Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner "Bitte warten sie während die Verbindung hergestellt wird"

Trojaner "Bitte warten sie während die Verbindung hergestellt wird"


Plagegeister aller Art und deren Bekämpfung: Trojaner "Bitte warten sie während die Verbindung hergestellt wird"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.04.2012, 15:32   #1
Olli86
 
Trojaner "Bitte warten sie während die Verbindung hergestellt wird" - Standard

Trojaner "Bitte warten sie während die Verbindung hergestellt wird"


Ich habe einen weißen Bildschirm mit den Hinweis "Bitte warten sie während die Verbindung hergestellt wird ".

Hier die meine OTL Datei..

Ich bedanke mich schon mal im voraus
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/10/2012 5:17:49 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Ultimate  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 89.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 30.00 Gb Total Space | 23.15 Gb Free Space | 77.18% Space Free | Partition Type: NTFS
Drive D: | 434.76 Gb Total Space | 416.19 Gb Free Space | 95.73% Space Free | Partition Type: NTFS
Drive E: | 3.76 Gb Total Space | 3.75 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/06/10 02:42:52 | 000,176,128 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/04/01 05:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- D:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 05:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/09 10:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto] -- D:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/06/10 02:42:52 | 006,574,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/06/10 02:42:52 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/06/10 02:42:52 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/06/10 02:42:52 | 000,035,968 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/12/03 06:29:00 | 000,999,528 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
 
IE - HKU\Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.net
IE - HKU\Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 FB 5F 14 2A 08 CD 01  [binary data]
IE - HKU\Administrator_ON_D\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SearchTheWeb"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Softonic)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.iminent.com/?appId=bba5272e-7071-4dbb-8d27-1b97589f08b3&lcid=1031&ref=homepage"
FF - prefs.js..extensions.enabledItems: ffxtlbra@softonic.com:1.5.0
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {28387537-e3f9-4ed7-860c-11e69af4a8a0}:4.6.1.01
FF - prefs.js..keyword.URL: "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/24 14:29:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/24 14:29:25 | 000,000,000 | ---D | M]
 
[2012/03/30 18:58:18 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/03/30 18:59:09 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dczyumx8.default\extensions
[2012/03/30 18:58:16 | 000,000,000 | ---D | M] (Wincore Mediabar) -- D:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dczyumx8.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012/03/25 17:58:33 | 000,000,000 | ---D | M] (IMinent Toolbar) -- D:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dczyumx8.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/03/25 18:18:20 | 000,000,000 | ---D | M] (Softonic Toolbar) -- D:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dczyumx8.default\extensions\ffxtlbra@softonic.com
[2012/03/27 06:09:40 | 000,002,270 | ---- | M] () -- D:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dczyumx8.default\searchplugins\SearchTheWeb.xml
[2012/03/30 18:58:13 | 000,002,517 | ---- | M] () -- D:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dczyumx8.default\searchplugins\Search_Results.xml
[2012/03/25 18:18:19 | 000,002,060 | ---- | M] () -- D:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dczyumx8.default\searchplugins\softonic.xml
[2012/03/30 18:59:09 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2012/03/25 17:58:25 | 000,000,000 | ---D | M] (Iminent WebBooster) -- D:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com
[2012/03/30 18:58:18 | 000,000,000 | ---D | M] (DataMngr) -- D:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2012/03/20 08:07:16 | 000,075,208 | ---- | M] (Foxit Software Company) -- D:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/03/24 14:29:21 | 000,001,392 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/24 14:29:21 | 000,002,344 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/24 14:29:21 | 000,006,805 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/23 07:02:16 | 000,002,157 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012/03/30 18:58:13 | 000,002,517 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/03/24 14:29:21 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/24 14:29:21 | 000,001,105 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - D:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - D:\Program Files\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - D:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - D:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - D:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - D:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - D:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - D:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\Administrator_ON_D\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - D:\Program Files\IMinent Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [BX6kRBeYBXtpN21] D:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O4 - HKLM..\Run: [DATAMNGR] D:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [Iminent] D:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] D:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [MGSysCtrl] D:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] D:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Administrator_ON_D..\Run: [BX6kRBeYBXtpN21] D:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O4 - HKU\Administrator_ON_D..\RunOnce: [!iMeshDSFF] D:\Users\Administrator\AppData\Local\Temp\SRAssetsHelper.dll ()
O4 - HKU\Administrator_ON_D..\RunOnce: [!iMeshFFHP] D:\Users\Administrator\AppData\Local\Temp\Installhelper.dll ()
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.182 80.69.100.230
O20 - AppInit_DLLs: (C:\Program Files\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - D:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\Program Files\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - D:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20 - HKLM Winlogon: Shell - (C:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe) - D:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe) - D:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Administrator_ON_D Winlogon: Shell - (C:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe) - D:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O20 - HKU\Administrator_ON_D Winlogon: UserInit - (C:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe) - D:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a8704c0d-7282-11e1-b514-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a8704c0d-7282-11e1-b514-806e6f6e6963}\Shell\AutoRun\command - "" = D:\DWizard600.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61r1K7Zg-HMWm-14l4-knLL-DFbthPjzcAFc} - 
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: AppInfo -  File not found
 
