Trojaner? Rechnung.exe geöffnet aus Email, Dateien nun locked

Rubyjona

Hallo Ihr. Hab ein dringendes Problem.

Habe gestern eine dubiose Email erhalten mit einem Anhang Rechnung.exe.
Diese habe ich geöffnet dummerweise. Zunächst passierte gar nichts. Beim Neustarten von Windows kam ein Bild, wo man Geld von mir wollte damit ich wieder an meine Dateien kann (soin der Art).
Hab dann Windows nochmal im abgesicherten Modus gestartet, die Mail und Anhang gelöscht und eine Systemwiederherstellung gemacht.
Da sah alles zunächst wieder gut aus bis ich dann festgestellt habe das alle Dateien...Fotos,Musik etc. das Wort locked voranstehen haben und auch die Dateiendungen sind wir...also nach jpg steht noch ein Punkt und drei Buchtaben...immer anders. z.B. locked-Tony1.jpg.mcym
Anschauen kann ich sie natürlich auch nicht mehr.
Was für Schäden noch entstanden sind weiss ich nicht.

Bitte dringend um Hilfe. Hab schon die Anleitungen hier befolgt und werde das mal anhängen. Schonmal Danke für eure Bemühungen.


DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by besitzer at 8:52:47 on 2012-04-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3060.2032 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=64603b3400000000000000262da3e3d1
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{CCC1DF17-507A-4277-AB74-2EBA49B3866A} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{CCC1DF17-507A-4277-AB74-2EBA49B3866A}\64259445A51224F6870264F6E60275C414E40273131333 : DhcpNameServer = 192.168.178.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\besitzer\appdata\roaming\mozilla\firefox\profiles\by6b62nt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 1
FF - component: c:\users\besitzer\appdata\roaming\mozilla\firefox\profiles\by6b62nt.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\besitzer\appdata\roaming\mozilla\firefox\profiles\by6b62nt.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\besitzer\appdata\roaming\mozilla\firefox\profiles\by6b62nt.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - 64603b3400000000000000262da3e3d1
FF - user.js: extensions.funmoods_i.instlDay - 15430
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.169:37:20
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110141
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - 64603b3400000000000000262da3e3d1
FF - user.js: extensions.BabylonToolbar_i.hardId - 64603b3400000000000000262da3e3d1
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15436
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:43:16
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-17 36000]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2011-9-16 20392]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-9-20 172032]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-4-17 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-4-17 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-17 74640]
R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2012-3-31 82944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-9-29 722616]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2011-11-21 1052480]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-9-20 2320920]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-9-20 5191680]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-9-20 125440]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-3-6 101392]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2012-3-6 350248]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-24 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-5 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-21 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-5 135664]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2012-3-6 3567]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-8 15872]
S3 rsvcdwdr;rsvcdwdr;c:\windows\system32\drivers\rsvcdwdr.sys [2011-11-17 35944]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2011-1-31 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2010-3-15 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2010-3-15 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2010-3-15 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2010-3-15 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2010-3-15 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2010-3-15 123504]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-04-24 23:46:27 388096 ----a-r- c:\users\besitzer\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-04-24 23:46:27 -------- d-----w- c:\program files\Trend Micro
2012-04-24 23:34:27 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b7e36e2b-35cc-488d-8dff-75b497509636}\mpengine.dll
2012-04-24 22:53:53 -------- d-----w- c:\users\besitzer\appdata\local\CCEnhancer
2012-04-24 22:48:04 -------- d-----w- c:\program files\DVDVideoSoft
2012-04-24 21:23:45 -------- d-----w- c:\users\besitzer\appdata\roaming\Realtec
2012-04-20 23:25:36 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-17 20:34:10 -------- d-----w- c:\users\besitzer\appdata\roaming\Avira
2012-04-17 20:28:40 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-17 20:28:40 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-17 20:28:39 -------- d-----w- c:\programdata\Avira
2012-04-17 20:28:39 -------- d-----w- c:\program files\Avira
2012-04-17 06:55:14 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-04-16 12:54:42 -------- d--h--w- C:\_Backup
2012-04-15 18:18:23 -------- d-----w- c:\windows\system32\IO
2012-04-14 09:33:04 -------- d-----w- c:\windows\system32\Data
2012-04-13 15:50:45 -------- d-----w- c:\users\besitzer\appdata\roaming\Carnival Software
2012-04-12 15:13:30 -------- d-----w- c:\users\besitzer\appdata\roaming\Leawo
2012-04-12 15:12:30 -------- d-----w- c:\programdata\Leawo
2012-04-12 15:11:48 -------- d-----w- c:\program files\Leawo
2012-04-12 14:54:11 -------- d-----w- c:\users\besitzer\appdata\roaming\Avanquest
2012-04-12 14:53:21 -------- d-----w- c:\programdata\Avanquest
2012-04-12 14:53:21 -------- d-----w- c:\program files\Avanquest
2012-04-12 08:18:15 -------- d-----w- c:\users\besitzer\appdata\local\Vidalia
2012-04-11 18:23:12 -------- d-----w- c:\program files\RapidShareManager
2012-04-11 14:25:59 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 14:25:59 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 14:25:58 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 14:25:58 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 14:25:36 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 14:25:36 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 14:44:03 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-04-06 20:37:00 -------- d-----w- c:\users\besitzer\appdata\roaming\poclbm
2012-04-06 15:40:58 12625408 ----a-w- c:\windows\system32\wmploc.DLL.xpize
2012-04-06 15:39:55 20268032 ----a-w- c:\windows\system32\imageres.dll.xpize
2012-04-06 15:39:54 37376 ----a-w- c:\windows\system32\themeservice.dll.backup
2012-04-06 15:39:54 2755072 ----a-w- c:\windows\system32\themeui.dll.backup
2012-04-06 15:39:53 249856 ----a-w- c:\windows\system32\uxtheme.dll.backup
2012-04-04 05:53:56 182160 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-04-03 19:36:38 -------- d-----w- c:\program files\iPod
2012-04-02 21:34:03 -------- d-----w- c:\programdata\ClubSanDisk
2012-03-30 17:22:29 -------- d-----w- c:\program files\Microsoft Picture It! 10
2012-03-29 10:39:24 -------- d-----w- c:\users\besitzer\appdata\roaming\DesktopIconForAmazon
2012-03-29 10:39:23 338432 ----a-w- c:\windows\system32\sqlite36_engine.dll
2012-03-29 10:39:22 493056 ----a-w- c:\windows\system32\dhRichClient3.dll
2012-03-29 10:39:13 -------- d-----w- c:\users\besitzer\appdata\roaming\OCS
2012-03-26 15:09:36 -------- d-----w- c:\program files\USM
.
==================== Find3M ====================
.
2012-04-20 23:49:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-06 15:39:54 37376 ----a-w- c:\windows\system32\themeservice.dll
2012-04-06 15:39:54 2755072 ----a-w- c:\windows\system32\themeui.dll
2012-04-06 15:39:53 249856 ----a-w- c:\windows\system32\uxtheme.dll
2012-02-28 05:38:52 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 10:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 09:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 8:53:30,13 ===============