.28 23:48:18 | 000,543,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL [2013.04.28 23:48:18 | 000,213,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2013.04.28 23:48:18 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2013.04.28 23:48:18 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.04.28 23:48:18 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe [2013.04.28 23:47:49 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL [2013.04.28 23:47:49 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL [2013.04.28 23:47:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll [2013.04.28 23:47:39 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2013.04.28 23:47:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll [2013.04.28 23:47:23 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll [2013.04.28 23:47:07 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2013.04.28 23:47:06 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.04.28 23:46:23 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll [2013.04.28 23:46:12 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.28 23:46:00 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys [2013.04.28 23:46:00 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll [2013.04.28 23:45:42 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2013.04.28 23:45:42 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2013.04.28 23:45:13 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2013.04.28 23:45:13 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2013.04.28 23:45:13 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2013.04.28 23:45:13 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2013.04.28 23:45:13 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2013.04.28 23:45:13 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2013.04.28 23:45:13 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2013.04.28 23:45:13 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2013.04.28 23:45:13 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2013.04.28 23:44:58 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe [2013.04.28 23:44:37 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2013.04.28 23:44:19 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2013.04.28 23:44:17 | 004,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2013.04.28 23:44:17 | 001,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2013.04.28 23:43:50 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll [2013.04.28 23:43:40 | 001,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll [2013.04.28 23:43:14 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2013.04.28 23:41:52 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2013.04.28 23:41:44 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2013.04.28 23:40:48 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2013.04.28 23:40:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2013.04.28 23:39:59 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2013.04.28 23:39:47 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2013.04.28 23:39:46 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2013.04.28 23:39:45 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2013.04.28 23:39:42 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2013.04.28 18:39:31 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.04.28 18:39:28 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.04.28 18:32:07 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office – 60-Tage-Testversion.lnk [2013.04.28 18:31:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf [2013.04.28 18:31:41 | 000,001,406 | ---- | M] () -- C:\Users\Marcel_47\Desktop\First Steps.lnk [2013.04.28 18:31:39 | 000,001,520 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk [2013.04.28 18:06:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3646662971-690315786-1530752921-1000Core.job [2013.04.28 17:55:03 | 000,002,060 | ---- | M] () -- C:\Users\Marcel_47\Desktop\Google Chrome.lnk [2013.04.28 16:34:00 | 000,739,856 | ---- | M] (Google Inc.) -- C:\Users\Marcel_47\Desktop\chrome_installer141043.exe [2013.04.27 18:30:22 | 000,525,669 | ---- | M] () -- C:\Users\Marcel_47\Desktop\El Senor v. Chr.-0200.CivBeyondSwordSave [2013.04.27 13:30:38 | 000,510,507 | ---- | M] () -- C:\Users\Marcel_47\Desktop\Khan, Dschinghis n. Chr.-1780.CivBeyondSwordSave [2013.04.22 20:47:52 | 115,054,456 | ---- | M] () -- C:\Users\Marcel_47\Desktop\avast_free_73antivirus_setup.exe ========== Files Created - No Company Name ========== [2013.04.30 11:42:12 | 000,000,000 | ---- | C] () -- C:\Users\Marcel_47\defogger_reenable [2013.04.30 11:37:29 | 000,050,477 | ---- | C] () -- C:\Users\Marcel_47\Desktop\Defogger.exe [2013.04.30 00:18:46 | 260,946,798 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.04.30 00:04:05 | 032,243,712 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl [2013.04.30 00:04:05 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf [2013.04.30 00:04:05 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx [2013.04.29 03:16:43 | 000,000,009 | ---- | C] () -- C:\DVD.TAG [2013.04.29 00:03:02 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2013.04.28 18:39:31 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.04.28 18:39:29 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.04.28 18:39:29 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.04.28 18:32:07 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office – 60-Tage-Testversion.lnk [2013.04.28 18:31:41 | 000,001,406 | ---- | C] () -- C:\Users\Marcel_47\Desktop\First Steps.lnk [2013.04.28 18:31:39 | 000,001,520 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk [2013.04.28 18:30:13 | 000,000,955 | ---- | C] () -- C:\Users\Marcel_47\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.04.28 18:30:11 | 000,000,950 | ---- | C] () -- C:\Users\Marcel_47\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2013.04.28 18:30:02 | 000,000,921 | ---- | C] () -- C:\Users\Marcel_47\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2013.04.28 18:17:55 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys [2013.04.28 17:53:28 | 000,002,060 | ---- | C] () -- C:\Users\Marcel_47\Desktop\Google Chrome.lnk [2013.04.28 17:50:46 | 000,001,136 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3646662971-690315786-1530752921-1000UA.job [2013.04.28 17:50:45 | 000,001,084 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3646662971-690315786-1530752921-1000Core.job [2013.04.28 16:32:01 | 152,249,762 | ---- | C] () -- C:\Users\Marcel_47\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2013.04.28 16:26:40 | 000,525,669 | ---- | C] () -- C:\Users\Marcel_47\Desktop\El Senor v. Chr.-0200.CivBeyondSwordSave [2013.04.28 16:26:40 | 000,510,507 | ---- | C] () -- C:\Users\Marcel_47\Desktop\Khan, Dschinghis n. Chr.-1780.CivBeyondSwordSave [2013.04.22 20:43:27 | 115,054,456 | ---- | C] () -- C:\Users\Marcel_47\Desktop\avast_free_73antivirus_setup.exe ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.04.28 23:52:03 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2013.04.28 23:49:09 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.04.2013 11:49:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel_47\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16546)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,59% Memory free
4,21 Gb Paging File | 3,07 Gb Available in Paging File | 73,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,59 Gb Total Space | 117,96 Gb Free Space | 79,38% Space Free | Partition Type: NTFS
Drive D: | 72,29 Gb Total Space | 72,21 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Computer Name: MARCEL_47-PC | User Name: Marcel_47 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CDC3762-C87E-4BA0-88BE-A67B6F67FB52}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe |
"{B3C233D1-1BDB-4932-9EE6-A558EDC399DA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E4B9E090-E7B5-470A-AB8B-3AB341F8EBAD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AEE2B3-F368-E3A8-9EBB-4465FED5ECCF}" = CCC Help Japanese
"{0D32CEAA-E78B-9E26-582F-D2261E440C11}" = Catalyst Control Center Localization Chinese Traditional
"{1CD220E7-1512-A5E1-327F-9607587B75AD}" = Catalyst Control Center Graphics Light
"{2ED7986A-FFCF-7CE8-8714-10FADD57F93E}" = CCC Help Dutch
"{3569D31A-9079-9242-5506-72E724897CCE}" = CCC Help Chinese Traditional
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E5948BC-A071-3C35-7DC4-31F5F293F35B}" = Catalyst Control Center Graphics Full New
"{418E2CBE-A6E4-7391-ABA0-B57CC95FB00A}" = Catalyst Control Center Localization Chinese Standard
"{42C5F6CE-D945-995C-033A-8401107567FA}" = CCC Help Spanish
"{43EA3C14-C1F7-A093-1F4D-362A09F9A63B}" = CCC Help German
"{44135984-1326-48ED-8071-BE0626892362}" = Catalyst Control Center Localization Italian
"{462F002C-0A03-6C5F-3475-228396D8F2AB}" = ccc-core-static
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{5375B71B-6413-0C4D-9EDF-B059FECF66F7}" = CCC Help Swedish
"{5A66C68A-42E6-BB9E-2EC7-5C170DD944E9}" = Catalyst Control Center Localization Dutch