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 1
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/30 20:37:58 | 000,240,128 | ---- | C] (jqUhg) -- D:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe
[2012/03/30 18:58:11 | 000,000,000 | ---D | C] -- D:\ProgramData\B15B
[2012/03/30 18:58:06 | 000,000,000 | ---D | C] -- D:\Users\Administrator\Documents\My Received Files
[2012/03/30 18:58:06 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\iMesh
[2012/03/30 18:57:33 | 000,000,000 | ---D | C] -- D:\Program Files\iMesh Applications
[2012/03/30 18:57:33 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh
[2012/03/30 18:57:33 | 000,000,000 | ---D | C] -- D:\ProgramData\iMesh
[2012/03/30 18:57:17 | 000,000,000 | -H-D | C] -- D:\ProgramData\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}
[2012/03/30 18:57:04 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\PackageAware
[2012/03/30 18:32:51 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\{307220AC-B19A-4102-9779-12E1688A18C2}
[2012/03/30 06:27:25 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\{AEC84E8C-07E2-4FF4-8ED1-B76D8CB680EB}
[2012/03/29 09:37:49 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\{757EA9EC-6916-4C2F-A33C-EA9A64A78D2E}
[2012/03/28 18:23:46 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\{879E53CB-2D1B-4BAC-9EC2-CF3FA31860C5}
[2012/03/28 06:23:11 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\{E10FCE74-40CD-4B69-8663-9DD306EC91FE}
[2012/03/28 06:23:10 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\{109FDD35-0E50-49C5-A9A5-5BC9214AC11F}
[2012/03/27 18:22:34 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\{8A021189-8AB6-4365-8F82-5DFCA7B9F7B5}
[2012/03/27 17:44:14 | 000,000,000 | ---D | C] -- D:\Users\Administrator\Desktop\Hinterm Ghetto an der Front
[2012/03/27 06:09:41 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\{0E526488-BE84-4600-B7BA-02DFEF0F9EC6}
[2012/03/26 19:00:18 | 000,000,000 | ---D | C] -- D:\Windows\Sun
[2012/03/26 12:51:56 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft.NET
[2012/03/26 12:50:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\PresentationHost.exe
[2012/03/26 12:50:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\PresentationHostProxy.dll
[2012/03/26 12:50:30 | 000,049,472 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\netfxperf.dll
[2012/03/26 12:46:32 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\{5E2BAA5A-624F-4673-99C2-1168D74B2F43}
[2012/03/25 18:19:48 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\{D5C223DA-2387-4F44-A15B-CE1B7D3AE467}
[2012/03/25 18:18:20 | 000,000,000 | ---D | C] -- D:\Program Files\Softonic
[2012/03/25 18:15:21 | 000,000,000 | ---D | C] -- D:\Windows\de
[2012/03/25 18:14:04 | 000,000,000 | R--D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/03/25 18:13:20 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft SQL Server Compact Edition
[2012/03/25 18:11:43 | 000,000,000 | ---D | C] -- D:\Windows\PCHEALTH
[2012/03/25 18:10:34 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Live
[2012/03/25 18:09:31 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft
[2012/03/25 18:08:13 | 002,983,424 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\UIRibbon.dll
[2012/03/25 18:08:12 | 001,164,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\UIRibbonRes.dll
[2012/03/25 18:07:08 | 003,181,568 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mf.dll
[2012/03/25 18:07:08 | 000,196,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfreadwrite.dll
[2012/03/25 18:07:07 | 001,619,456 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WMVDECOD.DLL
[2012/03/25 18:05:49 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\Windows Live
[2012/03/25 18:05:48 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Windows Live
[2012/03/25 18:04:59 | 001,553,208 | ---- | C] (Softonic) -- D:\Users\Administrator\Desktop\softonic_ggl_1.5.11.5.exe
[2012/03/25 18:04:59 | 001,292,136 | ---- | C] (Microsoft Corporation) -- D:\Users\Administrator\Desktop\wlsetup-web_15.4.3538.0513.exe
[2012/03/25 17:58:34 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\Iminent
[2012/03/25 17:58:29 | 000,000,000 | ---D | C] -- D:\Program Files\IMinent Toolbar
[2012/03/25 17:58:29 | 000,000,000 | ---D | C] -- D:\ProgramData\Iminent
[2012/03/25 17:57:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2012/03/25 17:57:56 | 000,000,000 | ---D | C] -- D:\Program Files\Iminent
[2012/03/22 06:56:09 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\ElevatedDiagnostics
[2012/03/20 18:31:58 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\Microsoft Games
[2012/03/20 16:09:54 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/03/20 16:06:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tzres.dll
[2012/03/20 16:06:21 | 000,641,536 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\CPFilters.dll
[2012/03/20 16:06:20 | 000,465,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\psisdecd.dll
[2012/03/20 16:06:20 | 000,417,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msdri.dll
[2012/03/20 16:06:20 | 000,204,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\MSNP.ax
[2012/03/20 16:06:18 | 003,957,632 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntkrnlpa.exe
[2012/03/20 16:06:18 | 003,901,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe
[2012/03/20 16:06:17 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\System32\atmfd.dll
[2012/03/20 16:06:17 | 000,070,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\fontsub.dll
[2012/03/20 16:06:17 | 000,034,304 | ---- | C] (Adobe Systems) -- D:\Windows\System32\atmlib.dll
[2012/03/20 16:06:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2012/03/20 16:06:13 | 002,340,352 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32k.sys
[2012/03/20 16:06:02 | 000,606,208 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mstime.dll
[2012/03/20 16:06:02 | 000,599,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2012/03/20 16:06:02 | 000,381,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iedkcs32.dll
[2012/03/20 16:06:02 | 000,185,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2012/03/20 16:06:02 | 000,064,512 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeedsbs.dll
[2012/03/20 16:06:02 | 000,044,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2012/03/20 16:06:01 | 001,638,912 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
