Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GUV Trojaner unter Win7 (https://www.trojaner-board.de/135207-guv-trojaner-win7.html)

Silberberg 19.05.2013 15:11
GUV Trojaner unter Win7
 
Hallo Trojaner-Board Team,
leider hat es uns auch mit dem GUV Trojaner erwischt. Der Rechner ist ziemlich lahm gelegt, da nach Hochfahren im abgesichertem Modus direkt neu gebootet wird.
:confused:
Nachdem ich mich bereits im Board - wg. der vielen anderen Betroffenen - schlau machen konnte, anbei die gezippte OTL.TXT nach OTLPE Scan. Leider reicht mein derzeitiges Computer Wissen nicht aus die System-Einträge, welche durch die Schadsoftware verursacht wurden, auszufiltern.

OTL Logfile:
Code:
OTL logfile created on: 5/19/2013 4:06:04 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 465.66 Gb Total Space | 330.86 Gb Free Space | 71.05% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/12/09 10:46:28 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/12/02 05:51:58 | 004,913,608 | ---- | M] (SafeNet Inc.) [Auto] -- D:\Windows\System32\hasplms.exe -- (hasplms)
SRV:64bit: - [2010/11/25 22:54:12 | 000,203,776 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/03 11:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto] -- D:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV:64bit: - [2008/07/15 12:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto] -- D:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2013/05/14 14:04:31 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/26 01:17:19 | 004,561,152 | ---- | M] () [Auto] -- D:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/01/30 08:21:32 | 003,116,656 | ---- | M] (Trend Micro Inc.) [Auto] -- D:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/06 13:55:44 | 003,015,992 | ---- | M] (Trend Micro Inc.) [Auto] -- D:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2012/10/30 06:15:40 | 000,572,464 | ---- | M] (Trend Micro Inc.) [On_Demand] -- D:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2012/09/27 06:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto] -- D:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012/08/21 05:50:13 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- D:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/10 10:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto] -- D:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/08/08 13:26:42 | 000,918,064 | ---- | M] (Trend Micro Inc.) [On_Demand] -- D:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2011/11/03 14:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/11/13 14:33:12 | 000,174,016 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- D:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2012/10/30 06:08:48 | 000,082,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2012/10/30 06:08:10 | 000,065,872 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2011/11/24 04:58:44 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2011/11/24 04:58:44 | 000,078,208 | ---- | M] (SafeNet Inc.) [File_System | Auto] -- D:\Windows\System32\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011/10/07 04:31:42 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2011/09/08 03:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2011/08/09 02:11:50 | 000,021,120 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2011/03/18 07:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 07:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010/12/07 09:58:38 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- D:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/11/26 00:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/11/26 00:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/25 22:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/27 11:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2010/09/08 10:18:34 | 000,135,392 | ---- | M] (intek (Darmstadt)) [Kernel | Boot] -- D:\Windows\System32\drivers\firedrv.sys -- (firedrv) Generic OHCILynx-1394 (intek)
DRV:64bit: - [2010/07/21 11:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/01/13 11:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/07/29 08:00:52 | 000,549,888 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/08 22:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- D:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/08 08:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot] -- D:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 08:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/25 12:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 11:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/12 20:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand] -- D:\Windows\System32\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/29 02:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/22 07:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/04/20 03:40:34 | 000,011,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CPQBttn64.sys -- (HBtnKey)
DRV:64bit: - [2009/02/08 16:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2009/01/09 09:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2007/05/14 11:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/11/18 08:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2006/10/02 20:07:00 | 000,079,488 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rismcx64.sys -- (rismcx64)
DRV:64bit: - [2006/10/02 20:07:00 | 000,079,488 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rismcx64.sys -- (RICOH SmartCard Reader)
DRV - [2012/07/17 07:37:44 | 000,344,376 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- D:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2012/07/17 07:37:16 | 000,042,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- D:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2012/07/17 07:28:46 | 002,224,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- D:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
IE - HKU\Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\User.1_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\User.1_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\User.1_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 4A 73 87 4D 2A CE 01  [binary data]
IE - HKU\User.1_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\User.2_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\User.2_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\User.2_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\User.2_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\User.2_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\User.3_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - D:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\User.1_ON_D\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [OfficeScanNT Monitor] D:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylockeduserid = 1
O7 - HKU\administrator.FirmaMANN2006_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\User.2_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\User.2_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - D:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - D:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://Firmais01:5353/officescan/console/html/ClientInstall/WinNTChk.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} https://Firmais01:5353/officescan/console/html/ClientInstall/setupini.cab (Reg Error: Key error.)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://Firmais01:5353/officescan/console/html/ClientInstall/setup.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {53049A9A-1122-4673-B8D4-12F545AE3285} hxxp://stallcampferde.dyndns.biz:81/AVC_AX_764.cab (CV781Object Object)
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://Firmais01:5353/officescan/console/html/ClientInstall/RemoveCtrl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Firmamann2006.local
