Trojaner-Board - Langsamer Windows 7 Start nach Trojanerbefall

vielen dank für die schnelle antwort!

ich poste mal ... "defogger_disable":

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 15:48 on 12/02/2012 (mocra)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

von DDS:

Code:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 

Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 1.6.0_30

Run by mocra at 15:51:30 on 2012-02-12

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4085.2686 [GMT 1:00]

.

AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r

mRun: [UpdReg] C:\Windows\UpdReg.EXE

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\mocra\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BF2BC472-F4CC-488E-8BB1-A4382A778177} : DhcpNameServer = 192.168.1.1

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r

mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE

mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\mocra\AppData\Roaming\Mozilla\Firefox\Profiles\jr66gp32.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2011-4-19 14904]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]

R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]

R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-4-19 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-19 79360]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2011-4-19 917768]

.

=============== Created Last 30 ================

.

2012-02-12 04:43:58        --------        d-----w-        C:\Users\mocra\AppData\Local\{FAE74EBF-D990-40CD-ABD7-152A2A18D283}

2012-02-12 04:43:46        --------        d-----w-        C:\Users\mocra\AppData\Local\{557E1B6F-BCD5-4829-BC70-79754A48FEE9}

2012-02-12 02:17:29        --------        d-----w-        C:\Users\mocra\AppData\Roaming\Malwarebytes

2012-02-12 02:17:23        --------        d-----w-        C:\ProgramData\Malwarebytes

2012-02-12 01:13:16        --------        d-----w-        C:\ProgramData\AVAST Software

2012-02-12 01:13:16        --------        d-----w-        C:\Program Files\AVAST Software

2012-02-11 16:43:14        --------        d-----w-        C:\Users\mocra\AppData\Local\{8E761D19-5133-481F-91BB-7BB9778DA658}

2012-02-11 16:43:02        --------        d-----w-        C:\Users\mocra\AppData\Local\{8730663C-2593-4160-AFE6-3C94DA4968E2}

2012-02-11 13:51:16        414368        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-11 04:42:35        --------        d-----w-        C:\Users\mocra\AppData\Local\{3D5618CC-AFDA-4F1F-BF67-18E68E79A94A}

2012-02-11 04:42:20        --------        d-----w-        C:\Users\mocra\AppData\Local\{73700E1A-107D-4BF1-A317-712A93096ECD}

2012-02-11 02:02:54        367104        ----a-w-        C:\Windows\System32\wcncsvc.dll

2012-02-11 02:02:54        276992        ----a-w-        C:\Windows\SysWow64\wcncsvc.dll

2012-02-11 02:00:36        243712        ----a-w-        C:\Windows\System32\drivers\ks.sys

2012-02-11 02:00:36        184832        ----a-w-        C:\Windows\System32\drivers\usbvideo.sys

2012-02-10 22:16:34        --------        d-----w-        C:\Users\mocra\AppData\Local\ASUS

2012-02-10 19:05:52        662528        ----a-w-        C:\Windows\System32\XpsPrint.dll

2012-02-10 19:05:52        442880        ----a-w-        C:\Windows\SysWow64\XpsPrint.dll

2012-02-10 16:41:36        --------        d-----w-        C:\Users\mocra\AppData\Local\{3EDA67A5-8237-46D3-9AD2-9DFB1CD0BF30}

2012-02-10 16:41:25        --------        d-----w-        C:\Users\mocra\AppData\Local\{E2DD42CF-5F88-411A-BBFA-D440B596D3B1}

2012-02-10 16:41:11        --------        d-----w-        C:\Users\mocra\Tracing

2012-02-10 16:37:16        --------        d-----w-        C:\Windows\PCHEALTH

2012-02-10 16:35:49        257024        ----a-w-        C:\Windows\System32\mfreadwrite.dll

2012-02-10 16:35:49        206848        ----a-w-        C:\Windows\System32\mfps.dll

2012-02-10 16:35:49        196608        ----a-w-        C:\Windows\SysWow64\mfreadwrite.dll

2012-02-10 16:35:48        4068864        ----a-w-        C:\Windows\System32\mf.dll

2012-02-10 16:35:48        1888256        ----a-w-        C:\Windows\System32\WMVDECOD.DLL

2012-02-10 16:35:48        1619456        ----a-w-        C:\Windows\SysWow64\WMVDECOD.DLL

2012-02-10 16:35:47        3181568        ----a-w-        C:\Windows\SysWow64\mf.dll

2012-02-10 16:33:51        6260088        ----a-w-        C:\Program Files (x86)\Common Files\Windows Live\.cache\c4a12cfb1cce81117\Silverlight.4.0.exe

2012-02-10 16:33:03        --------        d-----w-        C:\Users\mocra\AppData\Local\Windows Live

2012-02-10 16:33:01        --------        d-----w-        C:\Program Files (x86)\Common Files\Windows Live

2012-02-10 15:30:23        8602168        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-02-10 15:30:19        8602168        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB8A0880-6A6B-4303-9654-D563DC055C31}\mpengine.dll

2012-02-10 15:30:08        80384        ----a-w-        C:\Windows\System32\drivers\BTHUSB.SYS

2012-02-10 15:30:08        552448        ----a-w-        C:\Windows\System32\drivers\bthport.sys

2012-02-10 15:30:08        --------        d-----w-        C:\Users\mocra\AppData\Roaming\OpenOffice.org