[2012/03/20 16:06:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2012/03/20 16:06:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012/03/20 16:06:01 | 000,132,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012/03/20 16:06:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2012/03/20 16:06:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2012/03/20 16:05:58 | 000,427,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2012/03/20 08:53:08 | 000,003,584 | ---- | C] (Windows (R) Win 7 DDK provider) -- D:\Windows\System32\msiapcfg.dll
[2012/03/20 08:53:06 | 000,000,000 | ---D | C] -- D:\Program Files\System Control Manager
[2012/03/20 08:52:49 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\InstallShield
[2012/03/20 08:50:11 | 000,000,000 | -H-D | C] -- D:\Program Files\InstallShield Installation Information
[2012/03/20 08:50:02 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012/03/20 08:50:01 | 000,000,000 | ---D | C] -- D:\Program Files\Renesas Electronics
[2012/03/20 08:48:54 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\Macromedia
[2012/03/20 08:48:54 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\Adobe
[2012/03/20 08:48:44 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/20 08:46:36 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\Mozilla
[2012/03/20 08:46:36 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\Mozilla
[2012/03/20 08:24:34 | 000,100,896 | ---- | C] (Realtek Semiconductor Corporation) -- D:\Windows\System32\RTNUninst32.dll
[2012/03/20 08:22:40 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\ATI
[2012/03/20 08:22:40 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\ATI
[2012/03/20 08:22:40 | 000,000,000 | ---D | C] -- D:\ProgramData\ATI
[2012/03/20 08:20:26 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\ATI Technologies
[2012/03/20 08:20:16 | 000,035,968 | R--- | C] (Advanced Micro Devices) -- D:\Windows\System32\drivers\usbfilter.sys
[2012/03/20 08:20:16 | 000,000,000 | ---D | C] -- D:\Windows\System32\DRVSTORE
[2012/03/20 08:20:14 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/20 08:19:19 | 000,101,392 | ---- | C] (Advanced Micro Devices) -- D:\Windows\System32\drivers\AtihdW73.sys
[2012/03/20 08:19:08 | 000,052,736 | ---- | C] (AMD) -- D:\Windows\System32\coinst.dll
[2012/03/20 08:19:07 | 000,450,560 | ---- | C] (Advanced Micro Devices, Inc.) -- D:\Windows\System32\ATIDEMGX.dll
[2012/03/20 08:18:38 | 000,000,000 | ---D | C] -- D:\Program Files\ATI Technologies
[2012/03/20 08:18:35 | 000,000,000 | ---D | C] -- D:\Program Files\ATI
[2012/03/20 08:17:56 | 000,000,000 | ---D | C] -- D:\Windows\pss
[2012/03/20 08:09:03 | 000,000,000 | R--D | C] -- D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/20 08:09:03 | 000,000,000 | R--D | C] -- D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/20 08:09:03 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/03/20 08:08:07 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2012/03/20 08:08:07 | 000,000,000 | ---D | C] -- D:\Program Files\Elaborate Bytes
[2012/03/20 08:08:04 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
[2012/03/20 08:08:04 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miranda IM
[2012/03/20 08:08:03 | 000,000,000 | ---D | C] -- D:\Program Files\Miranda
[2012/03/20 08:07:55 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\IrfanView
[2012/03/20 08:07:55 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012/03/20 08:07:55 | 000,000,000 | ---D | C] -- D:\Program Files\IrfanView
[2012/03/20 08:07:38 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/20 08:07:37 | 000,000,000 | ---D | C] -- D:\Program Files\CCleaner
[2012/03/20 08:07:21 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012/03/20 08:07:21 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\Foxit
[2012/03/20 08:07:17 | 000,000,000 | ---D | C] -- D:\Program Files\Foxit Software
[2012/03/20 08:06:58 | 000,000,000 | ---D | C] -- D:\Program Files\Firesave
[2012/03/20 08:06:50 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2012/03/20 08:06:46 | 000,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox
[2012/03/20 08:06:34 | 000,000,000 | ---D | C] -- D:\Program Files\Z-Zip
[2012/03/20 08:06:34 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/03/20 08:06:16 | 000,515,416 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAudio2_5.dll
[2012/03/20 08:06:15 | 001,974,616 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_42.dll
[2012/03/20 08:06:15 | 000,238,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine3_5.dll
[2012/03/20 08:06:13 | 005,501,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dcsx_42.dll
[2012/03/20 08:06:13 | 001,892,184 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DX9_42.dll
[2012/03/20 08:06:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_42.dll
[2012/03/20 08:06:13 | 000,235,344 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx11_42.dll
[2012/03/20 08:06:12 | 001,846,632 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_41.dll
[2012/03/20 08:06:12 | 000,453,456 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_41.dll
[2012/03/20 08:06:10 | 004,178,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DX9_41.dll
[2012/03/20 08:06:10 | 000,517,448 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAudio2_4.dll
[2012/03/20 08:06:10 | 000,235,352 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine3_4.dll
[2012/03/20 08:06:10 | 000,069,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAPOFX1_3.dll
[2012/03/20 08:06:09 | 002,036,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_40.dll
[2012/03/20 08:06:09 | 000,452,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_40.dll
[2012/03/20 08:06:09 | 000,022,360 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\X3DAudio1_6.dll
[2012/03/20 08:06:07 | 004,379,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DX9_40.dll
[2012/03/20 08:06:07 | 000,514,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAudio2_3.dll
[2012/03/20 08:06:07 | 000,509,448 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAudio2_2.dll
[2012/03/20 08:06:07 | 000,235,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine3_3.dll
[2012/03/20 08:06:07 | 000,070,992 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAPOFX1_2.dll
[2012/03/20 08:06:07 | 000,068,616 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAPOFX1_1.dll
[2012/03/20 08:06:07 | 000,023,376 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\X3DAudio1_5.dll
[2012/03/20 08:06:06 | 001,493,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_39.dll
[2012/03/20 08:06:06 | 000,467,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_39.dll
[2012/03/20 08:06:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine3_2.dll
[2012/03/20 08:06:05 | 003,851,784 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DX9_39.dll
[2012/03/20 08:06:04 | 001,491,992 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_38.dll
