Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner Dropper PGen: welche Auswirkung? wie entfernen?

Trojaner Dropper PGen: welche Auswirkung? wie entfernen?


Plagegeister aller Art und deren Bekämpfung: Trojaner Dropper PGen: welche Auswirkung? wie entfernen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.09.2011, 21:42   #1
felicithas
 
Trojaner Dropper PGen: welche Auswirkung? wie entfernen? - Standard

Trojaner Dropper PGen: welche Auswirkung? wie entfernen?


Hallo,
Malwarebytes hat den Trojaner Dropper PGen identifiziert. Könnt Ihr mir bitte sagen,was er macht, wie ich den los werde bzw. ob er bösartig ist. Evtl. verstecken sich noch mehr auf meinem Laptop?

Malwarebytes Logfile
Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7660

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

06.09.2011 07:56:08
mbam-log-2011-09-06 (07-56-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|D:\|E:\|)
Durchsuchte Objekte: 498658
Laufzeit: 56 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
e:\downloads\www.torrent.to...wiso.steuer.2011.german-restore\keygen.exe (Trojan.Dropper.PGen) -> No action taken.

--------------------------------------------------------------

OTL Logfile:

OTL logfile created on: 06.09.2011 07:55:54 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\mitarbeiter\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,86 Gb Total Physical Memory | 5,35 Gb Available Physical Memory | 68,04% Memory free
15,72 Gb Paging File | 13,20 Gb Available in Paging File | 83,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 270,35 Gb Total Space | 123,22 Gb Free Space | 45,58% Space Free | Partition Type: NTFS
Drive D: | 3,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 107,42 Gb Total Space | 92,67 Gb Free Space | 86,27% Space Free | Partition Type: NTFS

Computer Name: DESKTOPXXX | User Name: mitarbeiter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\mitarbeiter\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\js3250.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Broadcom Corporation)
SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (e1kexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (mv2) -- C:\Windows\SysNative\drivers\mv2.sys (UVNC BVBA)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (dlcdbus) DisplayLink Composite USB Bus Driver driver (WDM) -- C:\Windows\SysNative\drivers\dlcdbus.sys (MCCI Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (rismcx64) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (RICOH SmartCard Reader) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 03 E6 BC 2B ED CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.67\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.67\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.19 23:01:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.24 10:35:48 | 000,000,000 | ---D | M]