"{5B622752-7D0C-D1F6-85FC-7CD5604E6FA2}" = Catalyst Control Center Localization Swedish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6BB19E5E-2AD7-B464-3B80-FB0CD8C504FB}" = Catalyst Control Center Graphics Full Existing
"{71DAE231-77A6-A1A9-EE96-E2C965988C54}" = Catalyst Control Center Localization French
"{73B9678F-E73B-E49F-4E21-EB5C839A1503}" = CCC Help Italian
"{763A5318-9657-9D47-3750-59DC1B00315E}" = CCC Help Chinese Standard
"{7C379BEF-4E12-3224-B2E8-513363B99181}" = ccc-utility
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{8AC6C353-E7E2-163C-5C77-4D71F3A02443}" = CCC Help French
"{8AD67572-0AE2-0CAC-CD8B-17FBAC973901}" = ATI Catalyst Install Manager
"{8E4E938B-3D60-4F44-4E0A-CBC4259D96F9}" = CCC Help English
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95ED7549-7C66-A618-3100-B6999F6A79A4}" = Catalyst Control Center Localization German
"{960EED1D-8F37-9EF5-C2F2-19C19983658B}" = Catalyst Control Center Core Implementation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E55D626-6CC8-780C-248E-486574EB08B7}" = CCC Help Korean
"{A471D44A-03B3-7D4D-D302-00430F5E992A}" = Catalyst Control Center Localization Portuguese
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{ABC80104-036E-6193-566F-4308420A4005}" = Catalyst Control Center Graphics Previews Vista
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{B71ACC25-ED80-056C-8184-F3A282F00818}" = Catalyst Control Center Localization Japanese
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{D8CF7C31-55A2-03EA-4998-89B44D559BBD}" = CCC Help Portuguese
"{DEE7AE5E-A8D1-05CF-5383-E5DC68486A54}" = Skins
"{E8673265-836F-796B-4923-27EC0D563810}" = Catalyst Control Center Localization Spanish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F252645C-3259-9DCC-C235-64562E08E868}" = Catalyst Control Center Localization Korean
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"avast" = avast! Free Antivirus
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Cradle of Rome" = Cradle of Rome (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"Poker Superstars II" = Poker Superstars II (remove only)
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Virtual Villagers" = Virtual Villagers (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.04.2013 12:30:41 | Computer Name = Marcel_47-PC | Source = Perflib | ID = 1008
Description =
Error - 28.04.2013 12:38:12 | Computer Name = Marcel_47-PC | Source = WerSvc | ID = 5007
Description =
Error - 28.04.2013 11:47:27 | Computer Name = Marcel_47-PC | Source = WerSvc | ID = 5007
Description =
Error - 28.04.2013 17:29:30 | Computer Name = Marcel_47-PC | Source = EventSystem | ID = 4621
Description =
Error - 29.04.2013 16:16:06 | Computer Name = Marcel_47-PC | Source = WerSvc | ID = 5007
Description =
Error - 29.04.2013 16:26:56 | Computer Name = Marcel_47-PC | Source = WerSvc | ID = 5007
Description =
Error - 29.04.2013 18:26:27 | Computer Name = Marcel_47-PC | Source = WerSvc | ID = 5007
Description =
Error - 29.04.2013 18:30:24 | Computer Name = Marcel_47-PC | Source = Perflib | ID = 1008
Description =
Error - 29.04.2013 18:30:24 | Computer Name = Marcel_47-PC | Source = Perflib | ID = 1010
Description =
Error - 30.04.2013 05:36:07 | Computer Name = Marcel_47-PC | Source = WerSvc | ID = 5007
Description =
[ System Events ]
Error - 30.04.2013 05:49:13 | Computer Name = Marcel_47-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 30.04.2013 05:49:13 | Computer Name = Marcel_47-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 30.04.2013 05:49:13 | Computer Name = Marcel_47-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 30.04.2013 05:49:13 | Computer Name = Marcel_47-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 30.04.2013 05:49:13 | Computer Name = Marcel_47-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 30.04.2013 05:49:13 | Computer Name = Marcel_47-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 30.04.2013 05:49:13 | Computer Name = Marcel_47-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 30.04.2013 05:49:13 | Computer Name = Marcel_47-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 30.04.2013 05:49:13 | Computer Name = Marcel_47-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 30.04.2013 05:49:13 | Computer Name = Marcel_47-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
< End of report >
Schritt 3 Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-30 12:02:40
-----------------------------
12:02:40.624 OS Version: Windows 6.0.6000
12:02:40.624 Number of processors: 2 586 0xF0D
12:02:40.624 ComputerName: MARCEL_47-PC UserName: Marcel_47
12:02:41.466 Initialize success
12:02:41.653 AVAST engine defs: 13042901
12:02:58.614 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:02:58.630 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
12:02:58.770 Disk 0 MBR read successfully
12:02:58.770 Disk 0 MBR scan
12:02:58.786 Disk 0 Windows VISTA default MBR code
12:02:58.801 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
12:02:58.801 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152155 MB offset 25167872
12:02:58.832 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 74030 MB offset 336781312
12:02:58.848 Disk 0 scanning sectors +488394752
12:02:58.926 Disk 0 scanning C:\Windows\system32\drivers
12:03:04.729 Service scanning
12:03:18.351 Modules scanning
12:03:22.380 Disk 0 trace - called modules:
12:03:22.941 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:03:22.957 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856a33d0]
12:03:22.957 3 ntkrnlpa.exe[820b07e2] -> nt!IofCallDriver -> [0x848176d0]
12:03:22.973 5 acpi.sys[8046932a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84819030]
12:03:23.675 AVAST engine scan C:\Windows
12:03:25.437 AVAST engine scan C:\Windows\system32
12:05:00.742 AVAST engine scan C:\Windows\system32\drivers
12:05:09.722 AVAST engine scan C:\Users\Marcel_47
12:05:36.632 AVAST engine scan C:\ProgramData
12:05:48.020 Scan finished successfully
12:06:55.016 Disk 0 MBR has been saved successfully to "C:\Users\Marcel_47\Desktop\MBR.dat"
12:06:55.025 The log file has been saved successfully to "C:\Users\Marcel_47\Desktop\aswMBR.txt"
 |
|
30.04.2013, 11:26
| #4 |
| /// Malwareteam | Versteckter Prozess (Rootkit) gefunden. Löschen? Hier kann ich nichts entdecken. Wir versuchen was anderes... FRST Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Mit Windows CD/DVD
Wähle in den Reparaturoptionen Eingabeaufforderung
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
30.04.2013, 11:46
| #5 |
| | Versteckter Prozess (Rootkit) gefunden. Löschen? Soooo... Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2013 Ran by SYSTEM on 30-04-2013 12:40:58 Running from G:\ Windows Vista (TM) Home Premium (X86) OS Language: English(US) Internet Explorer Version 7 Boot Mode: Recovery The current controlset is ControlSet001 ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1006264 2007-12-05] (Microsoft Corporation) HKLM\...\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [90112 2006-11-10] () HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [630784 2006-11-22] (Motorola Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40048 2007-05-10] (Adobe Systems Incorporated) HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-02-26] (Nero AG) HKLM\...\Run: [recinfo303] c:\RecInfo\RecInfo.exe [2764800 2007-10-23] () HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-03-06] (AVAST Software) HKU\Marcel_47\...\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe [ 2007-11-08] (Fujitsu Siemens Computers) HKU\Marcel_47\...\Run: [Google Update] "C:\Users\Marcel_47\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2013-04-28] (Google Inc.) ========================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-06] (AVAST Software) S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-19] () S2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x] S3 msiserver; %systemroot%\system32\msiexec /V [x] ==================== Drivers (Whitelisted) ==================== S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-03-06] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-03-06] (AVAST Software) S1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-03-06] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49248 2013-03-06] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-03-06] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368176 2013-03-06] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [62376 2013-03-06] (AVAST Software) S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [164736 2013-03-06] () S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [46592 2007-04-03] (Windows (R) Codename Longhorn DDK provider) S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.) S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-04-30 12:40 - 2013-04-30 12:40 - 00000000 ____D C:\FRST 2013-04-30 02:06 - 2013-04-30 02:06 - 00002026 ____A C:\Users\Marcel_47\Desktop\aswMBR.txt 2013-04-30 02:06 - 2013-04-30 02:06 - 00000512 ____A C:\Users\Marcel_47\Desktop\MBR.dat 2013-04-30 01:54 - 2013-04-30 01:54 - 00127070 ____A C:\Users\Marcel_47\Desktop\OTL.Txt 2013-04-30 01:54 - 2013-04-30 01:54 - 00025924 ____A C:\Users\Marcel_47\Desktop\Extras.Txt 2013-04-30 01:47 - 2013-04-30 