[2012/03/20 08:06:04 | 000,507,400 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAudio2_1.dll
[2012/03/20 08:06:04 | 000,467,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_38.dll
[2012/03/20 08:06:04 | 000,238,088 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine3_1.dll
[2012/03/20 08:06:04 | 000,065,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAPOFX1_0.dll
[2012/03/20 08:06:04 | 000,025,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\X3DAudio1_4.dll
[2012/03/20 08:06:03 | 003,850,760 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DX9_38.dll
[2012/03/20 08:06:03 | 000,479,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAudio2_0.dll
[2012/03/20 08:06:03 | 000,238,088 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine3_0.dll
[2012/03/20 08:06:03 | 000,025,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\X3DAudio1_3.dll
[2012/03/20 08:06:02 | 001,420,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_37.dll
[2012/03/20 08:06:02 | 000,462,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_37.dll
[2012/03/20 08:06:01 | 003,786,760 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DX9_37.dll
[2012/03/20 08:06:01 | 000,267,272 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine2_10.dll
[2012/03/20 08:05:59 | 001,374,232 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_36.dll
[2012/03/20 08:05:59 | 000,444,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_36.dll
[2012/03/20 08:05:58 | 003,734,536 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_36.dll
[2012/03/20 08:05:58 | 000,267,112 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine2_9.dll
[2012/03/20 08:05:57 | 001,358,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_35.dll
[2012/03/20 08:05:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_35.dll
[2012/03/20 08:05:56 | 003,727,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_35.dll
[2012/03/20 08:05:56 | 001,124,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_34.dll
[2012/03/20 08:05:56 | 000,443,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_34.dll
[2012/03/20 08:05:56 | 000,266,088 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine2_8.dll
[2012/03/20 08:05:56 | 000,017,928 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\X3DAudio1_2.dll
[2012/03/20 08:05:55 | 003,497,832 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_34.dll
[2012/03/20 08:05:55 | 000,261,480 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine2_7.dll
[2012/03/20 08:05:55 | 000,081,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xinput1_3.dll
[2012/03/20 08:05:54 | 003,495,784 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_33.dll
[2012/03/20 08:05:54 | 001,123,696 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_33.dll
[2012/03/20 08:05:54 | 000,443,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_33.dll
[2012/03/20 08:05:53 | 000,440,080 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10.dll
[2012/03/20 08:05:53 | 000,255,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine2_6.dll
[2012/03/20 08:05:53 | 000,251,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine2_5.dll
[2012/03/20 08:05:52 | 003,426,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_32.dll
[2012/03/20 08:05:52 | 000,237,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine2_4.dll
[2012/03/20 08:05:52 | 000,015,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\x3daudio1_1.dll
[2012/03/20 08:05:51 | 002,414,360 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_31.dll
[2012/03/20 08:05:51 | 000,236,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine2_3.dll
[2012/03/20 08:05:50 | 000,230,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine2_2.dll
[2012/03/20 08:05:50 | 000,229,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine2_1.dll
[2012/03/20 08:05:50 | 000,062,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xinput1_2.dll
[2012/03/20 08:05:50 | 000,062,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xinput1_1.dll
[2012/03/20 08:05:45 | 002,388,176 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_30.dll
[2012/03/20 08:05:45 | 000,230,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine2_0.dll
[2012/03/20 08:05:45 | 000,014,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\x3daudio1_0.dll
[2012/03/20 08:05:44 | 002,332,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_29.dll
[2012/03/20 08:05:44 | 002,323,664 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_28.dll
[2012/03/20 08:05:43 | 002,319,568 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_27.dll
[2012/03/20 08:05:43 | 002,297,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_26.dll
[2012/03/20 08:05:42 | 002,337,488 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_25.dll
[2012/03/20 08:05:41 | 002,222,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_24.dll
[2012/03/20 08:03:50 | 001,060,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc71.dll
[2012/03/20 08:03:50 | 001,053,696 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc71u.dll
[2012/03/20 08:03:50 | 001,024,000 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc70.dll
[2012/03/20 08:03:50 | 001,017,344 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc70u.dll
[2012/03/20 08:03:50 | 000,722,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vb40032.dll
[2012/03/20 08:03:50 | 000,487,424 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msvcp70.dll
[2012/03/20 08:03:50 | 000,444,952 | ---- | C] (Creative Labs) -- D:\Windows\System32\wrap_oal.dll
[2012/03/20 08:03:50 | 000,339,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msvcr70.dll
[2012/03/20 08:03:50 | 000,200,704 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- D:\Windows\System32\ssleay32.dll
[2012/03/20 08:03:50 | 000,189,440 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- D:\Windows\System32\libssl32.dll
[2012/03/20 08:03:50 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- D:\Windows\System32\openal32.dll
[2012/03/20 08:03:50 | 000,065,536 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc71DEU.dll
[2012/03/20 08:03:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc71ITA.dll
[2012/03/20 08:03:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc71FRA.dll
[2012/03/20 08:03:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc71ESP.dll
[2012/03/20 08:03:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc70ITA.dll
[2012/03/20 08:03:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc70FRA.dll
[2012/03/20 08:03:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc70ESP.dll
[2012/03/20 08:03:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc70DEU.dll
