| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BundestrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
| |
20.01.2013, 21:43
| #1 |
 |  Bundestrojaner Liebe Trojaner-Board Community, vor ungefähr einer Woche habe ich mir einen Bundestrojaner eingefangen. Da ich nicht sehr viel von dem Thema verstehe hat mir mein Freund geholfen, und mich auf diesen verwiesen ----> http://www.trojaner-board.de/128878-...-variante.html Daraufhin bin ich der Anleitung vom t'John gefolgt (gleich die erste Anleitung) und habe eine OTL.txt erhalten die ich hier posten möchte.OTL Logfile: Code:
ATTFilter OTL logfile created on: 1/20/2013 9:09:19 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 75.36 Mb Free Space | 75.37% Space Free | Partition Type: NTFS
Drive D: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.57% Space Free | Partition Type: FAT32
Drive E: | 698.54 Gb Total Space | 115.40 Gb Free Space | 16.52% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/01/09 20:00:00 | 000,263,680 | ---- | M] (Корпорация Майкрософт) [Auto] -- E:\Users\Nana\wgsdgsdgdsgsd.exe -- (Winmgmt)
SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/10 15:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/09/20 07:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/09/14 12:42:50 | 002,019,184 | ---- | M] (O&O Software GmbH) [Auto] -- E:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2012/09/12 11:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 11:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto] -- E:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/01 11:24:00 | 003,889,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- E:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011/07/26 13:23:06 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/26 03:14:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/05/24 22:03:26 | 000,176,128 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/09/05 23:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/07/16 10:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- E:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 03:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 03:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (VGPU)
DRV - File not found [Kernel | On_Demand] -- -- (hwusbfake)
DRV - File not found [Kernel | On_Demand] -- -- (hwdatacard)
DRV - File not found [Kernel | On_Demand] -- -- (amdiox86)
DRV - [2013/01/20 14:23:46 | 000,043,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\jbprghah.sys -- (jbprghah)
DRV - [2012/10/22 16:01:15 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System] -- E:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/10/10 15:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/30 16:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/23 09:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/05/24 21:25:20 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/03/30 13:46:36 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot] -- E:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2011/02/08 05:03:54 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 16:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/12 05:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/12/01 04:11:28 | 001,872,192 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- E:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/04/29 08:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2004/08/13 02:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- E:\Windows\System32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Nana_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Nana_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Nana_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 E6 CE B3 AC EA CD 01 [binary data]
IE - HKU\Nana_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [CmPCIaudio] File not found