01:47 - 00000000 ____A C:\Users\Marcel_47\Desktop\Neues Textdokument.txt 2013-04-30 01:42 - 2013-04-30 01:42 - 00000480 ____A C:\Users\Marcel_47\Desktop\defogger_disable.log 2013-04-30 01:42 - 2013-04-30 01:42 - 00000000 ____A C:\Users\Marcel_47\defogger_reenable 2013-04-30 01:38 - 2013-04-30 01:40 - 04745728 ____A (AVAST Software) C:\Users\Marcel_47\Desktop\aswMBR.exe 2013-04-30 01:38 - 2013-04-30 01:38 - 00602112 ____A (OldTimer Tools) C:\Users\Marcel_47\Desktop\OTL.exe 2013-04-30 01:37 - 2013-04-30 01:37 - 00050477 ____A C:\Users\Marcel_47\Desktop\Defogger.exe 2013-04-29 16:11 - 2013-04-29 16:11 - 00378368 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll 2013-04-29 16:10 - 2013-04-29 16:10 - 00268800 ____A (Microsoft Corporation) C:\Windows\System32\es.dll 2013-04-29 15:53 - 2013-04-29 15:53 - 00063260 ____A C:\Users\Marcel_47\Documents\Rootkit.log 2013-04-29 14:19 - 2013-04-29 14:19 - 00139000 ____A C:\Windows\Minidump\Mini043013-01.dmp 2013-04-29 14:19 - 2013-04-29 14:19 - 00000000 ____D C:\Windows\Minidump 2013-04-29 14:18 - 2013-04-29 14:19 - 260946798 ____A C:\Windows\MEMORY.DMP 2013-04-29 14:08 - 2013-04-29 14:09 - 00377856 ____A C:\Users\Marcel_47\Downloads\llikksn3.exe 2013-04-29 14:04 - 2013-04-29 14:12 - 32243712 ____A C:\Windows\ocsetup_install_NetFx3.etl 2013-04-29 14:04 - 2013-04-29 14:12 - 00196608 ____A C:\Windows\ocsetup_cbs_install_NetFx3.perf 2013-04-29 14:04 - 2013-04-29 14:12 - 00196608 ____A C:\Windows\ocsetup_cbs_install_NetFx3.dpx 2013-04-29 13:58 - 2013-04-29 13:58 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll 2013-04-29 13:58 - 2013-04-29 13:58 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\mscorier.dll 2013-04-29 13:58 - 2013-04-29 13:58 - 00096760 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll 2013-04-29 13:58 - 2013-04-29 13:58 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\mscories.dll 2013-04-29 13:58 - 2013-04-29 13:58 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll 2013-04-29 12:41 - 2013-04-29 12:41 - 00996352 ____A (Microsoft Corporation) C:\Windows\System32\WMNetMgr.dll 2013-04-29 12:41 - 2013-04-29 12:41 - 00094720 ____A (Microsoft Corporation) C:\Windows\System32\logagent.exe 2013-04-29 12:40 - 2013-04-29 12:40 - 00060928 ____A (Microsoft Corporation) C:\Windows\System32\msasn1.dll 2013-04-28 14:05 - 2013-04-28 14:05 - 00289792 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2013-04-28 14:05 - 2013-04-28 14:05 - 00156672 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll 2013-04-28 14:05 - 2013-04-28 14:05 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll 2013-04-28 14:05 - 2013-04-28 14:05 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2013-04-28 14:05 - 2013-04-28 14:05 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\lpk.dll 2013-04-28 14:05 - 2013-04-28 14:05 - 00010240 ____A (Microsoft Corporation) C:\Windows\System32\dciman32.dll 2013-04-28 14:04 - 2013-04-28 14:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\IPSECSVC.DLL 2013-04-28 14:04 - 2013-04-28 14:04 - 00306688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys 2013-04-28 14:04 - 2013-04-28 14:04 - 00272896 ____A (Microsoft Corporation) C:\Windows\System32\polstore.dll 2013-04-28 14:04 - 2013-04-28 14:04 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys 2013-04-28 14:04 - 2013-04-28 14:04 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\winipsec.dll 2013-04-28 14:04 - 2013-04-28 14:04 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\FwRemoteSvr.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 01657350 ____A C:\Windows\System32\wlan.tmf 2013-04-28 14:03 - 2013-04-28 14:03 - 00502272 ____A (Microsoft Corporation) C:\Windows\System32\wlansvc.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00297984 ____A (Microsoft Corporation) C:\Windows\System32\wlansec.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00290816 ____A (Microsoft Corporation) C:\Windows\System32\wlanmsm.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00241152 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceApi.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\WebClnt.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceTypes.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\L2SecHC.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00110080 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys 2013-04-28 14:03 - 2013-04-28 14:03 - 00095232 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceClassExtension.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\wlanhlp.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\wlanapi.dll 2013-04-28 14:02 - 2013-04-28 14:02 - 01406464 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2013-04-28 14:02 - 2013-04-28 14:02 - 01260032 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2013-04-28 14:02 - 2013-04-28 14:02 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml6r.dll 2013-04-28 14:02 - 2013-04-28 14:02 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2013-04-28 14:01 - 2013-04-28 14:01 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll 2013-04-28 14:01 - 2013-04-28 14:01 - 00211968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys 2013-04-28 14:01 - 2013-04-28 14:01 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys 2013-04-28 14:01 - 2013-04-28 14:01 - 00058368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys 2013-04-28 14:00 - 2013-04-28 14:00 - 03502480 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-04-28 14:00 - 2013-04-28 14:00 - 03468168 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-28 14:00 - 2013-04-28 14:00 - 02855424 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll 2013-04-28 14:00 - 2013-04-28 14:00 - 02433536 ____A (Microsoft Corporation) C:\Windows\System32\WMVCORE.DLL 2013-04-28 14:00 - 2013-04-28 14:00 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll 2013-04-28 14:00 - 2013-04-28 14:00 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe 2013-04-28 14:00 - 2013-04-28 14:00 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\mfpmp.exe 2013-04-28 14:00 - 2013-04-28 14:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\mferror.dll 2013-04-28 13:59 - 2013-04-28 13:59 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-28 13:58 - 2013-04-28 13:58 - 01060920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-28 13:58 - 2013-04-28 13:58 - 00297472 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll 2013-04-28 13:58 - 2013-04-28 13:58 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\atl.dll 2013-04-28 13:58 - 2013-04-28 13:58 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys 2013-04-28 13:57 - 2013-04-28 13:57 - 00500736 ____A (Microsoft Corporation) C:\Windows\System32\msdtcprx.dll 2013-04-28 13:57 - 2013-04-28 13:57 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\xolehlp.dll 2013-04-28 13:56 - 2013-04-28 13:56 - 01871872 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-28 13:56 - 2013-04-28 13:56 - 00156160 ____A (Microsoft Corporation) C:\Windows\System32\wkssvc.dll 2013-04-28 13:56 - 2013-04-28 13:56 - 00116736 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2013-04-28 13:56 - 2013-04-28 13:56 - 00036352 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2013-04-28 13:55 - 2013-04-28 13:55 - 00303616 ____A (Microsoft Corporation) C:\Windows\System32\wmpeffects.dll 2013-04-28 13:54 - 2013-04-28 13:54 - 00713728 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl 2013-04-28 13:54 - 2013-04-28 13:54 - 00425472 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2013-04-28 13:53 - 2013-04-28 13:53 - 01244672 ____A (Microsoft Corporation) C:\Windows\System32\mcmde.dll 2013-04-28 13:53 - 2013-04-28 13:53 - 00428032 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll 2013-04-28 13:53 - 2013-04-28 13:53 - 00292352 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll 2013-04-28 13:53 - 2013-04-28 13:53 - 00217088 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax 2013-04-28 13:53 - 2013-04-28 13:53 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax 2013-04-28 13:53 - 2013-04-28 13:53 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax 2013-04-28 13:53 - 2013-04-28 13:53 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax 2013-04-28 13:53 - 2013-04-28 13:53 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax 2013-04-28 13:52 - 2013-04-28 13:52 - 11315712 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-04-28 13:51 - 2013-04-28 13:51 - 00696832 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2013-04-28 13:50 - 2013-04-28 13:50 - 02923520 ____A (Microsoft Corporation) C:\Windows\explorer.exe 2013-04-28 13:50 - 2013-04-28 13:50 - 01233920 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2013-04-28 13:50 - 2013-04-28 13:50 - 00494592 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2013-04-28 13:50 - 2013-04-28 13:50 - 00408136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2013-04-28 13:50 - 2013-04-28 13:50 - 00272384 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2013-04-28 13:50 - 2013-04-28 13:50 - 00211000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys 2013-04-28 13:50 - 2013-04-28 13:50 - 00175104 ____A (Microsoft