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\User.2_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\User.2_ON_D Winlogon: Shell - (C:\Users\User.2\AppData\Roaming\skype.dat) - D:\Users\User.2\AppData\Roaming\skype.dat ()
O20:64bit: - Winlogon\Notify\cstaspui: DllName - C:\Windows\system32\cstaspui.dll - D:\Windows\System32\cstaspui.dll (Alcatel Telecom)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/06/11 06:00:25 | 000,000,035 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/05/19 08:09:48 | 127,231,689 | ---- | C] (Igor Pavlov) -- D:\Users\User.1\Desktop\OTLPENet.exe
[2013/05/19 07:43:23 | 000,000,000 | ---D | C] -- D:\Users\User.1\Desktop\OTLPEstd
[2013/05/19 07:32:31 | 098,077,459 | ---- | C] (Igor Pavlov) -- D:\Users\User.1\Desktop\OTLPEStd.exe
[2013/05/19 07:17:19 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\Local\Diagnostics
[2013/05/19 04:43:10 | 000,000,000 | ---D | C] -- D:\ProgramData\Kaspersky Lab
[2013/05/18 02:37:16 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\Local\Eraser 6
[2013/05/17 17:51:47 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\Roaming\Google
[2013/05/17 17:51:46 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\Local\Google
[2013/05/15 13:16:09 | 000,526,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/05/15 13:16:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/05/15 13:16:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2013/05/15 13:16:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/15 13:16:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2013/05/15 13:16:08 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2013/05/15 13:16:08 | 000,051,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2013/05/15 13:16:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2013/05/15 13:16:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2013/05/15 13:16:07 | 000,603,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/05/15 13:16:07 | 000,493,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/05/15 13:16:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll
[2013/05/15 13:16:07 | 000,089,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/15 13:16:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/05/15 13:16:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/05/15 13:16:05 | 003,958,784 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/05/15 13:16:05 | 002,877,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/05/15 13:03:16 | 000,265,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 13:03:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\cdd.dll
[2013/05/15 13:03:04 | 001,930,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\authui.dll
[2013/05/15 13:03:03 | 001,796,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\authui.dll
[2013/05/15 13:03:03 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\shdocvw.dll
[2013/05/15 13:03:03 | 000,111,448 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\consent.exe
[2013/05/15 13:02:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wwanprotdim.dll
[2013/05/03 12:09:11 | 000,000,000 | ---D | C] -- D:\Program Files\Google
[2013/05/03 12:08:56 | 000,000,000 | ---D | C] -- D:\ProgramData\Google
[2013/04/15 09:51:26 | 000,174,016 | ---- | C] (Trend Micro Inc.) -- D:\Windows\System32\drivers\tmcomm.sys
[2013/04/15 09:51:26 | 000,082,840 | ---- | C] (Trend Micro Inc.) -- D:\Windows\System32\drivers\tmactmon.sys
[2013/04/15 09:51:26 | 000,065,872 | ---- | C] (Trend Micro Inc.) -- D:\Windows\System32\drivers\tmevtmgr.sys
[2013/04/10 07:28:55 | 005,550,424 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe
[2013/04/10 07:28:54 | 003,968,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 07:28:54 | 003,913,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 07:28:54 | 000,112,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\smss.exe
[2013/04/10 07:28:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\csrsrv.dll
[2013/04/10 07:28:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\apisetschema.dll
[2013/03/26 14:44:45 | 001,054,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\MsSpellCheckingFacility.exe
[2013/03/26 14:44:44 | 000,719,360 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/26 14:44:44 | 000,226,304 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\elshyph.dll
[2013/03/26 14:44:44 | 000,185,344 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\elshyph.dll
[2013/03/26 14:44:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msrating.dll
[2013/03/26 14:44:44 | 000,158,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msls31.dll
[2013/03/26 14:44:44 | 000,150,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iexpress.exe
[2013/03/26 14:44:44 | 000,138,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wextract.exe
[2013/03/26 14:44:44 | 000,137,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2013/03/26 14:44:44 | 000,125,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\occache.dll
[2013/03/26 14:44:44 | 000,082,432 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inseng.dll
[2013/03/26 14:44:44 | 000,079,872 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2013/03/26 14:44:44 | 000,057,344 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\pngfilt.dll
[2013/03/26 14:44:43 | 001,441,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2013/03/26 14:44:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dat
[2013/03/26 14:44:43 | 000,629,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dll
[2013/03/26 14:44:43 | 000,361,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\html.iec
[2013/03/26 14:44:43 | 000,357,888 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtmsft.dll
[2013/03/26 14:44:43 | 000,232,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2013/03/26 14:44:43 | 000,226,816 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtrans.dll
[2013/03/26 14:44:43 | 000,117,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iepeers.dll
[2013/03/26 14:44:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\IEAdvpack.dll
[2013/03/26 14:44:43 | 000,073,728 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/26 14:44:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\tdc.ocx
[2013/03/26 14:44:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmler.dll
[2013/03/26 14:44:43 | 000,038,400 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\imgutil.dll
[2013/03/26 14:44:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedssync.exe
[2013/03/26 14:44:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msrating.dll
[2013/03/26 14:44:42 | 000,069,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\icardie.dll
[2013/03/26 14:44:42 | 000,023,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\licmgr10.dll
[2013/03/26 14:44:41 | 001,509,376 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/03/26 14:44:41 | 001,400,416 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dat
[2013/03/26 14:44:41 | 000,905,728 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmlmedia.dll
[2013/03/26 14:44:41 | 000,762,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dll
[2013/03/26 14:44:41 | 000,599,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/03/26 14:44:41 | 000,452,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxtmsft.dll
[2013/03/26 14:44:41 | 000,441,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2013/03/26 14:44:41 | 000,281,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxtrans.dll
[2013/03/26 14:44:41 | 000,235,008 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/03/26 14:44:41 | 000,216,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msls31.dll
[2013/03/26 14:44:41 | 000,173,568 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/03/26 14:44:41 | 000,167,424 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iexpress.exe
[2013/03/26 14:44:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\occache.dll
[2013/03/26 14:44:41 | 000,144,896 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wextract.exe
[2013/03/26 14:44:41 | 000,102,912 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inseng.dll