O4 - HKLM..\Run: [MSC] E:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OODefragTray] E:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKU\Nana_ON_E..\Run: [Spotify Web Helper] E:\Users\Nana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Nana_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - E:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/20 20:41:38 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2013/01/20 14:23:45 | 000,043,600 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\jbprghah.sys
[2013/01/09 17:22:11 | 000,088,640 | ---- | C] (Spotify Ltd) -- E:\Users\Nana\Desktop\SpotifySetup.exe
[2013/01/09 11:25:08 | 000,000,000 | ---D | C] -- E:\Users\Nana\Desktop\Linkin Park
[2013/01/09 06:49:25 | 002,345,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2013/01/09 06:49:24 | 000,492,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32spl.dll
[2013/01/09 06:49:12 | 000,271,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\conhost.exe
[2013/01/09 06:49:12 | 000,169,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winsrv.dll
[2013/01/09 06:49:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 06:49:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 06:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 06:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 06:49:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 06:49:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 06:49:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 06:49:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 06:49:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 06:49:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 06:49:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 06:49:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 06:49:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 06:49:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 06:49:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 06:49:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 06:49:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 06:49:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 06:48:55 | 002,576,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\gameux.dll
[2013/01/09 06:48:55 | 000,308,736 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Wpc.dll
[2013/01/09 06:48:55 | 000,046,592 | ---- | C] (Microsoft) -- E:\Windows\System32\fpb.rs
[2013/01/09 06:48:55 | 000,045,568 | ---- | C] (Microsoft) -- E:\Windows\System32\oflc-nz.rs
[2013/01/09 06:48:55 | 000,044,544 | ---- | C] (Microsoft) -- E:\Windows\System32\pegibbfc.rs
[2013/01/09 06:48:55 | 000,043,520 | ---- | C] (Microsoft) -- E:\Windows\System32\csrr.rs
[2013/01/09 06:48:55 | 000,040,960 | ---- | C] (Microsoft) -- E:\Windows\System32\cob-au.rs
[2013/01/09 06:48:55 | 000,030,720 | ---- | C] (Microsoft) -- E:\Windows\System32\usk.rs
[2013/01/09 06:48:55 | 000,021,504 | ---- | C] (Microsoft) -- E:\Windows\System32\grb.rs
[2013/01/09 06:48:55 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi-pt.rs
[2013/01/09 06:48:55 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi.rs
[2013/01/09 06:48:55 | 000,015,360 | ---- | C] (Microsoft) -- E:\Windows\System32\djctq.rs
[2013/01/09 06:48:54 | 000,055,296 | ---- | C] (Microsoft) -- E:\Windows\System32\cero.rs
[2013/01/09 06:48:54 | 000,051,712 | ---- | C] (Microsoft) -- E:\Windows\System32\esrb.rs
[2013/01/09 06:48:54 | 000,023,552 | ---- | C] (Microsoft) -- E:\Windows\System32\oflc.rs
[2013/01/09 06:48:54 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi-fi.rs
[2013/01/09 06:48:49 | 000,220,160 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ncrypt.dll
[2013/01/09 06:48:48 | 000,049,152 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\taskhost.exe
[2013/01/04 19:10:33 | 000,000,000 | ---D | C] -- E:\Windows\System32\oodag
[2013/01/04 16:59:38 | 000,000,000 | ---D | C] -- E:\Users\Nana\AppData\Local\O&O
[2013/01/04 16:58:58 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2013/01/04 16:58:51 | 000,000,000 | ---D | C] -- E:\Program Files\OO Software