[2011.08.16 23:37:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mitarbeiter\AppData\Roaming\mozilla\Extensions
[2011.08.16 23:37:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mitarbeiter\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2011.03.28 16:00:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mitarbeiter\AppData\Roaming\mozilla\Firefox\Profiles\3rhjtwl8.default\extensions
[2011.03.11 10:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.02.06 02:58:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.11 10:13:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.21 13:09:28 | 000,032,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2011.04.01 10:00:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.01 10:00:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.01 10:00:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.01 10:00:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.01 10:00:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.117.1.25 89.16.129.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{168DC103-C5CB-497E-89B7-C006E8CDE755}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{873BAB5F-153C-4485-B5A9-0B47EB3C4214}: DhcpNameServer = 62.117.1.25 89.16.129.25
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - Reg Error: Key error. - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0b91385f-6bf0-11e0-970b-b499bae04ae4}\Shell - "" = AutoRun
O33 - MountPoints2\{0b91385f-6bf0-11e0-970b-b499bae04ae4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{55772021-6bea-11e0-9659-b499bae04ae4}\Shell - "" = AutoRun
O33 - MountPoints2\{55772021-6bea-11e0-9659-b499bae04ae4}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.09.06 07:54:54 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\mitarbeiter\Desktop\OTL.exe
[2011.09.04 22:00:25 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\Documents\Notfall
[2011.09.04 06:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.09.04 05:59:52 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Local\Google
[2011.08.26 00:20:30 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2011.08.26 00:20:29 | 000,609,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx
[2011.08.26 00:20:29 | 000,067,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysinfo.ocx
[2011.08.26 00:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Loadstreet
[2011.08.23 09:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.08.23 09:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011.08.23 09:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011.08.23 09:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011.08.23 09:31:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.08.23 09:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.08.23 09:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011.08.23 09:29:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011.08.23 09:29:02 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.08.22 01:33:00 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Roaming\WinRAR
[2011.08.22 01:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.08.22 01:32:39 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.08.22 01:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.08.22 01:24:27 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\Documents\OneNote-Notizbücher
[2011.08.21 00:41:12 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011.08.21 00:41:12 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011.08.21 00:41:12 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.08.21 00:41:12 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.08.21 00:41:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.08.21 00:41:12 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.08.21 00:41:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.08.21 00:41:12 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.08.21 00:41:12 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.08.21 00:41:12 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011.08.21 00:41:12 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011.08.21 00:41:12 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.08.21 00:41:12 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.08.21 00:41:12 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.08.21 00:41:12 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011.08.21 00:41:12 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011.08.21 00:41:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.08.21 00:41:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.08.21 00:41:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.08.21 00:41:12 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.08.21 00:41:12 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011.08.21 00:41:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011.08.21 00:41:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.08.21 00:41:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.08.21 00:41:12 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011.08.21 00:41:12 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011.08.21 00:41:12 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011.08.21 00:41:12 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011.08.21 00:41:12 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011.08.21 00:41:12 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011.08.21 00:41:12 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011.08.21 00:41:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011.08.21 00:41:12 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.08.21 00:41:12 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.08.21 00:41:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.08.21 00:41:12 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011.08.21 00:41:12 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011.08.21 00:41:12 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.08.21 00:41:12 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.08.21 00:41:12 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011.08.21 00:41:12 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.08.21 00:41:12 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011.08.21 00:41:12 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011.08.21 00:41:12 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011.08.21 00:41:12 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.08.21 00:41:12 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011.08.21 00:41:12 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011.08.21 00:41:12 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.08.21 00:41:12 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.08.21 00:41:12 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.08.21 00:41:12 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011.08.21 00:41:12 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011.08.21 00:41:12 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011.08.21 00:41:12 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011.08.21 00:41:12 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011.08.21 00:41:12 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.08.21 00:41:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.08.21 00:41:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.08.21 00:41:12 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011.08.21 00:41:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011.08.21 00:41:12 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011.08.21 00:41:12 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011.08.21 00:41:12 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011.08.21 00:41:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011.08.21 00:41:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011.08.21 00:41:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.08.21 00:41:12 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.08.21 00:41:12 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.08.21 00:41:12 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.08.21 00:41:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011.08.21 00:41:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.08.21 00:41:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.08.21 00:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011.08.21 00:30:10 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Local\Netviewer
[2011.08.17 23:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.08.17 00:04:30 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Local\Haufe
[2011.08.16 23:37:04 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Roaming\Haufe Mediengruppe
[2011.08.16 23:37:04 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Local\Haufe Mediengruppe
[2011.08.16 23:31:22 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Roaming\Lexware
[2011.08.16 23:29:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Haufe
[2011.08.16 23:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware
[2011.08.16 23:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