[2012/03/20 08:03:50 | 000,057,344 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc71ENU.dll
[2012/03/20 08:03:50 | 000,057,344 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc70ENU.dll
[2012/03/20 08:03:50 | 000,054,784 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msvci70.dll
[2012/03/20 08:03:50 | 000,049,152 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc71KOR.dll
[2012/03/20 08:03:50 | 000,049,152 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc71JPN.dll
[2012/03/20 08:03:50 | 000,049,152 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc70KOR.dll
[2012/03/20 08:03:50 | 000,049,152 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc70JPN.dll
[2012/03/20 08:03:50 | 000,045,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc71CHT.dll
[2012/03/20 08:03:50 | 000,045,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc70CHT.dll
[2012/03/20 08:03:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc71CHS.dll
[2012/03/20 08:03:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc70CHS.dll
[2012/03/20 08:03:49 | 002,887,680 | ---- | C] (Intel Corporation) -- D:\Windows\System32\libmmd.dll
[2012/03/20 08:03:49 | 001,872,666 | ---- | C] (Red Hat) -- D:\Windows\System32\cygwin1.dll
[2012/03/20 08:03:49 | 001,017,344 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- D:\Windows\System32\libeay32.dll
[2012/03/20 08:03:49 | 000,898,048 | ---- | C] (GNU <www.gnu.org>) -- D:\Windows\System32\libiconv2.dll
[2012/03/20 08:03:49 | 000,398,416 | ---- | C] (Microsoft Corporation) -- D:\Windows\System\vbrun300.dll
[2012/03/20 08:03:49 | 000,356,992 | ---- | C] (Microsoft Corporation) -- D:\Windows\System\vbrun200.dll
[2012/03/20 08:03:49 | 000,101,888 | ---- | C] (GNU <www.gnu.org>) -- D:\Windows\System32\libintl3.dll
[2012/03/20 08:03:49 | 000,090,112 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\atl71.dll
[2012/03/20 08:03:49 | 000,086,016 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\atl70.dll
[2012/03/20 08:03:48 | 001,069,376 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mscomctl.ocx
[2012/03/20 08:03:48 | 001,066,176 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mscomctl32.ocx
[2012/03/20 08:03:48 | 000,935,632 | ---- | C] (Microsoft Corporation) -- D:\Windows\System\vb40016.dll
[2012/03/20 08:03:48 | 000,659,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mscomct2.ocx
[2012/03/20 08:03:48 | 000,614,992 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\comctl32.ocx
[2012/03/20 08:03:48 | 000,443,488 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\MShflxgd.ocx
[2012/03/20 08:03:48 | 000,415,552 | ---- | C] (Microsoft Corporation ) -- D:\Windows\System32\comct332.ocx
[2012/03/20 08:03:48 | 000,314,760 | ---- | C] (AutoIt Team) -- D:\Windows\System32\AutoItX3.dll
[2012/03/20 08:03:48 | 000,278,352 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msdatgrd.ocx
[2012/03/20 08:03:48 | 000,258,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msflxgrd.ocx
[2012/03/20 08:03:48 | 000,252,240 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msdatlst.ocx
[2012/03/20 08:03:48 | 000,222,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dblist32.ocx
[2012/03/20 08:03:48 | 000,221,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tabctl32.ocx
[2012/03/20 08:03:48 | 000,218,432 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\richtx32.ocx
[2012/03/20 08:03:48 | 000,215,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mci32.ocx
[2012/03/20 08:03:48 | 000,178,512 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msmask32.ocx
[2012/03/20 08:03:48 | 000,170,080 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\comct232.ocx
[2012/03/20 08:03:48 | 000,155,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\comdlg32.ocx
[2012/03/20 08:03:48 | 000,136,008 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msinet.ocx
[2012/03/20 08:03:48 | 000,129,872 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msstdfmt.dll
[2012/03/20 08:03:48 | 000,127,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mswinsck.ocx
[2012/03/20 08:03:48 | 000,119,616 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mscomm32.ocx
[2012/03/20 08:03:48 | 000,107,840 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msstkprp.dll
[2012/03/20 08:03:48 | 000,100,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\picclp32.ocx
[2012/03/20 08:03:48 | 000,080,208 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sysinfo.ocx
[2012/03/20 08:03:48 | 000,032,768 | ---- | C] (Adobe Systems, Inc.) -- D:\Windows\System\plugin.dll
[2012/03/20 08:03:45 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Silverlight
[2012/03/20 08:03:36 | 000,000,000 | ---D | C] -- D:\Windows\System32\Macromed
[2012/03/20 08:03:22 | 000,528,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAudio2_6.dll
[2012/03/20 08:03:22 | 000,238,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine3_6.dll
[2012/03/20 08:03:22 | 000,074,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAPOFX1_4.dll
[2012/03/20 08:03:22 | 000,022,360 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\X3DAudio1_7.dll
[2012/03/20 08:03:06 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\deploytk.dll
[2012/03/20 08:03:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaws.exe
[2012/03/20 08:03:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaw.exe
[2012/03/20 08:03:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\java.exe
[2012/03/20 08:02:53 | 000,000,000 | ---D | C] -- D:\Program Files\Java
[2012/03/20 08:00:13 | 000,000,000 | ---D | C] -- D:\Windows\System32\URTTEMP
[2012/03/20 07:58:37 | 000,000,000 | -HSD | C] -- D:\Windows\Installer
[2012/03/20 07:55:00 | 000,000,000 | --SD | C] -- D:\Users\Administrator\AppData\Roaming\Microsoft
[2012/03/20 07:55:00 | 000,000,000 | R--D | C] -- D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/03/20 07:55:00 | 000,000,000 | R--D | C] -- D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/03/20 07:55:00 | 000,000,000 | -HSD | C] -- D:\Users\Administrator\AppData\Local\Verlauf
[2012/03/20 07:55:00 | 000,000,000 | -HSD | C] -- D:\Users\Administrator\AppData\Local\Temporary Internet Files
[2012/03/20 07:55:00 | 000,000,000 | -HSD | C] -- D:\Users\Administrator\Documents\Eigene Videos
[2012/03/20 07:55:00 | 000,000,000 | -HSD | C] -- D:\Users\Administrator\Documents\Eigene Musik
[2012/03/20 07:55:00 | 000,000,000 | -HSD | C] -- D:\Users\Administrator\Documents\Eigene Bilder
[2012/03/20 07:55:00 | 000,000,000 | -HSD | C] -- D:\Users\Administrator\AppData\Local\Anwendungsdaten
[2012/03/20 07:55:00 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\Temp
[2012/03/20 07:55:00 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming
[2012/03/20 07:55:00 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\Microsoft
[2012/03/20 07:55:00 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012/03/20 07:55:00 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\LocalLow
[2012/03/20 07:55:00 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local
[2012/03/20 07:54:59 | 000,000,000 | ---D | C] -- D:\Users\Administrator
[2012/03/20 07:54:49 | 000,000,000 | -HSD | C] -- D:\ProgramData\Vorlagen
[2012/03/20 07:54:49 | 000,000,000 | -HSD | C] -- D:\ProgramData\Startmenü
[2012/03/20 07:54:49 | 000,000,000 | -HSD | C] -- D:\Recovery
[2012/03/20 07:54:49 | 000,000,000 | -HSD | C] -- D:\Programme
[2012/03/20 07:54:49 | 000,000,000 | -HSD | C] -- D:\Program Files\Gemeinsame Dateien
[2012/03/20 07:54:49 | 000,000,000 | -HSD | C] -- D:\ProgramData\Favoriten
[2012/03/20 07:54:49 | 000,000,000 | -HSD | C] -- D:\Users\Public\Documents\Eigene Videos
[2012/03/20 07:54:49 | 000,000,000 | -HSD | C] -- D:\Users\Public\Documents\Eigene Musik
[2012/03/20 07:54:49 | 000,000,000 | -HSD | C] -- D:\Users\Public\Documents\Eigene Bilder
[2012/03/20 07:54:49 | 000,000,000 | -HSD | C] -- D:\Dokumente und Einstellungen
[2012/03/20 07:54:49 | 000,000,000 | -HSD | C] -- D:\ProgramData\Dokumente
[2012/03/20 07:54:49 | 000,000,000 | -HSD | C] -- D:\ProgramData\Anwendungsdaten
[2012/03/20 07:51:47 | 000,000,000 | ---D | C] -- D:\Windows\SoftwareDistribution
[2012/03/20 07:48:58 | 000,000,000 | -HSD | C] -- D:\System Volume Information
[2012/03/20 07:48:08 | 000,000,000 | ---D | C] -- D:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/08 11:50:57 | 000,679,008 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/04/08 11:50:57 | 000,628,860 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/04/08 11:50:57 | 000,139,120 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/04/08 11:50:57 | 000,114,306 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/04/08 11:46:36 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/04/08 11:46:33 | 2009,935,872 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/31 05:50:47 | 000,010,016 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/31 05:50:47 | 000,010,016 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 20:37:56 | 000,240,128 | ---- | M] (jqUhg) -- D:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe
[2012/03/30 18:58:04 | 000,000,134 | ---- | M] () -- D:\Users\Public\Desktop\Emoticons for your messenger!.url
[2012/03/30 18:57:35 | 000,001,102 | ---- | M] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
[2012/03/30 18:57:35 | 000,001,078 | ---- | M] () -- D:\Users\Administrator\Desktop\iMesh.lnk
[2012/03/30 18:57:35 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh
[2012/03/28 10:15:36 | 000,000,193 | ---- | M] () -- D:\Windows\WORDPAD.INI
[2012/03/26 16:12:14 | 000,002,436 | ---- | M] () -- D:\Users\Administrator\Desktop\Windows Live Messenger.lnk
[2012/03/25 18:18:21 | 000,000,109 | ---- | M] () -- D:\user.js
[2012/03/25 18:14:33 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/03/25 18:13:58 | 000,001,255 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/03/25 18:13:40 | 000,001,324 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/03/25 18:13:07 | 000,001,408 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/03/25 18:12:49 | 000,002,436 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/03/25 18:05:04 | 001,553,208 | ---- | M] (Softonic) -- D:\Users\Administrator\Desktop\softonic_ggl_1.5.11.5.exe
[2012/03/25 18:05:00 | 001,292,136 | ---- | M] (Microsoft Corporation) -- D:\Users\Administrator\Desktop\wlsetup-web_15.4.3538.0513.exe
[2012/03/25 17:58:24 | 000,000,611 | ---- | M] () -- D:\Windows\System32\InstallUtil.InstallLog
[2012/03/25 17:57:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2012/03/21 12:40:54 | 000,001,415 | ---- | M] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/20 16:13:51 | 000,168,304 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/03/20 16:09:54 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/03/20 08:50:02 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012/03/20 08:48:44 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/20 08:46:40 | 000,000,000 | ---- | M] () -- D:\Windows\nsreg.dat
[2012/03/20 08:22:24 | 000,000,000 | ---- | M] () -- D:\Windows\ativpsrm.bin
[2012/03/20 08:20:14 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/20 08:10:06 | 000,000,000 | -H-- | M] () -- D:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/03/20 08:09:03 | 000,001,515 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/03/20 08:08:07 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2012/03/20 08:08:04 | 000,000,989 | ---- | M] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Miranda IM.lnk
[2012/03/20 08:08:04 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miranda IM
[2012/03/20 08:07:55 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012/03/20 08:07:38 | 000,001,835 | ---- | M] () -- D:\Users\Administrator\Desktop\CCleaner.lnk
[2012/03/20 08:07:22 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012/03/20 08:06:50 | 000,001,913 | ---- | M] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/20 08:06:50 | 000,001,889 | ---- | M] () -- D:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/20 08:06:50 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2012/03/20 08:06:35 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/03/20 08:03:55 | 000,004,184 | ---- | M] () -- D:\Windows\unins002.dat
[2012/03/20 08:03:47 | 000,709,719 | ---- | M] () -- D:\Windows\unins002.exe
[2012/03/20 08:03:36 | 000,007,965 | ---- | M] () -- D:\Windows\unins001.dat
[2012/03/20 08:03:33 | 000,709,719 | ---- | M] () -- D:\Windows\unins001.exe
[2012/03/20 08:03:32 | 000,006,071 | ---- | M] () -- D:\Windows\unins000.dat
[2012/03/20 08:03:12 | 000,709,724 | ---- | M] () -- D:\Windows\unins000.exe
[2012/03/20 08:02:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\deploytk.dll
[2012/03/20 08:02:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaws.exe
[2012/03/20 08:02:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaw.exe
[2012/03/20 08:02:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\java.exe
[2012/03/20 08:01:54 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/20 07:53:24 | 000,053,911 | ---- | M] () -- D:\Windows\System32\license.rtf
[2012/03/20 07:53:07 | 000,001,345 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/03/20 07:53:03 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/03/20 07:52:56 | 000,001,326 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/03/20 07:52:56 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
 