[2013/01/04 16:58:06 | 000,000,000 | ---D | C] -- E:\ProgramData\OO Software
[2013/01/04 16:57:41 | 000,000,000 | ---D | C] -- E:\Users\Nana\Desktop\O&O Defrag Professional 16.0 Build 139 Deutsch (x64)+(x86)
[2013/01/03 16:59:42 | 000,000,000 | ---D | C] -- E:\Users\Nana\Documents\Calibre Library
[2013/01/03 16:58:42 | 000,000,000 | ---D | C] -- E:\Users\Nana\Documents\Calibre Bibliothek
[2013/01/03 16:58:15 | 000,000,000 | ---D | C] -- E:\Users\Nana\AppData\Roaming\calibre
[2013/01/03 16:57:52 | 000,000,000 | ---D | C] -- E:\Program Files\Calibre2
[2013/01/03 16:57:52 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/01/03 05:28:39 | 000,000,000 | R--D | C] -- E:\Users\Nana\Desktop\Spiele
[2013/01/03 05:10:51 | 000,000,000 | ---D | C] -- E:\Users\Nana\Desktop\Georgs Neujahrrsbesuch
[2013/01/01 17:39:03 | 000,000,000 | ---D | C] -- E:\Users\Nana\Desktop\Marie Lu - Legend Bd. 1 - Fallender Himmel
[2013/01/01 15:12:57 | 000,000,000 | ---D | C] -- E:\Users\Nana\Desktop\E-Bücher
[2013/01/01 12:20:46 | 000,000,000 | ---D | C] -- E:\Users\Nana\AppData\Local\Skyrim
[2013/01/01 12:20:22 | 000,528,216 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_6.dll
[2013/01/01 12:20:22 | 000,515,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_5.dll
[2013/01/01 12:20:22 | 000,238,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_6.dll
[2013/01/01 12:20:22 | 000,238,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_5.dll
[2013/01/01 12:20:22 | 000,074,072 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_4.dll
[2013/01/01 12:20:22 | 000,022,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_7.dll
[2013/01/01 12:20:21 | 001,974,616 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_42.dll
[2013/01/01 12:20:20 | 005,501,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dcsx_42.dll
[2013/01/01 12:20:19 | 001,892,184 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DX9_42.dll
[2013/01/01 12:20:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_42.dll
[2013/01/01 12:20:19 | 000,235,344 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx11_42.dll
[2013/01/01 12:20:18 | 004,178,264 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DX9_41.dll
[2013/01/01 12:20:18 | 001,846,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_41.dll
[2013/01/01 12:20:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_41.dll
[2013/01/01 12:20:17 | 000,517,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_4.dll
[2013/01/01 12:20:17 | 000,235,352 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_4.dll
[2013/01/01 12:20:17 | 000,069,464 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_3.dll
[2013/01/01 12:20:16 | 002,036,576 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_40.dll
[2013/01/01 12:20:16 | 000,452,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_40.dll
[2013/01/01 12:20:16 | 000,022,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_6.dll
[2013/01/01 12:20:15 | 004,379,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DX9_40.dll
[2013/01/01 12:20:15 | 000,514,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_3.dll
[2013/01/01 12:20:15 | 000,235,856 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_3.dll
[2013/01/01 12:20:15 | 000,070,992 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_2.dll
[2013/01/01 12:20:14 | 000,509,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_2.dll
[2013/01/01 12:20:14 | 000,238,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_2.dll
[2013/01/01 12:20:14 | 000,068,616 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_1.dll
[2013/01/01 12:20:14 | 000,023,376 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_5.dll
[2013/01/01 12:20:13 | 000,507,400 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_1.dll
[2013/01/01 12:20:13 | 000,065,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAPOFX1_0.dll
[2013/01/01 12:20:12 | 001,491,992 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_38.dll