Corporation) C:\Windows\System32\wdigest.dll 2013-04-28 13:50 - 2013-04-28 13:50 - 00171520 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2013-04-28 13:50 - 2013-04-28 13:50 - 00154624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys 2013-04-28 13:50 - 2013-04-28 13:50 - 00109624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys 2013-04-28 13:50 - 2013-04-28 13:50 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll 2013-04-28 13:50 - 2013-04-28 13:50 - 00045112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys 2013-04-28 13:50 - 2013-04-28 13:50 - 00021560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys 2013-04-28 13:50 - 2013-04-28 13:50 - 00017464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys 2013-04-28 13:50 - 2013-04-28 13:50 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe 2013-04-28 13:49 - 2013-04-28 13:49 - 00654336 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe 2013-04-28 13:49 - 2013-04-28 13:49 - 00549888 ____A (Microsoft Corporation) C:\Windows\System32\rpcss.dll 2013-04-28 13:49 - 2013-04-28 13:49 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\sdohlp.dll 2013-04-28 13:49 - 2013-04-28 13:49 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\iasrecst.dll 2013-04-28 13:49 - 2013-04-28 13:49 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\iasads.dll 2013-04-28 13:49 - 2013-04-28 13:49 - 00037888 ____A (Microsoft Corporation) C:\Windows\System32\iasdatastore.dll 2013-04-28 13:49 - 2013-04-28 13:49 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll 2013-04-28 13:49 - 2013-04-28 13:49 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\netcfg.exe 2013-04-28 13:48 - 2013-04-28 13:48 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-04-28 13:48 - 2013-04-28 13:48 - 00543232 ____A (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL 2013-04-28 13:48 - 2013-04-28 13:48 - 00512000 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-28 13:48 - 2013-04-28 13:48 - 00416768 ____A (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL 2013-04-28 13:48 - 2013-04-28 13:48 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\BFE.DLL 2013-04-28 13:48 - 2013-04-28 13:48 - 00220672 ____A (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codecp.acm 2013-04-28 13:48 - 2013-04-28 13:48 - 00213896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2013-04-28 13:48 - 2013-04-28 13:48 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll 2013-04-28 13:48 - 2013-04-28 13:48 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\tcpipcfg.dll 2013-04-28 13:48 - 2013-04-28 13:48 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2013-04-28 13:48 - 2013-04-28 13:48 - 00062464 ____A (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm 2013-04-28 13:48 - 2013-04-28 13:48 - 00025088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys 2013-04-28 13:48 - 2013-04-28 13:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\netiougc.exe 2013-04-28 13:48 - 2013-04-28 13:48 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TUNMP.SYS 2013-04-28 13:47 - 2013-04-28 13:47 - 00875520 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-04-28 13:47 - 2013-04-28 13:47 - 00712192 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-04-28 13:47 - 2013-04-28 13:47 - 00425472 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll 2013-04-28 13:47 - 2013-04-28 13:47 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-04-28 13:47 - 2013-04-28 13:47 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe 2013-04-28 13:47 - 2013-04-28 13:47 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\WMASF.DLL 2013-04-28 13:47 - 2013-04-28 13:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\amxread.dll 2013-04-28 13:47 - 2013-04-28 13:47 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\apilogen.dll 2013-04-28 13:47 - 2013-04-28 13:47 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\LAPRXY.DLL 2013-04-28 13:47 - 2013-04-28 13:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\asferror.dll 2013-04-28 13:46 - 2013-04-28 13:46 - 02031104 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-28 13:46 - 2013-04-28 13:46 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-04-28 13:46 - 2013-04-28 13:46 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys 2013-04-28 13:46 - 2013-04-28 13:46 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\cabview.dll 2013-04-28 13:46 - 2013-04-28 13:46 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll 2013-04-28 13:46 - 2013-04-28 13:46 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\wshrm.dll 2013-04-28 13:45 - 2013-04-28 13:45 - 00523776 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe 2013-04-28 13:45 - 2013-04-28 13:45 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate.exe 2013-04-28 13:45 - 2013-04-28 13:45 - 00473088 ____A (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll 2013-04-28 13:45 - 2013-04-28 13:45 - 00472576 ____A (Microsoft Corporation) C:\Windows\System32\secproc.dll 2013-04-28 13:45 - 2013-04-28 13:45 - 00435712 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe 2013-04-28 13:45 - 2013-04-28 13:45 - 00431104 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe 2013-04-28 13:45 - 2013-04-28 13:45 - 00313344 ____A (Microsoft Corporation) C:\Windows\System32\wmpdxm.dll 2013-04-28 13:45 - 2013-04-28 13:45 - 00312320 ____A (Microsoft Corporation) C:\Windows\System32\msdrm.dll 2013-04-28 13:45 - 2013-04-28 13:45 - 00154624 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll 2013-04-28 13:45 - 2013-04-28 13:45 - 00154112 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll 2013-04-28 13:45 - 2013-04-28 13:45 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\msdxm.tlb 2013-04-28 13:45 - 2013-04-28 13:45 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\amcompat.tlb 2013-04-28 13:44 - 2013-04-28 13:44 - 04247552 ____A (Microsoft) C:\Windows\System32\GameUXLegacyGDFs.dll 2013-04-28 13:44 - 2013-04-28 13:44 - 01686528 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll 2013-04-28 13:44 - 2013-04-28 13:44 - 00558080 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll 2013-04-28 13:44 - 2013-04-28 13:44 - 00162816 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll 2013-04-28 13:44 - 2013-04-28 13:44 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll 2013-04-28 13:44 - 2013-04-28 13:44 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\Apphlpdm.dll 2013-04-28 13:44 - 2013-04-28 13:44 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe 2013-04-28 13:44 - 2013-04-28 13:44 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\sbunattend.exe 2013-04-28 13:43 - 2013-04-28 13:43 - 01645568 ____A (Microsoft Corporation) C:\Windows\System32\connect.dll 2013-04-28 13:43 - 2013-04-28 13:43 - 00788992 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll 2013-04-28 13:43 - 2013-04-28 13:43 - 00737792 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll 2013-04-28 13:43 - 2013-04-28 13:43 - 00396800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys 2013-04-28 13:43 - 2013-04-28 13:43 - 00084480 ____A (Microsoft Corporation) C:\Windows\System32\INETRES.dll 2013-04-28 13:43 - 2013-04-28 13:43 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\httpapi.dll 2013-04-28 13:43 - 2013-04-28 13:43 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\nshhttp.dll 2013-04-28 13:42 - 2013-04-28 13:42 - 00283712 ____A C:\Windows\msxml4-KB954430-enu.LOG 2013-04-28 13:42 - 2013-04-28 13:42 - 00130048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys 2013-04-28 13:41 - 2013-04-28 13:41 - 00321536 ____A (Microsoft Corporation) C:\Windows\System32\WSDApi.dll 2013-04-28 13:41 - 2013-04-28 13:41 - 00290332 ____A C:\Windows\msxml4-KB973688-enu.LOG 2013-04-28 13:41 - 2013-04-28 13:41 - 00274432 ____A (Microsoft Corporation) C:\Windows\System32\raschap.dll 2013-04-28 13:41 - 2013-04-28 13:41 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\rastls.dll 2013-04-28 13:41 - 2013-04-28 13:41 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe 2013-04-28 13:40 - 2013-04-28 13:40 - 01327616 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\msvfw32.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\avifil32.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\mciavi32.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\avicap32.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\iyuv_32.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\msvidc32.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\msyuv.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msrle32.