========== Files Created - No Company Name ==========
 
[2012/03/30 18:58:04 | 000,000,134 | ---- | C] () -- D:\Users\Public\Desktop\Emoticons for your messenger!.url
[2012/03/30 18:57:35 | 000,001,102 | ---- | C] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
[2012/03/30 18:57:35 | 000,001,078 | ---- | C] () -- D:\Users\Administrator\Desktop\iMesh.lnk
[2012/03/28 10:15:36 | 000,000,193 | ---- | C] () -- D:\Windows\WORDPAD.INI
[2012/03/26 16:12:14 | 000,002,436 | ---- | C] () -- D:\Users\Administrator\Desktop\Windows Live Messenger.lnk
[2012/03/25 18:18:21 | 000,000,109 | ---- | C] () -- D:\user.js
[2012/03/25 18:13:49 | 000,001,255 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/03/25 18:13:26 | 000,001,324 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/03/25 18:12:59 | 000,001,408 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/03/25 18:12:38 | 000,002,436 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/03/25 17:58:23 | 000,000,611 | ---- | C] () -- D:\Windows\System32\InstallUtil.InstallLog
[2012/03/21 12:40:54 | 000,001,415 | ---- | C] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/20 08:53:07 | 000,012,288 | ---- | C] () -- D:\Windows\MedionECO
[2012/03/20 08:53:06 | 000,012,288 | ---- | C] () -- D:\Windows\MSIECO
[2012/03/20 08:46:40 | 000,000,000 | ---- | C] () -- D:\Windows\nsreg.dat
[2012/03/20 08:22:24 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2012/03/20 08:19:07 | 000,100,632 | ---- | C] () -- D:\Windows\System32\atiapfxx.blb
[2012/03/20 08:19:07 | 000,002,888 | ---- | C] () -- D:\Windows\System32\atipblag.dat
[2012/03/20 08:19:03 | 000,022,190 | ---- | C] () -- D:\Windows\atiogl.xml
[2012/03/20 08:10:06 | 000,000,000 | -H-- | C] () -- D:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/03/20 08:09:06 | 000,001,421 | ---- | C] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/03/20 08:08:04 | 000,000,989 | ---- | C] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Miranda IM.lnk
[2012/03/20 08:07:38 | 000,001,835 | ---- | C] () -- D:\Users\Administrator\Desktop\CCleaner.lnk
[2012/03/20 08:06:50 | 000,001,913 | ---- | C] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/20 08:06:50 | 000,001,889 | ---- | C] () -- D:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/20 08:03:50 | 000,162,304 | ---- | C] () -- D:\Windows\System32\libpng13.dll
[2012/03/20 08:03:50 | 000,052,836 | ---- | C] () -- D:\Windows\System32\zlib1.dll
[2012/03/20 08:03:49 | 000,394,752 | ---- | C] () -- D:\Windows\System32\cygwinb19.dll
[2012/03/20 08:03:49 | 000,271,264 | ---- | C] () -- D:\Windows\System\vbrun100.dll
[2012/03/20 08:03:48 | 000,709,719 | ---- | C] () -- D:\Windows\unins002.exe
[2012/03/20 08:03:48 | 000,210,944 | ---- | C] () -- D:\Windows\System\msvcrt10.dll
[2012/03/20 08:03:48 | 000,004,184 | ---- | C] () -- D:\Windows\unins002.dat
[2012/03/20 08:03:33 | 000,709,719 | ---- | C] () -- D:\Windows\unins001.exe
[2012/03/20 08:03:33 | 000,007,965 | ---- | C] () -- D:\Windows\unins001.dat
[2012/03/20 08:03:12 | 000,709,724 | ---- | C] () -- D:\Windows\unins000.exe
[2012/03/20 08:03:12 | 000,006,071 | ---- | C] () -- D:\Windows\unins000.dat
[2012/03/20 07:55:00 | 000,000,290 | ---- | C] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/03/20 07:55:00 | 000,000,272 | ---- | C] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/20 07:53:07 | 000,001,345 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/03/20 07:52:56 | 000,001,326 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/03/20 07:49:07 | 000,168,304 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/03/20 07:48:58 | 2009,935,872 | -HS- | C] () -- D:\hiberfil.sys
[2011/06/10 02:42:52 | 000,223,990 | ---- | C] () -- D:\Windows\System32\atiicdxx.dat
[2011/06/10 01:34:52 | 000,080,416 | ---- | C] () -- D:\Windows\System32\RtNicProp32.dll
[2009/07/14 04:47:43 | 000,679,008 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,139,120 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:05:48 | 000,628,860 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,114,306 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2012/03/20 07:54:49 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/03/30 18:58:11 | 000,000,000 | ---D | M] -- D:\ProgramData\B15B
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2012/03/20 07:54:49 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2012/03/20 07:54:49 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/03/30 18:57:34 | 000,000,000 | ---D | M] -- D:\ProgramData\iMesh
[2012/03/25 17:58:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Iminent
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012/03/20 07:54:49 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012/03/20 07:54:49 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/03/30 18:58:19 | 000,000,000 | -H-D | M] -- D:\ProgramData\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}
[2009/07/14 00:53:46 | 000,011,464 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012/03/20 08:08:56 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\Documents and Settings
[2012/03/20 07:54:49 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- D:\PerfLogs
[2012/03/30 18:57:33 | 000,000,000 | R--D | M] -- D:\Program Files
[2012/03/30 18:58:11 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2012/03/20 07:54:49 | 000,000,000 | -HSD | M] -- D:\Programme
[2012/03/20 07:54:49 | 000,000,000 | -HSD | M] -- D:\Recovery
[2012/03/26 12:50:18 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2012/03/20 07:54:59 | 000,000,000 | R--D | M] -- D:\Users
[2012/04/02 07:13:08 | 000,000,000 | ---D | M] -- D:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- D:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- D:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\System32\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- D:\Windows\System32\user32.dll
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- D:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- D:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- D:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll / lockedfiles >
Invalid Switch: lockedfiles
 