[2013/01/01 12:20:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_38.dll
[2013/01/01 12:20:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_1.dll
[2013/01/01 12:20:12 | 000,025,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_4.dll
[2013/01/01 12:20:11 | 003,850,760 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DX9_38.dll
[2013/01/01 12:20:11 | 000,479,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\XAudio2_0.dll
[2013/01/01 12:20:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine3_0.dll
[2013/01/01 12:20:10 | 001,420,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_37.dll
[2013/01/01 12:20:10 | 000,462,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_37.dll
[2013/01/01 12:20:10 | 000,025,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_3.dll
[2013/01/01 12:20:09 | 003,786,760 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DX9_37.dll
[2013/01/01 12:20:09 | 001,374,232 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_36.dll
[2013/01/01 12:20:09 | 000,444,776 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_36.dll
[2013/01/01 12:20:09 | 000,267,272 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_10.dll
[2013/01/01 12:20:07 | 003,734,536 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_36.dll
[2013/01/01 12:20:07 | 001,358,192 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_35.dll
[2013/01/01 12:20:07 | 000,444,776 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_35.dll
[2013/01/01 12:20:07 | 000,267,112 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_9.dll
[2013/01/01 12:20:06 | 003,727,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_35.dll
[2013/01/01 12:20:05 | 001,124,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_34.dll
[2013/01/01 12:20:05 | 000,443,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_34.dll
[2013/01/01 12:20:05 | 000,266,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_8.dll
[2013/01/01 12:20:05 | 000,017,928 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\X3DAudio1_2.dll
[2013/01/01 12:20:04 | 003,497,832 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_34.dll
[2013/01/01 12:20:04 | 000,261,480 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_7.dll
[2013/01/01 12:20:03 | 003,495,784 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_33.dll
[2013/01/01 12:20:03 | 001,123,696 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\D3DCompiler_33.dll
[2013/01/01 12:20:03 | 000,443,752 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10_33.dll
[2013/01/01 12:20:03 | 000,255,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_6.dll
[2013/01/01 12:20:02 | 000,440,080 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx10.dll
[2013/01/01 12:20:02 | 000,251,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_5.dll
[2013/01/01 12:20:00 | 003,426,072 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_32.dll
[2013/01/01 12:20:00 | 002,414,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_31.dll
[2013/01/01 12:20:00 | 000,237,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_4.dll
[2013/01/01 12:20:00 | 000,015,128 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\x3daudio1_1.dll
[2013/01/01 12:19:59 | 000,236,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_3.dll
[2013/01/01 12:19:59 | 000,230,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_2.dll
[2013/01/01 12:19:59 | 000,062,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xinput1_2.dll
[2013/01/01 12:19:58 | 000,229,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_1.dll
[2013/01/01 12:19:58 | 000,062,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xinput1_1.dll
[2013/01/01 12:19:51 | 002,388,176 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_30.dll
[2013/01/01 12:19:50 | 002,332,368 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_29.dll
[2013/01/01 12:19:50 | 000,230,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\xactengine2_0.dll