[2011.08.16 23:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARD Ratgeber Geld
[2011.08.16 23:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ARD Ratgeber Geld
[2011.08.16 23:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ARD Ratgeber Geld
[2011.08.16 23:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haufe
[2011.08.16 23:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Haufe
[2011.08.16 23:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.08.16 23:26:59 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Local\Lexware
[2011.08.16 23:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexware
[2011.08.16 22:27:41 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Roaming\Canneverbe Limited
[2011.08.16 22:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2011.08.16 22:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2011.08.16 22:16:49 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Roaming\pics
[2011.08.16 22:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\pics
[2011.08.16 22:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pics
[2011.08.16 22:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pics
[2011.08.13 14:00:06 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Local\AAV
[2011.08.13 13:55:52 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steuertipps
[2011.08.13 13:55:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
[2011.08.13 13:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AAV
[2011.08.13 13:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[2011.08.13 13:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2011.08.13 01:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tax-Genie 2011
[2011.08.13 01:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tax-Genie 2011
[2011.08.13 01:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\SyncToy 2.1
[2011.08.13 01:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011.08.13 00:49:15 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\Documents\Steuer
[2011.08.13 00:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011.08.13 00:43:07 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Roaming\uTorrent
[2011.08.13 00:43:07 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Local\uTorrent
[2011.08.13 00:43:04 | 000,639,352 | ---- | C] (BitTorrent, Inc.) -- C:\Users\mitarbeiter\Desktop\utorrent_3.0.25440.exe
[2011.08.13 00:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2011.08.13 00:37:07 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Local\Buhl
[2011.08.13 00:33:57 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Roaming\Buhl Data Service
[2011.08.13 00:33:55 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\AppData\Local\Buhl Data Service
[2011.08.12 01:04:17 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\Desktop\Neuer Ordner
[2011.08.10 22:37:31 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011.08.10 22:37:31 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011.08.10 22:37:31 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011.08.10 22:37:31 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011.08.10 22:37:31 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.08.10 22:37:31 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.08.10 22:37:31 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.08.10 22:37:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.08.10 22:37:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.08.10 22:37:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011.08.10 22:37:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011.08.10 22:37:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011.08.10 22:37:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011.08.10 22:37:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.08.10 22:37:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011.08.10 22:37:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011.08.10 22:37:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011.08.10 22:37:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.08.10 22:37:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.08.10 22:37:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011.08.10 22:37:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011.08.10 22:37:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011.08.10 22:37:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011.08.10 22:37:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011.08.10 22:37:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.08.10 22:37:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011.08.10 22:37:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011.08.10 22:37:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.08.10 22:37:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011.08.10 22:37:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011.08.10 22:37:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.08.10 22:37:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011.08.10 22:37:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011.08.10 22:37:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011.08.10 22:37:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011.08.10 22:37:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011.08.10 22:37:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.08.10 22:37:29 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011.08.10 22:37:24 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011.08.10 22:37:24 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011.08.10 22:37:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011.08.10 22:37:24 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011.08.10 22:37:24 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011.08.10 22:37:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011.08.10 22:37:24 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011.08.10 22:37:23 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011.08.10 22:37:23 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011.08.10 22:37:04 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.08.10 22:37:04 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.08.10 22:37:03 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.08.07 12:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.08.07 12:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.08.07 12:21:06 | 000,000,000 | ---D | C] -- C:\Users\mitarbeiter\Documents\Bedienungsanleitung
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.09.06 07:53:23 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\mitarbeiter\Desktop\OTL.exe
[2011.09.06 07:04:05 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.06 06:04:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.06 00:15:32 | 009,886,692 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.06 00:15:32 | 000,799,448 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2011.09.06 00:15:32 | 000,799,226 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011.09.06 00:15:32 | 000,797,910 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2011.09.06 00:15:32 | 000,792,112 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2011.09.06 00:15:32 | 000,768,090 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.06 00:15:32 | 000,736,498 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2011.09.06 00:15:32 | 000,713,568 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011.09.06 00:15:32 | 000,710,658 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.06 00:15:32 | 000,530,052 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2011.09.06 00:15:32 | 000,523,250 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2011.09.06 00:15:32 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2011.09.06 00:15:32 | 000,428,104 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2011.09.06 00:15:32 | 000,195,854 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2011.09.06 00:15:32 | 000,181,862 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2011.09.06 00:15:32 | 000,175,720 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2011.09.06 00:15:32 | 000,172,874 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.06 00:15:32 | 000,171,240 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011.09.06 00:15:32 | 000,167,902 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2011.09.06 00:15:32 | 000,162,066 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011.09.06 00:15:32 | 000,140,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.06 00:15:32 | 000,136,892 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2011.09.06 00:15:32 | 000,122,898 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2011.09.06 00:15:32 | 000,111,200 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2011.09.06 00:15:32 | 000,101,310 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2011.09.06 00:14:18 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 00:14:18 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 00:07:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.06 00:06:59 | 2033,745,919 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.04 15:05:30 | 000,091,302 | ---- | M] () -- C:\Users\mitarbeiter\Desktop\eBay Kleinanzeigen _2 Kostenlos. Einfach. Lokal..pdf