[2013/03/26 14:44:41 | 000,097,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2013/03/26 14:44:41 | 000,081,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\icardie.dll
[2013/03/26 14:44:41 | 000,062,976 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\pngfilt.dll
[2013/03/26 14:44:41 | 000,027,648 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2013/03/26 14:44:41 | 000,013,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshta.exe
[2013/03/26 14:44:40 | 000,136,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2013/03/26 14:44:40 | 000,135,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\IEAdvpack.dll
[2013/03/26 14:44:40 | 000,092,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SetIEInstalledDate.exe
[2013/03/26 14:44:40 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tdc.ocx
[2013/03/26 14:44:40 | 000,051,200 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\imgutil.dll
[2013/03/26 14:44:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmler.dll
[2013/03/26 14:44:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2013/03/26 14:18:26 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/26 14:18:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/26 14:18:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/26 14:18:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/26 14:18:25 | 001,682,432 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XpsPrint.dll
[2013/03/26 14:18:25 | 001,158,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\XpsPrint.dll
[2013/03/26 14:18:25 | 000,522,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XpsGdiConverter.dll
[2013/03/26 14:18:25 | 000,465,920 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WMPhoto.dll
[2013/03/26 14:18:25 | 000,364,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\XpsGdiConverter.dll
[2013/03/26 14:18:25 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/26 14:18:25 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/26 14:18:25 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/26 14:18:25 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/26 14:18:25 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/26 14:18:25 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/26 14:18:25 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/26 14:18:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/26 14:18:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/26 14:18:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/26 14:18:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/26 14:18:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/26 14:18:25 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/26 14:18:25 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/26 14:18:24 | 003,928,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d2d1.dll
[2013/03/26 14:18:24 | 002,776,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msmpeg2vdec.dll
[2013/03/26 14:18:24 | 002,284,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msmpeg2vdec.dll
[2013/03/26 14:18:24 | 000,417,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\WMPhoto.dll
[2013/03/26 14:18:23 | 002,565,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10warp.dll
[2013/03/26 14:18:23 | 001,247,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2013/03/26 14:18:23 | 000,363,008 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxgi.dll
[2013/03/26 14:18:22 | 001,643,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2013/03/26 14:18:22 | 001,504,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d11.dll
[2013/03/26 14:18:22 | 001,080,832 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10.dll
[2013/03/26 14:18:22 | 000,249,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10_1core.dll
[2013/03/26 14:18:22 | 000,220,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10core.dll
[2013/03/26 14:18:22 | 000,207,872 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\WindowsCodecsExt.dll
[2013/03/26 14:18:21 | 003,419,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d2d1.dll
[2013/03/26 14:18:21 | 001,887,232 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d11.dll
[2013/03/26 14:18:21 | 001,238,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10.dll
[2013/03/26 14:18:21 | 000,604,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10level9.dll
[2013/03/26 14:18:21 | 000,333,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1core.dll
[2013/03/26 14:18:21 | 000,296,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10core.dll
[2013/03/26 14:18:21 | 000,245,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WindowsCodecsExt.dll
[2013/03/26 14:18:21 | 000,194,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1.dll
[2013/03/26 14:18:21 | 000,161,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10_1.dll
[2013/03/26 14:18:20 | 001,988,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10warp.dll
[2013/03/26 14:18:20 | 001,424,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WindowsCodecs.dll
[2013/03/26 14:18:20 | 000,648,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10level9.dll
[2013/03/26 14:18:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\dxgi.dll
[2013/03/26 14:18:20 | 000,221,184 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\UIAnimation.dll
[2013/03/26 14:18:20 | 000,187,392 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\UIAnimation.dll
[2013/03/26 14:13:03 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\Roaming\Adobe
[2013/03/26 14:07:16 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\Roaming\ATI
[2013/03/26 14:07:16 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\Local\ATI
[2013/03/26 14:06:55 | 000,000,000 | R--D | C] -- D:\Users\User.1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/03/26 14:06:55 | 000,000,000 | R--D | C] -- D:\Users\User.1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/03/26 14:06:55 | 000,000,000 | -H-D | C] -- D:\Users\User.1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/03/26 14:06:47 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\Roaming\Identities
[2013/03/26 14:06:35 | 000,000,000 | --SD | C] -- D:\Users\User.1\AppData\Roaming\Microsoft
[2013/03/26 14:06:35 | 000,000,000 | R--D | C] -- D:\Users\User.1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/03/26 14:06:35 | 000,000,000 | R--D | C] -- D:\Users\User.1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/03/26 14:06:35 | 000,000,000 | -HSD | C] -- D:\Users\User.1\AppData\Local\Verlauf
[2013/03/26 14:06:35 | 000,000,000 | -HSD | C] -- D:\Users\User.1\AppData\Local\Temporary Internet Files
[2013/03/26 14:06:35 | 000,000,000 | -HSD | C] -- D:\Users\User.1\Documents\Eigene Videos
[2013/03/26 14:06:35 | 000,000,000 | -HSD | C] -- D:\Users\User.1\Documents\Eigene Musik
[2013/03/26 14:06:35 | 000,000,000 | -HSD | C] -- D:\Users\User.1\Documents\Eigene Bilder
[2013/03/26 14:06:35 | 000,000,000 | -HSD | C] -- D:\Users\User.1\AppData\Local\Anwendungsdaten
[2013/03/26 14:06:35 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\Local\Temp
[2013/03/26 14:06:35 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\Roaming
[2013/03/26 14:06:35 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\Local\Microsoft Help
[2013/03/26 14:06:35 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\Local\Microsoft
[2013/03/26 14:06:35 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\Roaming\Media Center Programs
[2013/03/26 14:06:35 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\Roaming\Macromedia
[2013/03/26 14:06:35 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\LocalLow
[2013/03/26 14:06:35 | 000,000,000 | ---D | C] -- D:\Users\User.1\AppData\Local
[2013/03/25 17:19:38 | 000,019,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\usb8023.sys
[2013/02/22 16:11:29 | 000,000,000 | ---D | C] -- D:\Users\User.2\Documents\BMW-Z4
[2013/02/22 07:17:23 | 000,000,000 | ---D | C] -- D:\ProgramData\A4172B8962F6DA710000A416877CE47A
 