[2013/01/01 12:19:50 | 000,014,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\x3daudio1_0.dll
[2013/01/01 12:19:49 | 002,323,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_28.dll
[2013/01/01 12:19:48 | 002,319,568 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_27.dll
[2013/01/01 12:19:47 | 002,337,488 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_25.dll
[2013/01/01 12:19:47 | 002,297,552 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_26.dll
[2013/01/01 12:19:46 | 002,222,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3dx9_24.dll
[2013/01/01 11:08:05 | 000,000,000 | ---D | C] -- E:\Users\Nana\AppData\Roaming\JAM Software
[2013/01/01 11:07:55 | 000,000,000 | ---D | C] -- E:\Program Files\JAM Software
[2013/01/01 10:59:22 | 000,000,000 | R--D | C] -- E:\Users\Nana\Desktop\Anwendungen
[2012/12/30 20:36:51 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/12/30 20:36:10 | 000,000,000 | ---D | C] -- E:\ProgramData\Battle.net
[2012/12/30 20:34:11 | 000,000,000 | ---D | C] -- E:\Users\Nana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/12/30 16:03:53 | 000,000,000 | ---D | C] -- E:\Users\Nana\Documents\StarCraft II
[2012/12/30 16:03:53 | 000,000,000 | ---D | C] -- E:\Program Files\StarCraft II
[2012/12/30 16:03:53 | 000,000,000 | ---D | C] -- E:\ProgramData\Blizzard Entertainment
[2012/12/30 16:03:53 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Blizzard Entertainment
[2012/12/30 16:02:24 | 000,024,064 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\terminpt.sys
[2012/12/30 16:02:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\rdpvideominiport.sys
[2012/12/30 16:02:24 | 000,012,288 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012/12/30 16:02:23 | 000,049,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\TsUsbFlt.sys
[2012/12/30 16:02:23 | 000,027,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\TsUsbGD.sys
[2012/12/30 16:02:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012/12/30 16:02:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RdpGroupPolicyExtension.dll
[2012/12/30 16:02:22 | 002,739,712 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpcorets.dll
[2012/12/30 16:02:22 | 000,317,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wksprt.exe
[2012/12/30 16:02:22 | 000,269,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\aaclient.dll
[2012/12/30 16:02:22 | 000,221,184 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpudd.dll
[2012/12/30 16:02:22 | 000,192,000 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpendp_winip.dll
[2012/12/30 16:02:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TSWbPrxy.exe
[2012/12/30 16:02:22 | 000,046,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MsRdpWebAccess.dll
[2012/12/30 16:02:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tsgqec.dll
[2012/12/30 16:02:22 | 000,032,768 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/12/30 16:02:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wksprtPS.dll
[2012/12/30 16:01:13 | 001,039,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\lsasrv.dll
[2012/12/30 16:01:09 | 000,514,560 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\qdvd.dll
[2012/12/30 15:58:55 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Security Client
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/20 14:24:17 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/01/20 14:23:46 | 000,043,600 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\drivers\jbprghah.sys
[2013/01/20 14:23:08 | 095,023,320 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/20 14:23:06 | 000,002,865 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/20 14:23:06 | 000,001,054 | ---- | M] () -- E:\Users\Nana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/20 14:22:49 | 2415,357,952 | -HS- | M] () -- E:\hiberfil.sys
[2013/01/20 14:22:49 | 000,026,796 | ---- | M] () -- E:\Windows\System32\oodbs.lor
[2013/01/09 19:47:03 | 002,167,242 | ---- | M] () -- E:\Users\Nana\Desktop\grammar.pdf