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\tsbyuv.dll 2013-04-28 13:39 - 2013-04-28 13:39 - 10622464 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll 2013-04-28 13:39 - 2013-04-28 13:39 - 08147968 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL 2013-04-28 13:39 - 2013-04-28 13:39 - 00604672 ____A (Microsoft Corporation) C:\Windows\System32\WMSPDMOD.DLL 2013-04-28 13:39 - 2013-04-28 13:39 - 00311296 ____A (Microsoft Corporation) C:\Windows\System32\unregmp2.exe 2013-04-28 13:39 - 2013-04-28 13:39 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\spwmp.dll 2013-04-28 13:39 - 2013-04-28 13:39 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\msdxm.ocx 2013-04-28 13:39 - 2013-04-28 13:39 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\dxmasf.dll 2013-04-28 08:39 - 2013-04-28 08:40 - 00000000 ____D C:\Program Files\Google 2013-04-28 08:39 - 2013-04-28 08:39 - 00001835 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-04-28 08:39 - 2013-04-28 07:52 - 00000000 ____D C:\Users\Marcel_47\AppData\Local\Google 2013-04-28 08:39 - 2013-03-06 14:33 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-04-28 08:39 - 2013-03-06 14:33 - 00368176 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-04-28 08:39 - 2013-03-06 14:33 - 00164736 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-04-28 08:39 - 2013-03-06 14:33 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2013-04-28 08:39 - 2013-03-06 14:33 - 00062376 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2013-04-28 08:39 - 2013-03-06 14:33 - 00049760 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys 2013-04-28 08:39 - 2013-03-06 14:33 - 00049248 ____A C:\Windows\System32\Drivers\aswRvrt.sys 2013-04-28 08:39 - 2013-03-06 14:33 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2013-04-28 08:39 - 2013-03-06 14:32 - 00228600 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2013-04-28 08:38 - 2013-04-28 08:38 - 00000000 ____D C:ProgramData\AVAST Software 2013-04-28 08:38 - 2013-04-28 08:38 - 00000000 ____D C:\Program Files\AVAST Software 2013-04-28 08:38 - 2013-03-06 14:32 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr 2013-04-28 08:35 - 2013-04-28 08:36 - 00000000 ____D C:\Users\Marcel_47\AppData\Local\VirtualStore 2013-04-28 08:33 - 2013-04-28 08:37 - 00000000 ____D C:\Users\Marcel_47\AppData\Local\Adobe 2013-04-28 08:33 - 2013-04-28 08:33 - 00000000 ____D C:\Users\Marcel_47\AppData\Roaming\Adobe 2013-04-28 08:32 - 2013-04-28 08:32 - 00002172 ____A C:\Users\Public\Desktop\Microsoft Office – 60-Tage-Testversion.lnk 2013-04-28 08:32 - 2013-04-28 08:32 - 00000000 ____D C:ProgramData\fsc-reg 2013-04-28 08:32 - 2013-04-28 08:32 - 00000000 ____D C:ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} 2013-04-28 08:31 - 2013-04-28 08:32 - 00000000 ____D C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites 2013-04-28 08:31 - 2013-04-28 08:31 - 00001520 ____A C:\Users\Public\Desktop\eBay.lnk 2013-04-28 08:31 - 2013-04-28 08:31 - 00001406 ____A C:\Users\Marcel_47\Desktop\First Steps.lnk 2013-04-28 08:31 - 2013-04-28 08:31 - 00000000 ____D C:\Users\Marcel_47\AppData\Local\Seven Zip 2013-04-28 08:30 - 2013-04-29 12:16 - 00070744 ____A C:\Users\Marcel_47\AppData\Local\GDIPFONTCACHEV1.DAT 2013-04-28 08:30 - 2013-04-28 08:30 - 00000000 ____D C:\Users\Marcel_47\AppData\Roaming\ATI 2013-04-28 08:30 - 2013-04-28 08:30 - 00000000 ____D C:\Users\Marcel_47\AppData\Local\ATI 2013-04-28 08:29 - 2013-04-30 01:42 - 00000000 ____D C:\users\Marcel_47 2013-04-28 08:29 - 2013-04-28 08:29 - 00000020 ___SH C:\Users\Marcel_47\ntuser.ini 2013-04-28 08:29 - 2013-04-28 08:29 - 00000000 __SHD C:\Users\Marcel_47\Startmenü 2013-04-28 08:29 - 2013-04-28 08:29 - 00000000 __SHD C:\Users\Marcel_47\Netzwerkumgebung 2013-04-28 08:29 - 2013-04-28 08:29 - 00000000 __SHD C:\Users\Marcel_47\Druckumgebung 2013-04-28 08:29 - 2013-04-28 08:29 - 00000000 __SHD C:\Users\Marcel_47\Documents\Eigene Musik 2013-04-28 08:29 - 2013-04-28 08:29 - 00000000 __SHD C:\Users\Marcel_47\Documents\Eigene Bilder 2013-04-28 08:29 - 2013-04-28 08:29 - 00000000 __SHD C:\Users\Marcel_47\AppData\Local\Verlauf 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:ProgramData\Vorlagen 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:ProgramData\Startmenü 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:ProgramData\Favoriten 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:ProgramData\Dokumente 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:ProgramData\Anwendungsdaten 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Public\Documents\Eigene Musik 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Public\Documents\Eigene Bilder 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Default\Startmenü 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Default\Netzwerkumgebung 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Default\Druckumgebung 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Default\Documents\Eigene Musik 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Default\Documents\Eigene Bilder 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Default\AppData\Local\Verlauf 2013-04-28 08:21 - 2013-04-30 02:36 - 01958769 ____A C:\Windows\WindowsUpdate.log 2013-04-28 07:53 - 2013-04-28 07:55 - 00002060 ____A C:\Users\Marcel_47\Desktop\Google Chrome.lnk 2013-04-28 07:50 - 2013-04-30 02:06 - 00001136 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3646662971-690315786-1530752921-1000UA.job 2013-04-28 07:50 - 2013-04-28 08:06 - 00001084 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3646662971-690315786-1530752921-1000Core.job 2013-04-28 07:26 - 2013-03-11 15:10 - 00237088 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-04-28 06:34 - 2013-04-28 06:34 - 00739856 ____A (Google Inc.) C:\Users\Marcel_47\Desktop\chrome_installer141043.exe 2013-04-28 06:32 - 2013-02-24 12:02 - 152249762 ____A C:\Users\Marcel_47\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe 2013-04-28 06:30 - 2013-04-27 09:42 - 00024064 ____A C:\Users\Marcel_47\Desktop\Ausgaben.xls 2013-04-28 06:27 - 2013-04-28 08:36 - 00000000 ____D C:\Users\Marcel_47\Desktop\Marcels Geschenk 2013-04-28 06:27 - 2013-04-28 08:36 - 00000000 ____D C:\Users\Marcel_47\Desktop\Job Uni 2013-04-28 06:27 - 2013-04-28 08:36 - 00000000 ____D C:\Users\Marcel_47\Desktop\Hasi 2013-04-28 06:26 - 2013-04-27 08:30 - 00525669 ____A C:\Users\Marcel_47\Desktop\El Senor v. Chr.-0200.CivBeyondSwordSave 2013-04-28 06:26 - 2013-04-27 03:30 - 00510507 ____A C:\Users\Marcel_47\Desktop\Khan, Dschinghis n. Chr.-1780.CivBeyondSwordSave 2013-04-22 10:43 - 2013-04-22 10:47 - 115054456 ____A C:\Users\Marcel_47\Desktop\avast_free_73antivirus_setup.exe ==================== One Month Modified Files and Folders ======== 2013-04-30 12:40 - 2013-04-30 12:40 - 00000000 ____D C:\FRST 2013-04-30 02:36 - 2013-04-28 08:21 - 01958769 ____A C:\Windows\WindowsUpdate.log 2013-04-30 02:36 - 2006-11-02 05:01 - 00005350 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-04-30 02:36 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-30 02:35 - 2006-11-02 02:33 - 01461736 ____A C:\Windows\System32\PerfStringBackup.INI 2013-04-30 02:30 - 2006-11-02 04:47 - 00003072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-04-30 02:30 - 2006-11-02 04:47 - 00003072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-04-30 02:06 - 2013-04-30 02:06 - 00002026 ____A C:\Users\Marcel_47\Desktop\aswMBR.txt 2013-04-30 02:06 - 2013-04-30 02:06 - 00000512 ____A C:\Users\Marcel_47\Desktop\MBR.dat 2013-04-30 02:06 - 2013-04-28 07:50 - 00001136 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3646662971-690315786-1530752921-1000UA.job 2013-04-30 01:54 - 2013-04-30 01:54 - 00127070 ____A C:\Users\Marcel_47\Desktop\OTL.Txt 2013-04-30 01:54 - 2013-04-30 01:54 - 00025924 ____A C:\Users\Marcel_47\Desktop\Extras.Txt 2013-04-30 01:47 - 2013-04-30 01:47 - 00000000 ____A C:\Users\Marcel_47\Desktop\Neues Textdokument.txt 2013-04-30 01:42 - 2013-04-30 01:42 - 00000480 ____A C:\Users\Marcel_47\Desktop\defogger_disable.log 2013-04-30 01:42 - 2013-04-30 01:42 - 00000000 ____A C:\Users\Marcel_47\defogger_reenable 2013-04-30 01:42 - 2013-04-28 08:29 - 00000000 ____D C:\users\Marcel_47 2013-04-30 01:40 - 2013-04-30 01:38 - 04745728 ____A (AVAST Software) C:\Users\Marcel_47\Desktop\aswMBR.exe 2013-04-30 01:38 - 2013-04-30 01:38 - 00602112 ____A (OldTimer Tools) C:\Users\Marcel_47\Desktop\OTL.exe 2013-04-30 01:37 - 2013-04-30 01:37 - 00050477 ____A C:\Users\Marcel_47\Desktop\Defogger.exe 2013-04-29 16:11 - 2013-04-29 16:11 - 00378368 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll 2013-04-29 16:10 - 2013-04-29 16:10 - 00268800 ____A (Microsoft Corporation) C:\Windows\System32\es.dll 2013-04-29 16:10 - 2006-11-02 07:31 - 00000000 ____D C:\Windows\System32\Drivers\de-DE 2013-04-29 16:10 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\de-DE 2013-04-29 16:10 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache 2013-04-29 15:53 - 2013-04-29 15:53 - 00063260 ____A C:\Users\Marcel_47\Documents\Rootkit.log 2013-04-29 14:35 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-04-29 14:19 - 2013-04-29 14:19 - 00139000 ____A C:\Windows\Minidump\Mini043013-01.dmp 2013-04-29 14:19 - 2013-04-29 14:19 - 00000000 ____D C:\Windows\Minidump 2013-04-29 14:19 - 2013-04-29 14:18 - 260946798 ____A C:\Windows\MEMORY.DMP 2013-04-29 14:12 - 2013-04-29 14:04 - 32243712 ____A C:\Windows\ocsetup_install_NetFx3.etl 2013-04-29 14:12 - 2013-04-29 14:04 - 00196608 ____A C:\Windows\ocsetup_cbs_install_NetFx3.perf 2013-04-29 14:12 - 2013-04-29 14:04 - 00196608 ____A C:\Windows\ocsetup_cbs_install_NetFx3.dpx 2013-04-29 14:09 - 2013-04-29 14:08 - 00377856 ____A C:\Users\Marcel_47\Downloads\llikksn3.exe 2013-04-29 13:58 - 2013-04-29 13:58 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll 2013-04-29 