========== Files - Modified Within 90 Days ==========
 
[2013/05/19 08:34:53 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/05/19 08:15:17 | 127,231,689 | ---- | M] (Igor Pavlov) -- D:\Users\User.1\Desktop\OTLPENet.exe
[2013/05/19 08:02:37 | 2119,380,991 | -HS- | M] () -- D:\hiberfil.sys
[2013/05/19 07:58:21 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/19 07:50:42 | 000,515,892 | ---- | M] () -- D:\Users\User.1\Documents\eeepcfr.zip
[2013/05/19 07:43:00 | 000,001,160 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1321303323-3616970458-3218090640-1635UA.job
[2013/05/19 07:42:18 | 098,077,459 | ---- | M] (Igor Pavlov) -- D:\Users\User.1\Desktop\OTLPEStd.exe
[2013/05/19 07:26:17 | 000,015,184 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/19 07:26:17 | 000,015,184 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/19 07:04:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/19 06:55:00 | 000,001,110 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/19 05:17:36 | 000,722,552 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/05/19 05:17:36 | 000,675,694 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/05/19 05:17:36 | 000,149,794 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/05/19 05:17:36 | 000,126,010 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/05/19 05:06:02 | 000,000,004 | ---- | M] () -- D:\Users\User.2\AppData\Roaming\skype.ini
[2013/05/19 05:01:08 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro OfficeScan Client
[2013/05/18 11:43:00 | 000,001,108 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1321303323-3616970458-3218090640-1635Core.job
[2013/05/15 14:03:24 | 000,422,600 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2013/05/14 14:04:30 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/14 14:04:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/16 12:05:31 | 000,000,440 | ---- | M] () -- D:\Users\User.2\Desktop\LAN-Verbindung - Verknüpfung.lnk
[2013/04/15 10:15:28 | 000,009,024 | ---- | M] () -- D:\Windows\cfgall.ini
[2013/04/15 07:50:07 | 000,008,028 | RHS- | M] () -- D:\ProgramData\ntuser.pol
[2013/04/10 02:01:54 | 000,265,064 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\drivers\dxgmms1.sys
[2013/04/05 02:52:37 | 000,051,712 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2013/04/05 02:50:56 | 000,603,136 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/04/05 02:50:36 | 003,958,784 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/04/05 02:50:36 | 000,855,552 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/04/05 02:50:31 | 000,526,336 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/04/05 02:50:31 | 000,136,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll
[2013/04/05 02:50:31 | 000,067,072 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2013/04/05 02:50:30 | 000,039,936 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2013/04/05 01:26:45 | 000,493,056 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/04/05 01:26:26 | 002,877,440 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/04/05 01:26:25 | 000,690,688 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/04/05 01:26:21 | 000,391,168 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/04/05 01:26:21 | 000,109,056 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2013/04/05 01:26:21 | 000,061,440 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2013/04/05 01:26:21 | 000,033,280 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2013/04/04 23:51:11 | 000,089,600 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe
[2013/04/04 23:38:25 | 000,071,680 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/26 15:24:19 | 000,181,808 | ---- | M] () -- D:\Windows\RegBootClean.exe
[2013/03/26 14:47:55 | 000,000,384 | ---- | M] () -- D:\Windows\DCEBOOT.RST
[2013/03/26 14:44:45 | 001,054,720 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\MsSpellCheckingFacility.exe
[2013/03/26 14:44:44 | 000,719,360 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/26 14:44:44 | 000,226,304 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\elshyph.dll
[2013/03/26 14:44:44 | 000,185,344 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\elshyph.dll
[2013/03/26 14:44:44 | 000,163,840 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msrating.dll
[2013/03/26 14:44:44 | 000,158,720 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msls31.dll
[2013/03/26 14:44:44 | 000,150,528 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iexpress.exe
[2013/03/26 14:44:44 | 000,138,752 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\wextract.exe
[2013/03/26 14:44:44 | 000,137,216 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2013/03/26 14:44:44 | 000,125,440 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\occache.dll
[2013/03/26 14:44:44 | 000,082,432 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\inseng.dll
[2013/03/26 14:44:44 | 000,079,872 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2013/03/26 14:44:44 | 000,057,344 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\pngfilt.dll
[2013/03/26 14:44:43 | 001,441,280 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2013/03/26 14:44:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dat
[2013/03/26 14:44:43 | 000,629,248 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dll
[2013/03/26 14:44:43 | 000,361,984 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\html.iec
[2013/03/26 14:44:43 | 000,357,888 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtmsft.dll
[2013/03/26 14:44:43 | 000,232,960 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2013/03/26 14:44:43 | 000,226,816 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtrans.dll
[2013/03/26 14:44:43 | 000,117,248 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iepeers.dll
[2013/03/26 14:44:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\IEAdvpack.dll
[2013/03/26 14:44:43 | 000,073,728 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/26 14:44:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\tdc.ocx
[2013/03/26 14:44:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmler.dll
[2013/03/26 14:44:43 | 000,038,400 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\imgutil.dll
[2013/03/26 14:44:43 | 000,011,776 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedssync.exe
[2013/03/26 14:44:42 | 000,197,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msrating.dll
[2013/03/26 14:44:42 | 000,069,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\icardie.dll
[2013/03/26 14:44:42 | 000,025,185 | ---- | M] () -- D:\Windows\SysWow64\ieuinit.inf
[2013/03/26 14:44:42 | 000,023,040 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\licmgr10.dll
[2013/03/26 14:44:41 | 001,509,376 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/03/26 14:44:41 | 001,400,416 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dat
[2013/03/26 14:44:41 | 000,905,728 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmlmedia.dll
[2013/03/26 14:44:41 | 000,762,368 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dll
[2013/03/26 14:44:41 | 000,599,552 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/03/26 14:44:41 | 000,452,096 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxtmsft.dll
[2013/03/26 14:44:41 | 000,441,856 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2013/03/26 14:44:41 | 000,281,600 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxtrans.dll
[2013/03/26 14:44:41 | 000,235,008 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/03/26 14:44:41 | 000,216,064 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msls31.dll