Invalid Environment Variable: %USEPROFILE%\*.*
 
Invalid Environment Variable: %USEPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USEPROFILE%\Local Settings\Temp\*dll
 
Invalid Environment Variable: %USEPROFILE%\Application Data\*.exe

< End of report >
--- --- ---
Alt 11.04.2012, 15:58   #2
markusg
/// Malware-holic
 
Trojaner "Bitte warten sie während die Verbindung hergestellt wird" - Standard

Trojaner "Bitte warten sie während die Verbindung hergestellt wird"


hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O4 - HKLM..\Run: [BX6kRBeYBXtpN21] D:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O4 - HKU\Administrator_ON_D..\Run: [BX6kRBeYBXtpN21] D:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O4 - HKU\Administrator_ON_D..\RunOnce: [!iMeshDSFF] D:\Users\Administrator\AppData\Local\Temp\SRAssetsHelper.dll ()
O4 - HKU\Administrator_ON_D..\RunOnce: [!iMeshFFHP] D:\Users\Administrator\AppData\Local\Temp\Installhelper.dll ()
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKLM Winlogon: Shell - (C:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe) - D:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe) - D:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O20 - HKU\Administrator_ON_D Winlogon: Shell - (C:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe) - D:\Users\Administrator\AppData\Roaming\y6drxuj
c7ti.exe (jqUhg)
O20 - HKU\Administrator_ON_D Winlogon: UserInit - (C:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe) - D:\Users\Administrator\AppData\Roaming\y6drxuj
c7ti.exe (jqUhg)
:Files
D:\Users\Administrator\AppData\Roaming\y6drxuj c7ti.exe
D:\Users\Administrator\AppData\Local\Temp\SRAssetsHelper.dll
D:\Users\Administrator\AppData\Local\Temp\Installhelper.dll
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.



falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
edit: bei dir d:
__________________

__________________
Antwort

Themen zu Trojaner "Bitte warten sie während die Verbindung hergestellt wird"
bildschirm, bingbar, bitte warten, bitte warten sie während die verbindung hergestellt wird, disabletaskmgr, hergestellt, hinweis, iminent toolbar, langs, launch, msvcrt, nvstor.sys, plug-in, search the web, security update, softonic, troja, trojaner, usb 3.0, verbindung, version=1.0, weiße


« TR/Crypt.ULPM.Gen und andere diverse viren auf meinem pc was soll ich tun? | Windows Custodian Utility und Spyhunter eingefangen --- benötige Unterstützung zur Problemlösung »


Ähnliche Themen: Trojaner "Bitte warten sie während die Verbindung hergestellt wird"


  1. Trojaner: weißer Bildschirm "Bitte warten Sie während die Verbindung hergestellt wird"
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (30)
  2. Trojaner - Weisser Bildschirm "Bitte warten Sie während die Verbindung hergestellt wird."
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (4)
  3. Weißer Bildschirm "Bitte warten Sie während die Verbindung hergestellt wird" Vista
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (15)
  4. Weisser Bildschirm "Warten Sie während die Verbindung hergestellt wird"
    Log-Analyse und Auswertung - 27.06.2012 (5)
  5. "bitte warten sie während die Verbindung hergestellt wird"
    Log-Analyse und Auswertung - 20.06.2012 (7)
  6. Noch ein weißer Bildschirm "Bitte warten während die Verbindung hergestellt wird"
    Plagegeister aller Art und deren Bekämpfung - 02.06.2012 (3)
  7. Fehlermeldung beim Starten: "Bitte warten Sie während die Verbindung hergestellt wird".
    Log-Analyse und Auswertung - 28.04.2012 (28)
  8. Weißer Bildschirm: "Warten während die Verbindung hergestellt wird." Win 7
    Log-Analyse und Auswertung - 18.04.2012 (4)
  9. White Screen, "... warten Sie, während die Verbindung hergestellt wird" Windows Vista
    Log-Analyse und Auswertung - 27.03.2012 (7)
  10. Weißer Bildschirm / "Bitte warten während Verbindung hergestellt wird"
    Plagegeister aller Art und deren Bekämpfung - 21.03.2012 (7)
  11. "Warten Sie während die Verbindung hergestellt wird" - OTL-Logfile
    Log-Analyse und Auswertung - 19.03.2012 (1)
  12. Weißer Bildschirm und :"warten sie während die verbindung hergestellt wird"
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (9)
  13. Whitescreen; "Warten Sie während die Verbindung hergestellt wird..."
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (3)
  14. Whitescreen; "Warten Sie während die Verbindung hergestellt wird..."
    Alles rund um Windows - 03.03.2012 (5)
  15. Whitescreen; "Warten Sie während die Verbindung hergestellt wird..."
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (3)
  16. Win7 Weißer Bildschirm:"Warten sie während die Verbindung mit dem Internet hergestellt wird"
    Log-Analyse und Auswertung - 02.03.2012 (20)
  17. Win XP - Weisser Bildschirm "Warten sie während die Verbindung mit dem Internet hergestellt wird"
    Log-Analyse und Auswertung - 23.02.2012 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner "Bitte warten sie während die Verbindung hergestellt wird" - Ich habe einen weißen Bildschirm mit den Hinweis "Bitte warten sie während die Verbindung hergestellt wird ". Hier die meine OTL Datei.. Ich bedanke mich schon mal im voraus OTL - Trojaner "Bitte warten sie während die Verbindung hergestellt wird"...
Archiv
Du betrachtest: Trojaner "Bitte warten sie während die Verbindung hergestellt wird" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131