13:58 - 2013-04-29 13:58 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\mscorier.dll 2013-04-29 13:58 - 2013-04-29 13:58 - 00096760 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll 2013-04-29 13:58 - 2013-04-29 13:58 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\mscories.dll 2013-04-29 13:58 - 2013-04-29 13:58 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll 2013-04-29 12:41 - 2013-04-29 12:41 - 00996352 ____A (Microsoft Corporation) C:\Windows\System32\WMNetMgr.dll 2013-04-29 12:41 - 2013-04-29 12:41 - 00094720 ____A (Microsoft Corporation) C:\Windows\System32\logagent.exe 2013-04-29 12:40 - 2013-04-29 12:40 - 00060928 ____A (Microsoft Corporation) C:\Windows\System32\msasn1.dll 2013-04-29 12:17 - 2006-11-02 04:50 - 00000749 __RAH C:\Windows\WindowsShell.Manifest 2013-04-29 12:17 - 2006-11-02 04:50 - 00000174 __ASH C:\Users\Public\desktop.ini 2013-04-29 12:17 - 2006-11-02 04:50 - 00000174 __ASH C:\users\desktop.ini 2013-04-29 12:17 - 2006-11-02 04:50 - 00000174 __ASH C:\Program Files\desktop.ini 2013-04-29 12:16 - 2013-04-28 08:30 - 00070744 ____A C:\Users\Marcel_47\AppData\Local\GDIPFONTCACHEV1.DAT 2013-04-29 11:10 - 2006-11-02 04:47 - 00298088 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-29 11:08 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Sidebar 2013-04-29 11:08 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Movie Maker 2013-04-28 14:05 - 2013-04-28 14:05 - 00289792 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2013-04-28 14:05 - 2013-04-28 14:05 - 00156672 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll 2013-04-28 14:05 - 2013-04-28 14:05 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll 2013-04-28 14:05 - 2013-04-28 14:05 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2013-04-28 14:05 - 2013-04-28 14:05 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\lpk.dll 2013-04-28 14:05 - 2013-04-28 14:05 - 00010240 ____A (Microsoft Corporation) C:\Windows\System32\dciman32.dll 2013-04-28 14:04 - 2013-04-28 14:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\IPSECSVC.DLL 2013-04-28 14:04 - 2013-04-28 14:04 - 00306688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys 2013-04-28 14:04 - 2013-04-28 14:04 - 00272896 ____A (Microsoft Corporation) C:\Windows\System32\polstore.dll 2013-04-28 14:04 - 2013-04-28 14:04 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys 2013-04-28 14:04 - 2013-04-28 14:04 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\winipsec.dll 2013-04-28 14:04 - 2013-04-28 14:04 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\FwRemoteSvr.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 01657350 ____A C:\Windows\System32\wlan.tmf 2013-04-28 14:03 - 2013-04-28 14:03 - 00502272 ____A (Microsoft Corporation) C:\Windows\System32\wlansvc.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00297984 ____A (Microsoft Corporation) C:\Windows\System32\wlansec.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00290816 ____A (Microsoft Corporation) C:\Windows\System32\wlanmsm.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00241152 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceApi.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\WebClnt.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceTypes.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\L2SecHC.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00110080 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys 2013-04-28 14:03 - 2013-04-28 14:03 - 00095232 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceClassExtension.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\wlanhlp.dll 2013-04-28 14:03 - 2013-04-28 14:03 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\wlanapi.dll 2013-04-28 14:02 - 2013-04-28 14:02 - 01406464 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2013-04-28 14:02 - 2013-04-28 14:02 - 01260032 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2013-04-28 14:02 - 2013-04-28 14:02 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml6r.dll 2013-04-28 14:02 - 2013-04-28 14:02 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2013-04-28 14:01 - 2013-04-28 14:01 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll 2013-04-28 14:01 - 2013-04-28 14:01 - 00211968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys 2013-04-28 14:01 - 2013-04-28 14:01 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys 2013-04-28 14:01 - 2013-04-28 14:01 - 00058368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys 2013-04-28 14:00 - 2013-04-28 14:00 - 03502480 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-04-28 14:00 - 2013-04-28 14:00 - 03468168 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-28 14:00 - 2013-04-28 14:00 - 02855424 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll 2013-04-28 14:00 - 2013-04-28 14:00 - 02433536 ____A (Microsoft Corporation) C:\Windows\System32\WMVCORE.DLL 2013-04-28 14:00 - 2013-04-28 14:00 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll 2013-04-28 14:00 - 2013-04-28 14:00 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe 2013-04-28 14:00 - 2013-04-28 14:00 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\mfpmp.exe 2013-04-28 14:00 - 2013-04-28 14:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\mferror.dll 2013-04-28 13:59 - 2013-04-28 13:59 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-28 13:58 - 2013-04-28 13:58 - 01060920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-28 13:58 - 2013-04-28 13:58 - 00297472 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll 2013-04-28 13:58 - 2013-04-28 13:58 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\atl.dll 2013-04-28 13:58 - 2013-04-28 13:58 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys 2013-04-28 13:57 - 2013-04-28 13:57 - 00500736 ____A (Microsoft Corporation) C:\Windows\System32\msdtcprx.dll 2013-04-28 13:57 - 2013-04-28 13:57 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\xolehlp.dll 2013-04-28 13:56 - 2013-04-28 13:56 - 01871872 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-28 13:56 - 2013-04-28 13:56 - 00156160 ____A (Microsoft Corporation) C:\Windows\System32\wkssvc.dll 2013-04-28 13:56 - 2013-04-28 13:56 - 00116736 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2013-04-28 13:56 - 2013-04-28 13:56 - 00036352 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2013-04-28 13:55 - 2013-04-28 13:55 - 00303616 ____A (Microsoft Corporation) C:\Windows\System32\wmpeffects.dll 2013-04-28 13:54 - 2013-04-28 13:54 - 00713728 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl 2013-04-28 13:54 - 2013-04-28 13:54 - 00425472 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2013-04-28 13:53 - 2013-04-28 13:53 - 01244672 ____A (Microsoft Corporation) C:\Windows\System32\mcmde.dll 2013-04-28 13:53 - 2013-04-28 13:53 - 00428032 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll 2013-04-28 13:53 - 2013-04-28 13:53 - 00292352 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll 2013-04-28 13:53 - 2013-04-28 13:53 - 00217088 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax 2013-04-28 13:53 - 2013-04-28 13:53 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax 2013-04-28 13:53 - 2013-04-28 13:53 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax 2013-04-28 13:53 - 2013-04-28 13:53 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax 2013-04-28 13:53 - 2013-04-28 13:53 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax 2013-04-28 13:52 - 2013-04-28 13:52 - 11315712 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-04-28 13:51 - 2013-04-28 13:51 - 00696832 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2013-04-28 13:50 - 2013-04-28 13:50 - 02923520 ____A (Microsoft Corporation) C:\Windows\explorer.exe 2013-04-28 13:50 - 2013-04-28 13:50 - 01233920 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2013-04-28 13:50 - 2013-04-28 13:50 - 00494592 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2013-04-28 13:50 - 2013-04-28 13:50 - 00408136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2013-04-28 13:50 - 2013-04-28 13:50 - 00272384 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2013-04-28 13:50 - 2013-04-28 13:50 - 00211000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys 2013-04-28 13:50 - 2013-04-28 13:50 - 00175104 ____A (Microsoft Corporation) C:\Windows\System32\wdigest.dll 2013-04-28 13:50 - 2013-04-28 13:50 - 00171520 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2013-04-28 13:50 - 2013-04-28 13:50 - 00154624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys 2013-04-28 13:50 - 2013-04-28 13:50 - 00109624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys 2013-04-28 13:50 - 2013-04-28 13:50 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll 2013-04-28 13:50 - 2013-04-28 13:50 - 00045112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys 2013-04-28 13:50 - 2013-04-28 13:50 - 00021560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys 2013-04-28 13:50 - 2013-04-28 13:50 - 00017464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys 2013-04-28 13:50 - 2013-04-28 13:50 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe 2013-04-28 13:49 - 2013-04-28 13:49 - 00654336 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe 2013-04-28 13:49 - 2013-04-28 13:49 - 00549888 ____A (Microsoft Corporation) C:\Windows\System32\rpcss.dll 2013-04-28 13:49 - 2013-04-28 13:49 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\sdohlp.dll 2013-04-28 13:49 - 2013-04-28 13:49 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\iasrecst.dll 2013-04-28 13:49 - 2013-04-28 13:49 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\iasads.dll 2013-04-28 13:49 - 2013-04-28 13:49 - 00037888 ____A (Microsoft Corporation) C:\Windows\System32\iasdatastore.dll 2013-04-28 13:49 - 2013-04-28 13:49 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll 2013-04-28 13:49 - 2013-04-28 13:49 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\netcfg.exe 2013-04-28 13:48 - 2013-04-28 13:48 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-04-28 13:48 - 2013-04-28 13:48 - 00543232 ____A (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL 2013-04-28 13:48 - 2013-04-28 13:48 - 00512000 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-28 13:48 - 2013-04-28 13:48 - 00416768 ____A (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL 2013-04-28 13:48 - 2013-04-28 13:48 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\BFE.DLL 2013-04-28 13:48 - 2013-04-28 13:48 - 00220672 ____A (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codecp.acm 2013-04-28 13:48 - 2013-04-28 13:48 - 00213896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2013-04-28 13:48 - 2013-04-28 13:48 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll 2013-04-28 13:48 - 2013-04-28 13:48 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\tcpipcfg.dll 2013-04-28 13:48 - 2013-04-28 13:48 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2013-04-28 13:48 - 2013-04-28 13:48 - 00062464 ____A (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm 2013-04-28 13:48 - 2013-04-28 13:48 - 00025088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys 2013-04-28 13:48 - 2013-04-28 13:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\netiougc.exe 2013-04-28 13:48 - 2013-04-28 13:48 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TUNMP.SYS 2013-04-28 13:47 - 2013-04-28 13:47 - 00875520 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-04-28 13:47 - 2013-04-28 13:47 - 00712192 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-04-28 13:47 - 2013-04-28 13:47 - 00425472 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll 2013-04-28 13:47 - 2013-04-28 13:47 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-04-28 13:47 - 2013-04-28 13:47 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe 2013-04-28 13:47 - 2013-04-28 13:47 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\WMASF.DLL 2013-04-28 13:47 - 2013-04-28 13:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\amxread.dll 2013-04-28 13:47 - 2013-04-28 13:47 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\apilogen.dll 2013-04-28 13:47 - 2013-04-28 13:47 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\LAPRXY.DLL 2013-04-28 13:47 - 2013-04-28 13:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\asferror.dll 2013-04-28 13:46 - 2013-04-28 13:46 - 02031104 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-28 13:46 - 2013-04-28 13:46 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-04-28 13:46 - 2013-04-28 13:46 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys 2013-04-28 13:46 - 2013-04-28 13:46 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\cabview.dll 2013-04-28 13:46 - 2013-04-28 13:46 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll 2013-04-28 13:46 - 2013-04-28 13:46 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\wshrm.dll 2013-04-28 13:45 - 2013-04-28 13:45 - 00523776 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe 2013-04-28 13:45 - 2013-04-28 13:45 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate.exe 2013-04-28 13:45 - 2013-04-28 13:45 - 00473088 ____A (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll 2013-04-28 13:45 - 2013-04-28 13:45 - 00472576 ____A (Microsoft Corporation) C:\Windows\System32\secproc.dll 2013-04-28 13:45 - 2013-04-28 13:45 - 00435712 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe 2013-04-28 13:45 - 2013-04-28 13:45 - 00431104 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe 2013-04-28 13:45 - 2013-04-28 13:45 - 00313344 ____A (Microsoft Corporation) C:\Windows\System32\wmpdxm.dll 2013-04-28 13:45 - 2013-04-28 13:45 - 00312320 ____A (Microsoft Corporation) C:\Windows\System32\msdrm.dll 2013-04-28 13:45 - 2013-04-28 13:45 - 00154624 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll 2013-04-28 13:45 - 2013-04-28 13:45 - 00154112 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll 2013-04-28 13:45 - 2013-04-28 13:45 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\msdxm.tlb 2013-04-28 13:45 - 2013-04-28 13:45 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\amcompat.tlb 2013-04-28 13:44 - 2013-04-28 13:44 - 04247552 ____A (Microsoft) C:\Windows\System32\GameUXLegacyGDFs.dll 2013-04-28 13:44 - 2013-04-28 13:44 - 01686528 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll 2013-04-28 13:44 - 2013-04-28 13:44 - 00558080 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll 2013-04-28 13:44 - 2013-04-28 13:44 - 00162816 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll 2013-04-28 13:44 - 2013-04-28 13:44 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll 2013-04-28 13:44 - 2013-04-28 13:44 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\Apphlpdm.dll 2013-04-28 13:44 - 2013-04-28 13:44 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe 2013-04-28 13:44 - 2013-04-28 13:44 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\sbunattend.exe 2013-04-28 13:43 - 2013-04-28 13:43 - 01645568 ____A (Microsoft Corporation) C:\Windows\System32\connect.dll 2013-04-28 13:43 - 2013-04-28 13:43 - 00788992 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll 2013-04-28 13:43 - 2013-04-28 13:43 - 00737792 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll 2013-04-28 13:43 - 2013-04-28 13:43 - 00396800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys 2013-04-28 13:43 - 2013-04-28 13:43 - 00084480 ____A (Microsoft Corporation) C:\Windows\System32\INETRES.dll 2013-04-28 13:43 - 2013-04-28 13:43 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\httpapi.dll 2013-04-28 13:43 - 2013-04-28 13:43 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\nshhttp.dll 2013-04-28 13:42 - 2013-04-28 13:42 - 00283712 ____A C:\Windows\msxml4-KB954430-enu.LOG 2013-04-28 13:42 - 2013-04-28 13:42 - 00130048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys 2013-04-28 13:41 - 2013-04-28 13:41 - 00321536 ____A (Microsoft Corporation) C:\Windows\System32\WSDApi.dll 2013-04-28 13:41 - 2013-04-28 13:41 - 00290332 ____A C:\Windows\msxml4-KB973688-enu.LOG 2013-04-28 13:41 - 2013-04-28 13:41 - 00274432 ____A (Microsoft Corporation) C:\Windows\System32\raschap.dll 2013-04-28 13:41 - 2013-04-28 13:41 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\rastls.dll 2013-04-28 13:41 - 2013-04-28 13:41 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe 2013-04-28 13:40 - 2013-04-28 13:40 - 01327616 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\msvfw32.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\avifil32.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\mciavi32.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\avicap32.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\iyuv_32.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\msvidc32.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\msyuv.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msrle32.dll 2013-04-28 13:40 - 2013-04-28 13:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\tsbyuv.dll 2013-04-28 13:39 - 2013-04-28 13:39 - 10622464 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll 2013-04-28 13:39 - 2013-04-28 13:39 - 08147968 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL 2013-04-28 13:39 - 2013-04-28 13:39 - 00604672 ____A (Microsoft Corporation) C:\Windows\System32\WMSPDMOD.DLL 2013-04-28 13:39 - 2013-04-28 13:39 - 00311296 ____A (Microsoft Corporation) C:\Windows\System32\unregmp2.exe 2013-04-28 13:39 - 2013-04-28 13:39 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\spwmp.dll 2013-04-28 13:39 - 2013-04-28 13:39 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\msdxm.ocx 2013-04-28 13:39 - 2013-04-28 13:39 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\dxmasf.dll 2013-04-28 08:40 - 2013-04-28 08:39 - 00000000 ____D C:\Program Files\Google 2013-04-28 08:39 - 2013-04-28 08:39 - 00001835 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-04-28 08:39 - 2006-11-02 02:23 - 00002577 ____A C:\Windows\System32\config.nt 2013-04-28 08:38 - 2013-04-28 08:38 - 00000000 ____D C:ProgramData\AVAST Software 2013-04-28 08:38 - 2013-04-28 08:38 - 00000000 ____D C:\Program Files\AVAST Software 2013-04-28 08:38 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\restore 2013-04-28 08:37 - 2013-04-28 08:33 - 00000000 ____D C:\Users\Marcel_47\AppData\Local\Adobe 2013-04-28 08:36 - 2013-04-28 08:35 - 00000000 ____D