[2013/03/26 14:44:41 | 000,173,568 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/03/26 14:44:41 | 000,167,424 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iexpress.exe
[2013/03/26 14:44:41 | 000,149,504 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\occache.dll
[2013/03/26 14:44:41 | 000,144,896 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\wextract.exe
[2013/03/26 14:44:41 | 000,102,912 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\inseng.dll
[2013/03/26 14:44:41 | 000,097,280 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2013/03/26 14:44:41 | 000,081,408 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\icardie.dll
[2013/03/26 14:44:41 | 000,062,976 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\pngfilt.dll
[2013/03/26 14:44:41 | 000,027,648 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2013/03/26 14:44:41 | 000,025,185 | ---- | M] () -- D:\Windows\System32\ieuinit.inf
[2013/03/26 14:44:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshta.exe
[2013/03/26 14:44:40 | 000,136,192 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2013/03/26 14:44:40 | 000,135,680 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\IEAdvpack.dll
[2013/03/26 14:44:40 | 000,092,160 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\SetIEInstalledDate.exe
[2013/03/26 14:44:40 | 000,077,312 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\tdc.ocx
[2013/03/26 14:44:40 | 000,051,200 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\imgutil.dll
[2013/03/26 14:44:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmler.dll
[2013/03/26 14:44:40 | 000,012,800 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2013/03/26 14:42:57 | 000,234,544 | ---- | M] () -- D:\Windows\RegBootClean64.exe
[2013/03/26 14:42:57 | 000,022,064 | ---- | M] () -- D:\Windows\DCEBoot64.exe
[2013/03/26 14:42:45 | 000,011,576 | ---- | M] () -- D:\ProgramData\0561773.pad
[2013/03/26 14:18:26 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/26 14:18:26 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/26 14:18:26 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/26 14:18:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/26 14:18:25 | 001,682,432 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\XpsPrint.dll
[2013/03/26 14:18:25 | 001,158,144 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\XpsPrint.dll
[2013/03/26 14:18:25 | 000,522,752 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\XpsGdiConverter.dll
[2013/03/26 14:18:25 | 000,465,920 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\WMPhoto.dll
[2013/03/26 14:18:25 | 000,364,544 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\XpsGdiConverter.dll
[2013/03/26 14:18:25 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/26 14:18:25 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/26 14:18:25 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/26 14:18:25 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/26 14:18:25 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/26 14:18:25 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/26 14:18:25 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/26 14:18:25 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/26 14:18:25 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/26 14:18:25 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/26 14:18:25 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/26 14:18:25 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/26 14:18:25 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/26 14:18:25 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/26 14:18:24 | 003,928,064 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d2d1.dll
[2013/03/26 14:18:24 | 002,776,576 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msmpeg2vdec.dll
[2013/03/26 14:18:24 | 002,284,544 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msmpeg2vdec.dll
[2013/03/26 14:18:24 | 000,417,792 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\WMPhoto.dll
[2013/03/26 14:18:23 | 002,565,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d10warp.dll
[2013/03/26 14:18:23 | 001,247,744 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2013/03/26 14:18:23 | 000,363,008 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxgi.dll
[2013/03/26 14:18:22 | 001,643,520 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2013/03/26 14:18:22 | 001,504,768 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d11.dll
[2013/03/26 14:18:22 | 001,080,832 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10.dll
[2013/03/26 14:18:22 | 000,249,856 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10_1core.dll
[2013/03/26 14:18:22 | 000,220,160 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10core.dll
[2013/03/26 14:18:22 | 000,207,872 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\WindowsCodecsExt.dll
[2013/03/26 14:18:21 | 003,419,136 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d2d1.dll
[2013/03/26 14:18:21 | 001,887,232 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d11.dll
[2013/03/26 14:18:21 | 001,238,528 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d10.dll
[2013/03/26 14:18:21 | 000,604,160 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10level9.dll
[2013/03/26 14:18:21 | 000,333,312 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1core.dll
[2013/03/26 14:18:21 | 000,296,960 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d10core.dll
[2013/03/26 14:18:21 | 000,245,248 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\WindowsCodecsExt.dll
[2013/03/26 14:18:21 | 000,194,560 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1.dll
[2013/03/26 14:18:21 | 000,161,792 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10_1.dll
[2013/03/26 14:18:20 | 001,988,096 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10warp.dll
[2013/03/26 14:18:20 | 001,424,384 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\WindowsCodecs.dll
[2013/03/26 14:18:20 | 000,648,192 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d10level9.dll
[2013/03/26 14:18:20 | 000,293,376 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\dxgi.dll
[2013/03/26 14:18:20 | 000,221,184 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\UIAnimation.dll
[2013/03/26 14:18:20 | 000,187,392 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\UIAnimation.dll
[2013/03/26 14:12:44 | 000,001,397 | ---- | M] () -- D:\Users\User.1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/19 02:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe
[2013/03/19 01:53:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\wwanprotdim.dll
[2013/03/19 01:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\csrsrv.dll
[2013/03/19 01:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ntkrnlpa.exe
[2013/03/19 01:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ntoskrnl.exe
[2013/03/19 00:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\apisetschema.dll
[2013/03/18 23:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\smss.exe
[2013/03/09 17:36:16 | 000,002,898 | ---- | M] () -- D:\ProgramData\0561773.js
[2013/03/09 17:36:16 | 000,000,153 | ---- | M] () -- D:\ProgramData\0561773.reg
[2013/03/09 17:36:16 | 000,000,067 | ---- | M] () -- D:\ProgramData\0561773.bat
[2013/02/27 02:02:44 | 000,111,448 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\consent.exe
[2013/02/27 01:52:55 | 000,197,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\shdocvw.dll
[2013/02/27 01:48:00 | 001,930,752 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\authui.dll
[2013/02/27 00:49:24 | 001,796,096 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\authui.dll
 