[2013/01/09 19:46:23 | 000,618,833 | ---- | M] () -- E:\Users\Nana\Desktop\Basic_-Italian.pdf
[2013/01/09 18:02:57 | 000,021,280 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 18:02:57 | 000,021,280 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 17:22:11 | 000,088,640 | ---- | M] (Spotify Ltd) -- E:\Users\Nana\Desktop\SpotifySetup.exe
[2013/01/09 11:22:44 | 000,388,520 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2013/01/07 12:10:53 | 000,000,798 | ---- | M] () -- E:\Users\Nana\Desktop\ArabicAnEssentialGrammar.pdf.lnk
[2013/01/07 12:09:00 | 000,027,979 | ---- | M] () -- E:\Users\Nana\Desktop\AuPair Formalitäten.odt
[2013/01/07 10:56:53 | 000,007,334 | ---- | M] () -- E:\Users\Nana\Desktop\was sie von mir brauchen.odt
[2013/01/06 16:03:37 | 000,216,976 | ---- | M] () -- E:\Users\Nana\Desktop\d027.jpg
[2013/01/04 16:58:58 | 000,002,509 | ---- | M] () -- E:\Users\Public\Desktop\O&O Defrag.lnk
[2013/01/04 16:58:58 | 000,002,453 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
[2013/01/04 16:58:58 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/04 16:58:58 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2013/01/04 16:54:06 | 001,326,828 | ---- | M] () -- E:\Users\Nana\Desktop\Stiefvater, Maggie - Rot wie das Meer.epub
[2013/01/04 16:49:43 | 064,873,173 | ---- | M] () -- E:\Users\Nana\Desktop\O&O Defrag Professional 16.0 Build 139 Deutsch (x64)+(x86).rar
[2013/01/03 17:08:33 | 005,713,414 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/01/03 17:08:33 | 002,154,326 | ---- | M] () -- E:\Windows\System32\perfh019.dat
[2013/01/03 17:08:33 | 002,094,376 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/01/03 17:08:33 | 001,698,874 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/01/03 17:08:33 | 001,542,008 | ---- | M] () -- E:\Windows\System32\perfc019.dat
[2013/01/03 17:08:33 | 001,515,880 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/01/03 16:58:10 | 000,000,897 | ---- | M] () -- E:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/01/03 16:58:10 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/01/03 16:47:01 | 005,154,944 | ---- | M] () -- E:\Users\Nana\Desktop\Grim1.rar
[2013/01/03 16:44:43 | 028,874,727 | ---- | M] () -- E:\Users\Nana\Desktop\Buecherkiste_Fo_K.rar
[2013/01/03 16:43:51 | 419,430,400 | ---- | M] () -- E:\Users\Nana\Desktop\lk_zeit_2.part1.rar
[2013/01/03 16:43:09 | 000,011,729 | ---- | M] () -- E:\Users\Nana\Desktop\OpenDocument Text (neu) (3).odt
[2013/01/03 16:40:14 | 310,744,066 | ---- | M] () -- E:\Users\Nana\Desktop\lk_zeit_2.part2.rar
[2013/01/03 05:30:05 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition
[2013/01/03 05:29:59 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Venetica
[2013/01/03 05:29:50 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013/01/01 17:51:07 | 003,751,452 | ---- | M] () -- E:\Users\Nana\Desktop\sk.friedh.rar
[2013/01/01 17:50:41 | 095,206,566 | ---- | M] () -- E:\Users\Nana\Desktop\LuSe.rar
[2013/01/01 17:32:12 | 006,033,365 | ---- | M] () -- E:\Users\Nana\Desktop\Legend1.rar
[2012/12/30 20:44:32 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/12/30 20:32:59 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/12/30 15:59:24 | 000,001,945 | ---- | M] () -- E:\Windows\epplauncher.mif
[2012/12/30 15:59:06 | 000,002,084 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/30 15:57:03 | 001,474,832 | ---- | M] () -- E:\Windows\System32\drivers\sfi.dat
[2012/12/30 15:19:16 | 000,000,045 | ---- | M] () -- E:\Windows\System32\initdebug.nfo
[2012/12/30 15:08:17 | 000,000,146 | ---- | M] () -- E:\Users\Nana\Desktop\Sound - Verknüpfung.lnk
[2012/12/28 18:21:18 | 000,018,919 | ---- | M] () -- E:\Users\Nana\Desktop\zitate.odt
[2012/12/28 16:35:02 | 000,016,563 | ---- | M] () -- E:\Users\Nana\Desktop\OpenDocument Text (neu) (2).odt
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/20 14:23:06 | 000,001,054 | ---- | C] () -- E:\Users\Nana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/09 19:47:03 | 002,167,242 | ---- | C] () -- E:\Users\Nana\Desktop\grammar.pdf