C:\Users\Marcel_47\AppData\Local\VirtualStore 2013-04-28 08:36 - 2013-04-28 06:27 - 00000000 ____D C:\Users\Marcel_47\Desktop\Marcels Geschenk 2013-04-28 08:36 - 2013-04-28 06:27 - 00000000 ____D C:\Users\Marcel_47\Desktop\Job Uni 2013-04-28 08:36 - 2013-04-28 06:27 - 00000000 ____D C:\Users\Marcel_47\Desktop\Hasi 2013-04-28 08:33 - 2013-04-28 08:33 - 00000000 ____D C:\Users\Marcel_47\AppData\Roaming\Adobe 2013-04-28 08:32 - 2013-04-28 08:32 - 00002172 ____A C:\Users\Public\Desktop\Microsoft Office – 60-Tage-Testversion.lnk 2013-04-28 08:32 - 2013-04-28 08:32 - 00000000 ____D C:ProgramData\fsc-reg 2013-04-28 08:32 - 2013-04-28 08:32 - 00000000 ____D C:ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} 2013-04-28 08:32 - 2013-04-28 08:31 - 00000000 ____D C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites 2013-04-28 08:31 - 2013-04-28 08:31 - 00001520 ____A C:\Users\Public\Desktop\eBay.lnk 2013-04-28 08:31 - 2013-04-28 08:31 - 00001406 ____A C:\Users\Marcel_47\Desktop\First Steps.lnk 2013-04-28 08:31 - 2013-04-28 08:31 - 00000000 ____D C:\Users\Marcel_47\AppData\Local\Seven Zip 2013-04-28 08:31 - 2006-11-02 04:52 - 00014481 ____A C:\Windows\setupact.log 2013-04-28 08:31 - 2000-01-11 11:09 - 00000000 ____D C:\FirstSteps 2013-04-28 08:31 - 2000-01-11 11:09 - 00000000 ____D C:\ebay 2013-04-28 08:30 - 2013-04-28 08:30 - 00000000 ____D C:\Users\Marcel_47\AppData\Roaming\ATI 2013-04-28 08:30 - 2013-04-28 08:30 - 00000000 ____D C:\Users\Marcel_47\AppData\Local\ATI 2013-04-28 08:29 - 2013-04-28 08:29 - 00000020 ___SH C:\Users\Marcel_47\ntuser.ini 2013-04-28 08:29 - 2013-04-28 08:29 - 00000000 __SHD C:\Users\Marcel_47\Startmenü 2013-04-28 08:29 - 2013-04-28 08:29 - 00000000 __SHD C:\Users\Marcel_47\Netzwerkumgebung 2013-04-28 08:29 - 2013-04-28 08:29 - 00000000 __SHD C:\Users\Marcel_47\Druckumgebung 2013-04-28 08:29 - 2013-04-28 08:29 - 00000000 __SHD C:\Users\Marcel_47\Documents\Eigene Musik 2013-04-28 08:29 - 2013-04-28 08:29 - 00000000 __SHD C:\Users\Marcel_47\Documents\Eigene Bilder 2013-04-28 08:29 - 2013-04-28 08:29 - 00000000 __SHD C:\Users\Marcel_47\AppData\Local\Verlauf 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:ProgramData\Vorlagen 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:ProgramData\Startmenü 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:ProgramData\Favoriten 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:ProgramData\Dokumente 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:ProgramData\Anwendungsdaten 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Public\Documents\Eigene Musik 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Public\Documents\Eigene Bilder 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Default\Startmenü 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Default\Netzwerkumgebung 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Default\Druckumgebung 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Default\Documents\Eigene Musik 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Default\Documents\Eigene Bilder 2013-04-28 08:25 - 2013-04-28 08:25 - 00000000 __SHD C:\Users\Default\AppData\Local\Verlauf 2013-04-28 08:25 - 2006-11-02 03:18 - 00000000 __RHD C:\users\Default 2013-04-28 08:25 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Windows NT 2013-04-28 08:21 - 2007-12-06 03:52 - 00000000 ____D C:\Windows\Panther 2013-04-28 08:20 - 2007-12-05 18:54 - 00003540 ____A C:\Windows\TSSysprep.log 2013-04-28 08:19 - 2006-11-02 04:48 - 00002856 ____A C:\Windows\DtcInstall.log 2013-04-28 08:06 - 2013-04-28 07:50 - 00001084 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3646662971-690315786-1530752921-1000Core.job 2013-04-28 08:05 - 2007-12-05 20:11 - 00000000 ____D C:ProgramData\Symantec 2013-04-28 07:55 - 2013-04-28 07:53 - 00002060 ____A C:\Users\Marcel_47\Desktop\Google Chrome.lnk 2013-04-28 07:52 - 2013-04-28 08:39 - 00000000 ____D C:\Users\Marcel_47\AppData\Local\Google 2013-04-28 07:46 - 2007-12-05 20:25 - 00041960 ____A C:\Windows\PFRO.log 2013-04-28 07:46 - 2006-11-02 03:18 - 00000000 ___SD C:ProgramData\Microsoft 2013-04-28 07:05 - 2007-12-05 20:11 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2013-04-28 06:34 - 2013-04-28 06:34 - 00739856 ____A (Google Inc.) C:\Users\Marcel_47\Desktop\chrome_installer141043.exe 2013-04-27 09:42 - 2013-04-28 06:30 - 00024064 ____A C:\Users\Marcel_47\Desktop\Ausgaben.xls 2013-04-27 08:30 - 2013-04-28 06:26 - 00525669 ____A C:\Users\Marcel_47\Desktop\El Senor v. Chr.-0200.CivBeyondSwordSave 2013-04-27 03:30 - 2013-04-28 06:26 - 00510507 ____A C:\Users\Marcel_47\Desktop\Khan, Dschinghis n. Chr.-1780.CivBeyondSwordSave 2013-04-22 10:47 - 2013-04-22 10:43 - 115054456 ____A C:\Users\Marcel_47\Desktop\avast_free_73antivirus_setup.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-28 07:25:54 Restore point made on: 2013-04-28 08:38:20 Restore point made on: 2013-04-28 13:37:19 Restore point made on: 2013-04-29 12:39:22 Restore point made on: 2013-04-29 16:10:05 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 2045.81 MB Available physical RAM: 1644.55 MB Total Pagefile: 1832.69 MB Available Pagefile: 1695.4 MB Total Virtual: 2047.88 MB Available Virtual: 1975.71 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:148.59 GB) (Free:117.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Data) (Fixed) (Total:72.29 GB) (Free:72.21 GB) NTFS Drive f: (WinRE) (Fixed) (Total:12 GB) (Free:5.41 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive g: () (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Datentr ### Status Gr”áe Frei Dyn GPT -------- ---------- ------- ------- --- --- 0 Online 233 GB 1177 KB 1 Online 3825 MB 0 B ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (MBR Code: Windows Vista) (Size: 233 GB) (Disk ID: 03E145A4) Partition 1: (Not Active) - (Size=12 GB) - (Type=27) Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=72 GB) - (Type=07 NTFS) ==================================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) Last Boot: 2013-04-30 01:35 ==================== End Of Log ============================ |
|
30.04.2013, 11:55
| #6 |
| /// Malwareteam | Versteckter Prozess (Rootkit) gefunden. Löschen? Ich kann hier nichts entdecken... Sieht ganz gut aus - kontrollieren wir alles nochmal! Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ --> Versteckter Prozess (Rootkit) gefunden. Löschen? |
|
30.04.2013, 12:03
| #7 |
| | Versteckter Prozess (Rootkit) gefunden. Löschen? Wie kann ich Malwarebytes downloaden? Da steht zwar, der Download würde vorbereitet, jedoch passiert nichts. |
|
30.04.2013, 12:05
| #8 |
| /// Malwareteam | Versteckter Prozess (Rootkit) gefunden. Löschen?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
30.04.2013, 12:23
| #9 |
| | Versteckter Prozess (Rootkit) gefunden. Löschen? Gut, das dauert offensichtlich noch etwas Sooo Malwarebytes scheint nichts gefunden zu haben: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.30.02 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16546 Marcel_47 :: MARCEL_47-PC [Administrator] 30.04.2013 13:11:05 mbam-log-2013-04-30 (13-11-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 280073 Laufzeit: 1 Stunde(n), 5 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) In Schritt 2 wurden auch keine Bedrohungen gefunden, hier konnte ich auch keinen Logfile erstellen. Kann es sein dass das Rootkit verschwunden ist als ich meinen Laptop auf den Auslieferungszustand wiederhergestellt habe? Bevor ich das tat, bekam ich STÄNDIG von Avast eine Warnung, dass ein Rootkit gefunden wurde, aber wie erklärt sich dann der gefundene Prozess von Gmer? Ein Fehlalarm? Und wenn jetzt alles in Ordnung ist, muss ich dann etwas Re-enablen beim defogger? |
|
02.05.2013, 07:17
| #10 |
| /// Malwareteam | Versteckter Prozess (Rootkit) gefunden. Löschen? Ach, du HAST das Gerät bereits zurückgesetzt. OK, damit hast du sämtlichen Schädlingen den Garaus gemacht. Im MBR der Festplatte versteckt sich auch nix, also können wir nachbereiten. Adobe Reader update Dein Adobe Reader ist veraltet. Da einige Schädlinge die Schwachstellen in veralteten Versionen nutzen, werden wir sie aktualisieren.
Defogger re-enable Starte bitte den Defogger und klicke den re-enable Button OTL Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Hier noch ein paar Tipps zur Absicherung deines Systems. Aktualität Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
02.05.2013, 10:50
| #11 |
| | Versteckter Prozess (Rootkit) gefunden. Löschen? So, alles erledigt. Ich danke dir für deine super schnelle und super Hilfe und die nützlichen Programme. |
|
02.05.2013, 11:58
| #12 |
| /// Malwareteam | Versteckter Prozess (Rootkit) gefunden. Löschen? Schön, dass wir helfen konnten!  Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und ein eigenes Thema erstellen!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Versteckter Prozess (Rootkit) gefunden. Löschen? |
| appdata, avast, community, device, driver, forum, gmer, gmer log auswertung, google, harddisk, ide, löschen, löschen?, nachfrage, programm, protection, prozess, richtig, rootkit, rootkit entfernen, scan, schei, software, system, system32, temp, versteckte, versteckten, versteckter rootkit |
Linear-Darstellung