========== Files Created - No Company Name ==========
 
[2013/05/19 07:50:42 | 000,515,892 | ---- | C] () -- D:\Users\User.1\Documents\eeepcfr.zip
[2013/05/17 17:40:40 | 000,000,004 | ---- | C] () -- D:\Users\User.2\AppData\Roaming\skype.ini
[2013/04/16 12:05:31 | 000,000,440 | ---- | C] () -- D:\Users\User.2\Desktop\LAN-Verbindung - Verknüpfung.lnk
[2013/03/26 14:47:55 | 000,000,384 | ---- | C] () -- D:\Windows\DCEBOOT.RST
[2013/03/26 14:44:42 | 000,025,185 | ---- | C] () -- D:\Windows\SysWow64\ieuinit.inf
[2013/03/26 14:44:41 | 000,025,185 | ---- | C] () -- D:\Windows\System32\ieuinit.inf
[2013/03/26 14:42:57 | 000,022,064 | ---- | C] () -- D:\Windows\DCEBoot64.exe
[2013/03/26 14:12:44 | 000,001,397 | ---- | C] () -- D:\Users\User.1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/26 14:07:01 | 000,001,417 | ---- | C] () -- D:\Users\User.1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/03/26 14:06:35 | 000,000,290 | ---- | C] () -- D:\Users\User.1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/03/26 14:06:35 | 000,000,272 | ---- | C] () -- D:\Users\User.1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/03/10 15:33:20 | 000,011,576 | ---- | C] () -- D:\ProgramData\0561773.pad
[2013/03/09 17:36:16 | 000,002,898 | ---- | C] () -- D:\ProgramData\0561773.js
[2013/03/09 17:36:16 | 000,000,153 | ---- | C] () -- D:\ProgramData\0561773.reg
[2013/03/09 17:36:16 | 000,000,067 | ---- | C] () -- D:\ProgramData\0561773.bat
[2013/02/13 07:51:02 | 000,181,808 | ---- | C] () -- D:\Windows\RegBootClean.exe
[2012/06/30 09:32:58 | 000,808,979 | ---- | C] () -- D:\Windows\SysWow64\avcodec-52.84.0.dll
[2012/06/30 09:32:58 | 000,159,251 | ---- | C] () -- D:\Windows\SysWow64\swscale-0.11.1.dll
[2012/06/30 09:32:58 | 000,086,528 | ---- | C] () -- D:\Windows\SysWow64\avformat-52.74.0.dll
[2012/06/30 09:32:58 | 000,070,675 | ---- | C] () -- D:\Windows\SysWow64\avutil-50.22.0.dll
[2012/05/14 04:43:09 | 000,003,074 | ---- | C] () -- D:\Windows\cfgwtp.ini
[2012/03/20 16:32:03 | 000,000,173 | ---- | C] () -- D:\Users\User.2\AppData\Local\msmathematics.qat.User.2
[2012/01/12 04:04:13 | 000,234,544 | ---- | C] () -- D:\Windows\RegBootClean64.exe
[2012/01/11 03:13:21 | 000,106,496 | ---- | C] () -- D:\Users\User.2\AppData\Roaming\skype.dat
[2012/01/02 06:34:37 | 000,013,029 | ---- | C] () -- D:\Users\User.2\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2011/12/12 18:10:39 | 000,001,076 | ---- | C] () -- D:\Windows\pftp.ini
[2011/12/09 10:46:46 | 000,000,231 | ---- | C] () -- D:\Windows\rfCommonBase.INI
[2011/09/23 05:41:42 | 000,650,752 | ---- | C] () -- D:\Windows\SysWow64\xvidcore.dll
[2011/09/23 05:41:42 | 000,240,640 | ---- | C] () -- D:\Windows\SysWow64\xvidvfw.dll
[2011/07/20 04:20:04 | 000,005,120 | ---- | C] () -- D:\Users\User.2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 01:28:46 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/06/17 04:46:52 | 000,201,122 | ---- | C] () -- D:\Windows\SysWow64\Cavort10.dll
[2011/06/17 04:46:52 | 000,066,113 | ---- | C] () -- D:\Windows\SysWow64\Cavordd.dll
[2011/06/17 04:46:52 | 000,023,552 | ---- | C] () -- D:\Windows\SysWow64\Cavosysc.dll
[2011/06/17 04:46:42 | 000,000,329 | ---- | C] () -- D:\Windows\twland.ini
[2011/06/01 08:01:53 | 000,000,032 | ---- | C] () -- D:\Windows\Start GOM Inspect.INI
[2011/05/12 03:04:58 | 000,000,056 | -H-- | C] () -- D:\Windows\SysWow64\ezsidmv.dat
[2011/04/15 07:37:04 | 000,000,100 | ---- | C] () -- D:\Windows\combit.ini