[2011.09.04 07:33:24 | 000,119,122 | ---- | M] () -- C:\Users\mitarbeiter\Desktop\eBay Kleinanzeigen _ Kostenlos. Einfach. Lokal..pdf
[2011.08.30 16:26:40 | 000,485,863 | ---- | M] () -- C:\Users\mitarbeiter\Desktop\Bonobo.png
[2011.08.30 00:43:02 | 000,001,321 | ---- | M] () -- C:\Users\mitarbeiter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2011.08.29 20:57:54 | 000,000,741 | ---- | M] () -- C:\Windows\wiso.ini
[2011.08.24 23:08:07 | 000,410,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.08.21 00:41:12 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011.08.21 00:41:12 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011.08.21 00:41:12 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.08.21 00:41:12 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.08.21 00:41:12 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.08.21 00:41:12 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.08.21 00:41:12 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.08.21 00:41:12 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.08.21 00:41:12 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.08.21 00:41:12 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011.08.21 00:41:12 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011.08.21 00:41:12 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.08.21 00:41:12 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.08.21 00:41:12 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.08.21 00:41:12 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011.08.21 00:41:12 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011.08.21 00:41:12 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.08.21 00:41:12 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.08.21 00:41:12 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.08.21 00:41:12 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.08.21 00:41:12 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011.08.21 00:41:12 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011.08.21 00:41:12 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.08.21 00:41:12 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.08.21 00:41:12 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011.08.21 00:41:12 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011.08.21 00:41:12 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011.08.21 00:41:12 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011.08.21 00:41:12 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011.08.21 00:41:12 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011.08.21 00:41:12 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011.08.21 00:41:12 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011.08.21 00:41:12 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.08.21 00:41:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.08.21 00:41:12 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.08.21 00:41:12 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011.08.21 00:41:12 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011.08.21 00:41:12 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.08.21 00:41:12 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.08.21 00:41:12 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011.08.21 00:41:12 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.08.21 00:41:12 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011.08.21 00:41:12 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011.08.21 00:41:12 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011.08.21 00:41:12 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.08.21 00:41:12 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011.08.21 00:41:12 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011.08.21 00:41:12 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.08.21 00:41:12 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.08.21 00:41:12 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.08.21 00:41:12 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011.08.21 00:41:12 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011.08.21 00:41:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011.08.21 00:41:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011.08.21 00:41:12 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011.08.21 00:41:12 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.08.21 00:41:12 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.08.21 00:41:12 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.08.21 00:41:12 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011.08.21 00:41:12 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.08.21 00:41:12 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011.08.21 00:41:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011.08.21 00:41:12 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011.08.21 00:41:12 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011.08.21 00:41:12 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011.08.21 00:41:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011.08.21 00:41:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011.08.21 00:41:12 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.08.21 00:41:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.08.21 00:41:12 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.08.21 00:41:12 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.08.21 00:41:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011.08.21 00:41:12 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.08.21 00:41:12 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.08.21 00:34:09 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\ARD Ratgeber Geld Steuer 2011.lnk
[2011.08.16 22:27:35 | 000,001,751 | ---- | M] () -- C:\Users\mitarbeiter\Desktop\CDBurnerXP.lnk
[2011.08.16 22:15:47 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Terminplaner.lnk
[2011.08.16 22:15:39 | 000,330,240 | ---- | M] () -- C:\Windows\PICSUninstall.exe
[2011.08.16 22:15:39 | 000,139,776 | ---- | M] () -- C:\Windows\SysWow64\ZipDll.dll
[2011.08.16 22:15:39 | 000,122,368 | ---- | M] () -- C:\Windows\SysWow64\UnzDll.dll
[2011.08.13 00:43:05 | 000,639,352 | ---- | M] (BitTorrent, Inc.) -- C:\Users\mitarbeiter\Desktop\utorrent_3.0.25440.exe
[2011.08.09 23:34:42 | 000,349,092 | ---- | M] () -- C:\Users\mitarbeiter\Desktop\cooleDeals_201108092336.pdf
[2011.08.07 12:43:13 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.09.05 04:03:58 | 000,485,863 | ---- | C] () -- C:\Users\mitarbeiter\Desktop\Bonobo.png
[2011.09.04 15:05:29 | 000,091,302 | ---- | C] () -- C:\Users\mitarbeiter\Desktop\eBay Kleinanzeigen _2 Kostenlos. Einfach. Lokal..pdf
[2011.09.04 07:33:23 | 000,119,122 | ---- | C] () -- C:\Users\mitarbeiter\Desktop\eBay Kleinanzeigen _ Kostenlos. Einfach. Lokal..pdf
[2011.09.04 05:59:55 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.04 05:59:55 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.30 00:43:02 | 000,001,321 | ---- | C] () -- C:\Users\mitarbeiter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2011.08.21 00:41:12 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.08.21 00:41:12 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011.08.16 23:29:05 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\ARD Ratgeber Geld Steuer 2011.lnk
[2011.08.16 22:27:35 | 000,001,751 | ---- | C] () -- C:\Users\mitarbeiter\Desktop\CDBurnerXP.lnk
[2011.08.16 22:27:35 | 000,001,701 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011.08.16 22:15:47 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Terminplaner.lnk
[2011.08.16 22:15:39 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe
[2011.08.16 22:15:39 | 000,139,776 | ---- | C] () -- C:\Windows\SysWow64\ZipDll.dll
[2011.08.16 22:15:39 | 000,122,368 | ---- | C] () -- C:\Windows\SysWow64\UnzDll.dll
[2011.08.13 01:31:59 | 000,000,741 | ---- | C] () -- C:\Windows\wiso.ini
[2011.08.13 01:05:12 | 000,003,007 | ---- | C] () -- C:\Users\mitarbeiter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SyncToy 2.1(x64).lnk
[2011.08.09 23:34:42 | 000,349,092 | ---- | C] () -- C:\Users\mitarbeiter\Desktop\cooleDeals_201108092336.pdf
[2011.08.07 12:43:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.08.07 12:43:13 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.08.07 03:30:10 | 000,007,619 | ---- | C] () -- C:\Users\mitarbeiter\AppData\Local\Resmon.ResmonCfg
[2011.08.06 11:17:44 | 000,000,600 | ---- | C] () -- C:\Users\mitarbeiter\AppData\Roaming\winscp.rnd
[2011.08.06 11:07:54 | 000,072,638 | ---- | C] () -- C:\ProgramData\cc_20110806_110742.reg
[2011.03.28 17:07:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.15 20:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2011.03.15 20:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2011.03.15 20:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2011.02.06 04:35:15 | 009,959,022 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll

========== LOP Check ==========

[2011.03.28 11:43:02 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\7-PDFMaker
[2011.05.10 17:30:57 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\7-PDFSplitMerge
[2011.03.28 16:33:08 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\ac'tivAid
[2011.08.13 00:33:57 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\Buhl Data Service
[2011.08.16 22:27:41 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\Canneverbe Limited
[2011.03.31 20:40:23 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\gtk-2.0
[2011.08.16 23:37:04 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\Haufe Mediengruppe
[2011.08.16 23:31:24 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\Lexware
[2011.04.21 15:11:37 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\Notepad++
[2011.08.16 22:16:49 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\pics
[2011.03.28 11:37:01 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\Subversion
[2011.08.06 10:04:47 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\T-Mobile
[2011.05.05 09:55:51 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\T-Mobile Internet Manager
[2011.07.23 00:07:07 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\TuneUp Software
[2011.09.06 07:48:57 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\uTorrent
[2011.08.07 03:50:24 | 000,000,000 | ---D | M] -- C:\Users\mitarbeiter\AppData\Roaming\XLMSoft
[2011.08.07 11:23:46 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Ich hoffe Ihr könnt mir helfen das Problem zu beheben.

Viele Grüße

Alt 07.09.2011, 22:25   #2
Swisstreasure
/// Malwareteam
 
Trojaner Dropper PGen: welche Auswirkung? wie entfernen? - Standard

Trojaner Dropper PGen: welche Auswirkung? wie entfernen?