[2013/01/09 19:46:23 | 000,618,833 | ---- | C] () -- E:\Users\Nana\Desktop\Basic_-Italian.pdf
[2013/01/08 15:14:55 | 000,002,865 | ---- | C] () -- E:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/08 15:14:49 | 095,023,320 | ---- | C] () -- E:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/07 12:10:53 | 000,000,798 | ---- | C] () -- E:\Users\Nana\Desktop\ArabicAnEssentialGrammar.pdf.lnk
[2013/01/07 12:08:58 | 000,027,979 | ---- | C] () -- E:\Users\Nana\Desktop\AuPair Formalitäten.odt
[2013/01/07 10:56:53 | 000,007,334 | ---- | C] () -- E:\Users\Nana\Desktop\was sie von mir brauchen.odt
[2013/01/06 16:04:01 | 000,216,976 | ---- | C] () -- E:\Users\Nana\Desktop\d027.jpg
[2013/01/05 16:03:12 | 000,026,796 | ---- | C] () -- E:\Windows\System32\oodbs.lor
[2013/01/04 16:58:58 | 000,002,509 | ---- | C] () -- E:\Users\Public\Desktop\O&O Defrag.lnk
[2013/01/04 16:58:58 | 000,002,453 | ---- | C] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
[2013/01/04 16:54:06 | 001,326,828 | ---- | C] () -- E:\Users\Nana\Desktop\Stiefvater, Maggie - Rot wie das Meer.epub
[2013/01/04 16:48:40 | 064,873,173 | ---- | C] () -- E:\Users\Nana\Desktop\O&O Defrag Professional 16.0 Build 139 Deutsch (x64)+(x86).rar
[2013/01/03 16:58:10 | 000,000,897 | ---- | C] () -- E:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/01/03 16:47:01 | 005,154,944 | ---- | C] () -- E:\Users\Nana\Desktop\Grim1.rar
[2013/01/03 16:31:14 | 419,430,400 | ---- | C] () -- E:\Users\Nana\Desktop\lk_zeit_2.part1.rar
[2013/01/03 16:30:39 | 310,744,066 | ---- | C] () -- E:\Users\Nana\Desktop\lk_zeit_2.part2.rar
[2013/01/03 16:25:56 | 028,874,727 | ---- | C] () -- E:\Users\Nana\Desktop\Buecherkiste_Fo_K.rar
[2013/01/03 15:17:42 | 000,011,729 | ---- | C] () -- E:\Users\Nana\Desktop\OpenDocument Text (neu) (3).odt
[2013/01/01 17:50:49 | 003,751,452 | ---- | C] () -- E:\Users\Nana\Desktop\sk.friedh.rar
[2013/01/01 17:49:13 | 095,206,566 | ---- | C] () -- E:\Users\Nana\Desktop\LuSe.rar
[2013/01/01 17:32:10 | 006,033,365 | ---- | C] () -- E:\Users\Nana\Desktop\Legend1.rar
[2012/12/30 15:59:23 | 000,001,945 | ---- | C] () -- E:\Windows\epplauncher.mif
[2012/12/30 15:59:06 | 000,002,084 | ---- | C] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/30 15:08:17 | 000,000,146 | ---- | C] () -- E:\Users\Nana\Desktop\Sound - Verknüpfung.lnk
[2012/12/28 16:36:49 | 000,018,919 | ---- | C] () -- E:\Users\Nana\Desktop\zitate.odt
[2012/12/28 15:18:01 | 000,016,563 | ---- | C] () -- E:\Users\Nana\Desktop\OpenDocument Text (neu) (2).odt
[2012/12/27 06:15:35 | 000,033,961 | ---- | C] () -- E:\Users\Nana\Documents\OpenDocument%20Text%20(neu)%20(2).odt_1.odt
[2012/12/07 15:40:40 | 000,042,440 | ---- | C] () -- E:\Windows\System32\xfcodec.dll
[2012/10/06 14:55:06 | 000,000,138 | ---- | C] () -- E:\ProgramData\fxdkmttkmffjjve
[2012/08/14 17:35:44 | 000,000,051 | ---- | C] () -- E:\ProgramData\pqhepeejleqgdtv
[2012/04/01 16:56:44 | 000,032,256 | ---- | C] () -- E:\Windows\System32\AVSredirect.dll
[2011/11/21 22:48:34 | 000,000,193 | ---- | C] () -- E:\Windows\WORDPAD.INI
[2011/09/20 14:11:04 | 000,000,000 | ---- | C] () -- E:\Users\Nana\AppData\Local\{598C8DB4-FAEA-4D93-B6F6-139D4910796E}
[2011/09/08 13:06:52 | 000,000,000 | ---- | C] () -- E:\Users\Nana\AppData\Local\{B61B60F4-0384-4FFD-8867-C1F75B1CB119}
[2011/09/08 12:17:51 | 000,000,000 | ---- | C] () -- E:\Users\Nana\AppData\Local\{F3200062-1452-4424-906B-5E8FE01311FA}
[2011/07/26 05:29:35 | 000,557,056 | ---- | C] () -- E:\Windows\System32\Cmeaupci.exe
[2011/07/26 05:29:35 | 000,000,164 | ---- | C] () -- E:\Windows\Cmicnfg3.ini.cfl
[2011/07/26 05:27:38 | 000,002,123 | ---- | C] () -- E:\Windows\Cmicnfg3.ini.cfg
[2011/07/26 05:27:38 | 000,001,667 | ---- | C] () -- E:\Windows\Cmicnfg3.ini.imi
[2011/07/26 04:51:57 | 002,154,326 | ---- | C] () -- E:\Windows\System32\perfh019.dat
[2011/07/26 04:51:57 | 001,542,008 | ---- | C] () -- E:\Windows\System32\perfc019.dat