[2011/04/13 10:32:39 | 000,110,592 | ---- | C] () -- D:\Windows\SysWow64\Unlha.dll
[2011/04/13 10:32:39 | 000,000,225 | ---- | C] () -- D:\Windows\ODBCINST.INI
[2011/04/13 10:32:39 | 000,000,134 | ---- | C] () -- D:\Windows\ODBC.INI
[2011/03/27 06:12:38 | 000,553,687 | ---- | C] () -- D:\Program Files\RegCleaner.exe
[2011/02/23 09:00:26 | 000,001,854 | ---- | C] () -- D:\Users\User.2\AppData\Roaming\GhostObjGAFix.xml
[2011/02/01 13:30:23 | 000,028,672 | ---- | C] () -- D:\Windows\SysWow64\hlduinst.exe
[2011/02/01 13:30:21 | 000,153,088 | ---- | C] () -- D:\Windows\SysWow64\UNWISE.EXE
[2011/02/01 13:30:21 | 000,006,836 | ---- | C] () -- D:\Windows\SysWow64\UNWISE.INI
[2011/01/27 05:20:53 | 000,323,584 | ---- | C] () -- D:\Windows\SysWow64\Deinterlace.dll
[2011/01/27 05:20:50 | 000,176,128 | ---- | C] () -- D:\Windows\SysWow64\AVC_H264.dll
[2011/01/27 05:20:50 | 000,018,432 | ---- | C] () -- D:\Windows\SysWow64\AVC_JPEG.dll
[2011/01/25 10:10:09 | 001,558,018 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/24 04:58:18 | 000,008,028 | RHS- | C] () -- D:\ProgramData\ntuser.pol
[2011/01/24 04:53:21 | 000,009,024 | ---- | C] () -- D:\Windows\cfgall.ini
[2011/01/24 04:22:18 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2010/09/17 15:17:00 | 000,002,888 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2010/08/11 06:22:04 | 000,176,128 | ---- | C] () -- D:\Windows\SysWow64\AVC_AX_764_H264.dll
[2010/07/15 06:05:48 | 000,005,632 | ---- | C] () -- D:\Windows\SysWow64\AVC_AX_764_SCALE.dll
[2010/07/15 05:54:44 | 000,018,432 | ---- | C] () -- D:\Windows\SysWow64\AVC_AX_764_JPEG.dll
[2010/06/17 13:07:24 | 000,159,251 | ---- | C] () -- D:\Windows\SysWow64\swscale-0.11.0.dll
[2010/06/17 13:07:24 | 000,070,163 | ---- | C] () -- D:\Windows\SysWow64\avutil-50.19.0.dll
[2010/06/17 13:07:22 | 000,798,739 | ---- | C] () -- D:\Windows\SysWow64\avcodec-52.77.0.dll
[2010/06/17 13:07:22 | 000,085,504 | ---- | C] () -- D:\Windows\SysWow64\avformat-52.68.0.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2006/05/19 03:39:58 | 000,015,497 | ---- | C] () -- D:\Windows\snp2uvc.ini
[2004/02/03 11:59:08 | 000,029,035 | ---- | C] () -- D:\Windows\cstasp.ini
 
========== LOP Check ==========
 
[2013/02/22 07:24:12 | 000,000,000 | ---D | M] -- D:\ProgramData\A4172B8962F6DA710000A416877CE47A
[2011/01/24 04:27:06 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/09/16 09:35:42 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ
[2011/04/13 03:22:22 | 000,000,000 | ---D | M] -- D:\ProgramData\DassaultSystemes
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/01/24 04:27:06 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2012/09/16 15:20:09 | 000,000,000 | ---D | M] -- D:\ProgramData\Downloaded Installations
[2011/01/24 04:27:06 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/06/01 08:02:33 | 000,000,000 | ---D | M] -- D:\ProgramData\gom
[2011/01/24 08:51:26 | 000,000,000 | ---D | M] -- D:\ProgramData\Okidata
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2011/01/24 04:27:06 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012/09/16 15:20:04 | 000,000,000 | ---D | M] -- D:\ProgramData\Uninstall
[2011/01/24 04:27:06 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2013/02/01 14:35:25 | 000,000,000 | ---D | M] -- D:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2013/03/01 03:44:39 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---


Über Eure Unterstützung freuen wir uns sehr. Besten Dank.