Dateien, wie Crack.exe, Keygen.exe oder Patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte.
Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf
Anleitung zum Neu aufsetzten
__________________
Alt 08.09.2011, 23:40   #3
felicithas
 
Trojaner Dropper PGen: welche Auswirkung? wie entfernen? - Standard

Trojaner Dropper PGen: welche Auswirkung? wie entfernen?


Sehr freundlich - besten Dank!

__________________
Antwort

Themen zu Trojaner Dropper PGen: welche Auswirkung? wie entfernen?
.dll, adobe, autorun, bho, dateien, entfernen, error, explorer, firefox, format, google earth, helper, langs, logfile, mbamservice.exe, microsoft, mozilla, msn, object, plug-in, problem, programme, registry, scan, software, spyware, trojan.dropper.pgen, trojaner, usb, usb 3.0, version=1.0, webcheck, wie entfernen, wie entfernen?, winlogon


« Bundespolizei Trojaner - Externe anschließen? | eine url - mehrere funde »


Ähnliche Themen: Trojaner Dropper PGen: welche Auswirkung? wie entfernen?


  1. Trojaner TR/Dropper.A.25752 und 25789 entfernen
    Log-Analyse und Auswertung - 18.02.2015 (13)
  2. Windows 8- omiga-plus als Startseite entfernen - Welche Scans durchführen?
    Plagegeister aller Art und deren Bekämpfung - 12.01.2015 (14)
  3. Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 30.08.2013 (10)
  4. Reicht AVG AntiVirus free zum entfernen der Trojaner Agent7.bc und Dropper.Generic8.AGYJ aus?
    Log-Analyse und Auswertung - 24.05.2013 (18)
  5. Spyware.Passwords.XGen, Trojan.Dropper.PGen, Packer.Suspicious, JAVA/Agent.2212
    Plagegeister aller Art und deren Bekämpfung - 05.12.2010 (3)
  6. Trojan.Dropper.PGen gefunden und mit MBAM entfernt, jetzt alles sauber?
    Log-Analyse und Auswertung - 17.11.2010 (6)
  7. Trojan.Dropper.PGEN, wie kann ich den bereinigen?
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (2)
  8. Welche Software-/Hardwaremaßnahme ist für welche Schädlinge geeignet/ungeeignet...
    Antiviren-, Firewall- und andere Schutzprogramme - 16.09.2010 (2)
  9. Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (9)
  10. Trojaner/Dropper.gen wie entfernen?
    Log-Analyse und Auswertung - 13.03.2010 (1)
  11. Trojaner Dropper.gen wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 19.02.2010 (1)
  12. Dropper.gen und atraps.gen - Trojaner lassen sich nicht entfernen
    Log-Analyse und Auswertung - 12.12.2009 (1)
  13. Trojaner.Dropper Entfernen ???
    Plagegeister aller Art und deren Bekämpfung - 24.10.2009 (6)
  14. Dringend Hilfe - Mehrere Trojaner die nicht zu entfernen sind TR/Dropper.Gen usw
    Log-Analyse und Auswertung - 07.07.2009 (3)
  15. Trojaner TR/Dropper.Gen entfernen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2008 (5)
  16. Versuch, mit Escan Trojaner tr dropper gen zu entfernen!
    Plagegeister aller Art und deren Bekämpfung - 21.06.2008 (4)
  17. habe gaaaaanz viele prozesse laufen!Welche sind gut welche nicht?
    Plagegeister aller Art und deren Bekämpfung - 07.03.2006 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner Dropper PGen: welche Auswirkung? wie entfernen? - Hallo, Malwarebytes hat den Trojaner Dropper PGen identifiziert. Könnt Ihr mir bitte sagen,was er macht, wie ich den los werde bzw. ob er bösartig ist. Evtl. verstecken sich noch mehr - Trojaner Dropper PGen: welche Auswirkung? wie entfernen?...
Archiv
Du betrachtest: Trojaner Dropper PGen: welche Auswirkung? wie entfernen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131