[2011/07/26 04:51:57 | 000,336,704 | ---- | C] () -- E:\Windows\System32\perfi019.dat
[2011/07/26 04:51:57 | 000,039,446 | ---- | C] () -- E:\Windows\System32\perfd019.dat
[2011/07/26 04:47:09 | 000,094,208 | ---- | C] () -- E:\Windows\VMix.dll
[2011/07/26 04:33:54 | 000,303,104 | ---- | C] () -- E:\Windows\System32\CmiInstallResAll.dll
[2011/07/26 04:33:53 | 000,002,754 | ---- | C] () -- E:\Windows\cmudax3.ini
[2011/07/26 04:20:43 | 001,474,832 | ---- | C] () -- E:\Windows\System32\drivers\sfi.dat
[2011/07/26 03:14:48 | 000,011,164 | ---- | C] () -- E:\Windows\System32\drivers\nvphy.bin
[2011/07/26 02:30:05 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin
[2011/05/24 16:44:26 | 000,059,904 | ---- | C] () -- E:\Windows\System32\OVDecode.dll
[2011/04/20 11:30:06 | 000,233,765 | ---- | C] () -- E:\Windows\System32\atiicdxx.dat
[2011/04/11 20:30:05 | 005,713,414 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2011/04/11 20:30:05 | 001,698,874 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2011/04/11 20:30:05 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2011/04/11 20:30:05 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2011/03/17 12:51:44 | 000,003,929 | ---- | C] () -- E:\Windows\System32\atipblag.dat
[2010/11/20 16:29:34 | 000,080,896 | ---- | C] () -- E:\Windows\System32\RDVGHelper.exe
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- E:\Windows\System32\PrintBrmUi.exe
[2010/11/20 16:29:24 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,388,520 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 002,094,376 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 001,515,880 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/07/13 17:09:19 | 000,982,196 | ---- | C] () -- E:\Windows\System32\igkrng500.bin
[2009/07/13 17:09:19 | 000,417,344 | ---- | C] () -- E:\Windows\System32\igcompkrng500.bin
[2009/07/13 17:09:19 | 000,139,824 | ---- | C] () -- E:\Windows\System32\igfcg500.bin
[2009/07/13 17:09:19 | 000,097,448 | ---- | C] () -- E:\Windows\System32\igfcg500m.bin
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
[2008/10/21 22:29:06 | 000,173,550 | ---- | C] () -- E:\Windows\System32\xlive.dll.cat
[2004/08/13 02:56:20 | 000,005,810 | ---- | C] () -- E:\Windows\System32\drivers\ASACPI.sys
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- E:\Windows\System32\giveio.sys
========== LOP Check ==========
[2011/07/26 04:22:39 | 000,000,000 | ---D | M] -- E:\ProgramData\AMD
[2011/07/26 03:06:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/12/30 20:36:20 | 000,000,000 | ---D | M] -- E:\ProgramData\Battle.net
[2012/10/25 18:14:29 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/07/26 03:06:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2012/06/28 16:45:49 | 000,000,000 | ---D | M] -- E:\ProgramData\Electronic Arts
[2011/07/26 03:06:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/02/28 12:59:22 | 000,000,000 | ---D | M] -- E:\ProgramData\Local Settings
[2013/01/04 16:58:06 | 000,000,000 | ---D | M] -- E:\ProgramData\OO Software
[2013/01/04 17:04:44 | 000,000,000 | ---D | M] -- E:\ProgramData\oytbmfgettdpigr
[2012/05/20 04:04:09 | 000,000,000 | ---D | M] -- E:\ProgramData\POP3Profiles
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/07/26 03:06:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2012/01/06 18:57:54 | 000,000,000 | ---D | M] -- E:\ProgramData\Tunngle
[2011/07/26 03:06:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2012/11/18 06:21:59 | 000,032,640 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 608 bytes -> E:\Windows\System32\drivers\jbprghah.sys:changelist
< End of report >
Liebe Grüße Nano |
| Themen zu Bundestrojaner |
| adobe, autorun.inf, bho, browser, button, cdrom, defender, error, explorer, explorer.exe, format, helper, logfile, microsoft, nvidia, nvidia update, office, plug-in, registry, scan, security, service.exe, software, sound, spotify web helper, system32, trojaner-board, win32, winlogon |
Baum-Darstellung