LG
Silberberg-family

M-K-D-B 19.05.2013 16:42
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.

M-K-D-B 19.05.2013 16:48
Servus,




Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.

  • Starte den infizierten Rechner mit der OTLpe-CD und starte OTLpe.
  • Falls du keine Internetverbindung hast:
    1. Drücke Windows-Taste + R > notepad (reinschreiben) > OK
    2. Kopiere das Fixskript in den Editor und speichere die Datei als Fix.txt
    3. Kopiere dir die Fix.txt auf einen USB-Stick.
    4. Schließe den Stick an den infizierten Rechner an und kopiere dir die Datei auf den Desktop.
  • Füge das Skript in das Feld Custom Scans / Fixes ein:
Code:
:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylockeduserid = 1
O20 - HKU\User.2_ON_D Winlogon: Shell - (C:\Users\User.2\AppData\Roaming\skype.dat) - D:\Users\User.2\AppData\Roaming\skype.dat ()
[2013/02/22 07:17:23 | 000,000,000 | ---D | C] -- D:\ProgramData\A4172B8962F6DA710000A416877CE47A
[2013/05/19 05:06:02 | 000,000,004 | ---- | M] () -- D:\Users\User.2\AppData\Roaming\skype.ini
[2013/02/13 07:51:02 | 000,181,808 | ---- | C] () -- D:\Windows\RegBootClean.exe
[2013/03/26 14:42:57 | 000,022,064 | ---- | M] () -- D:\Windows\DCEBoot64.exe
[2013/03/26 14:42:45 | 000,011,576 | ---- | M] () -- D:\ProgramData\0561773.pad
[2013/03/09 17:36:16 | 000,002,898 | ---- | M] () -- D:\ProgramData\0561773.js
[2013/03/09 17:36:16 | 000,000,153 | ---- | M] () -- D:\ProgramData\0561773.reg
[2013/03/09 17:36:16 | 000,000,067 | ---- | M] () -- D:\ProgramData\0561773.bat

:commands
[emptytemp]
  • Schließe bitte nun alle anderen Programme.
  • Klicke nun bitte auf den Fix Button.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. (Auch zu finden unter C:\OTLpe\MovedFiles\<datum_nummer.log>)
  • Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.
Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTLpe scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein! :kaffee:
Fragen:
  • Kannst du jetzt wieder in den normalen Modus booten?

Silberberg 19.05.2013 17:30
Hallo Matthias,

1000-Dank für deine super-super schnelle Hilfe, und das am Feiertag!

Der Rechner lässt sich jetzt wieder ohne besondere Vorkommnisse hochfahren.
Was mich wundert ist, dass die "bösartigen Änderungen" vom Februar/März waren, aber der Rechner erst seit 2 Tagen blockiert war?
Hast du noch Tipps wie ich sicherstellen kann, dass auch alles gelöscht wurde?

Hier der Inhalt der Log-Datei:

Code:
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylockeduserid deleted successfully.
Registry key HKEY_USERS\User.2_ON_D\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon not found.
D:\Users\USER.ZWEI\AppData\Roaming\skype.dat moved successfully.
Folder D:\ProgramData\A4172B8962F6DA710000A416877CE47A\ not found.
D:\Users\USER.ZWEI\AppData\Roaming\skype.ini moved successfully.
D:\Windows\RegBootClean.exe moved successfully.
D:\Windows\DCEBoot64.exe moved successfully.
D:\ProgramData\0561773.pad moved successfully.
D:\ProgramData\0561773.js moved successfully.
D:\ProgramData\0561773.reg moved successfully.
D:\ProgramData\0561773.bat moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 695330680 bytes
->Temporary Internet Files folder emptied: 3834111 bytes
->Java cache emptied: 0 bytes
 
User: administrator.FirmaMANN2006
->Temp folder emptied: 51481 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
 
User: USER.EINS
->Temp folder emptied: 309009 bytes
->Temporary Internet Files folder emptied: 124960797 bytes
->Flash cache emptied: 57449 bytes
 
User: USER.ZWEI
->Temp folder emptied: 451356 bytes
->Temporary Internet Files folder emptied: 219538140 bytes
->Java cache emptied: 15330790 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 56471 bytes
 
User: USER.DREI
->Temp folder emptied: 51553 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8408607 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78610 bytes
 
Total Files Cleaned = 1,019.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 05192013_190323
Hallo Matthias,
habe gleich noch das Malwarebytes Anti-Rootkit über die Platte geschickt. Anbei das Protokoll vom ersten Durchgang. Beim zweiten Mal alles bestens.
Danke und Gruß,
Silberberg

Code:
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
USER.ZWEI :: 2455PC0357 [administrator]

19.05.2013 20:45:39
mbar-log-2013-05-19 (20-45-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32754
Time elapsed: 18 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Users\USER.ZWEI\AppData\Roaming\skype.dat -> Delete on reboot.

Registry Data Items Detected: 3
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\ProgramData\A4172B8962F6DA710000A416877CE47A\A4172B8962F6DA710000A416877CE47A.exe (Trojan.MP.zr0) -> Delete on reboot.

(end)

M-K-D-B 20.05.2013 10:03
Servus,



gut gemacht. Es freut mich, dass dein Rechner wieder normal startet. :daumenhoc

Wir sind allerdings noch nicht fertig. ;)




Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.







Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix,
  • die Logdatei von AdwCleaner.

M-K-D-B 23.05.2013 11:24
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131