2012-02-10 15:27:42        --------        d-----w-        C:\Program Files (x86)\OpenOffice.org 3

2012-02-10 15:27:07        472808        ----a-w-        C:\Windows\SysWow64\deployJava1.dll

2012-02-10 11:21:57        --------        d-----w-        C:\Users\mocra\AppData\Local\Adobe

2012-02-10 03:27:58        99176        ----a-w-        C:\Windows\SysWow64\PresentationHostProxy.dll

2012-02-10 03:27:58        49472        ----a-w-        C:\Windows\SysWow64\netfxperf.dll

2012-02-10 03:27:58        48960        ----a-w-        C:\Windows\System32\netfxperf.dll

2012-02-10 03:27:58        444752        ----a-w-        C:\Windows\System32\mscoree.dll

2012-02-10 03:27:58        320352        ----a-w-        C:\Windows\System32\PresentationHost.exe

2012-02-10 03:27:58        297808        ----a-w-        C:\Windows\SysWow64\mscoree.dll

2012-02-10 03:27:58        295264        ----a-w-        C:\Windows\SysWow64\PresentationHost.exe

2012-02-10 03:27:58        1942856        ----a-w-        C:\Windows\System32\dfshim.dll

2012-02-10 03:27:58        1130824        ----a-w-        C:\Windows\SysWow64\dfshim.dll

2012-02-10 03:27:58        109912        ----a-w-        C:\Windows\System32\PresentationHostProxy.dll

2012-02-10 03:27:38        294912        ----a-w-        C:\Windows\System32\browserchoice.exe

2012-02-10 02:20:01        714752        ----a-w-        C:\Windows\System32\kerberos.dll

2012-02-10 02:20:01        541184        ----a-w-        C:\Windows\SysWow64\kerberos.dll

2012-02-10 02:18:54        1897328        ----a-w-        C:\Windows\System32\drivers\tcpip.sys

2012-02-10 02:17:56        603976        ----a-w-        C:\Windows\System32\winload.exe

2012-02-10 02:16:59        1097216        ----a-w-        C:\Windows\System32\mstsc.exe

2012-02-09 23:35:13        42768        ----a-w-        C:\Windows\System32\drivers\tmpreflt.sys

2012-02-09 23:35:13        342288        ----a-w-        C:\Windows\System32\drivers\tmxpflt.sys

2012-02-09 23:35:13        2077456        ----a-w-        C:\Windows\System32\drivers\vsapint.sys

2012-02-09 20:17:01        --------        d-----w-        C:\Windows\System32\log

2012-02-09 19:58:29        --------        d-----w-        C:\Program Files (x86)\Lionhead Studios

2012-02-09 19:53:29        753664        ----a-w-        C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2012-02-09 19:53:29        69714        ----a-w-        C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2012-02-09 19:53:29        63488        ----a-w-        C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2012-02-09 19:53:29        5632        ----a-w-        C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2012-02-09 19:53:29        274432        ----a-w-        C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2012-02-09 19:53:29        184320        ----a-w-        C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2012-02-09 19:53:25        200836        ----a-w-        C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2012-02-09 19:53:24        331908        ----a-w-        C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2012-02-09 19:09:17        279656        ------w-        C:\Windows\System32\MpSigStub.exe

2012-02-09 19:02:37        --------        d-----w-        C:\Users\mocra\Unigine Tropics

2012-02-09 19:02:20        --------        d-----w-        C:\Program Files (x86)\Unigine

2012-02-09 18:57:42        220672        ----a-w-        C:\Windows\System32\wintrust.dll

2012-02-09 18:57:42        172032        ----a-w-        C:\Windows\SysWow64\wintrust.dll

2012-02-09 18:57:42        139264        ----a-w-        C:\Windows\System32\cabview.dll

2012-02-09 18:57:42        132608        ----a-w-        C:\Windows\SysWow64\cabview.dll

2012-02-09 18:55:41        --------        d-----w-        C:\Program Files (x86)\Geeks3D

2012-02-09 18:50:26        --------        d-----w-        C:\Users\mocra\AppData\Local\Broadcom

2012-02-09 18:48:13        --------        d-sh--we        C:\Programme

2012-02-09 18:48:13        --------        d-sh--we        C:\ProgramData\Vorlagen

2012-02-09 18:48:13        --------        d-sh--we        C:\ProgramData\Startmenü

2012-02-09 18:48:13        --------        d-sh--we        C:\ProgramData\Favoriten

2012-02-09 18:48:13        --------        d-sh--we        C:\ProgramData\Dokumente

2012-02-09 18:48:13        --------        d-sh--we        C:\ProgramData\Anwendungsdaten

2012-02-09 18:48:13        --------        d-sh--we        C:\Program Files\Gemeinsame Dateien

2012-02-09 18:48:13        --------        d-sh--we        C:\Dokumente und Einstellungen

.

==================== Find3M  ====================

.

2011-11-24 05:00:47        3141632        ----a-w-        C:\Windows\System32\win32k.sys

2011-11-19 15:07:41        77312        ----a-w-        C:\Windows\System32\packager.dll

2011-11-19 14:06:13        67072        ----a-w-        C:\Windows\SysWow64\packager.dll

2011-11-17 07:17:03        152432        ----a-w-        C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 07:17:02        95088        ----a-w-        C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 07:15:08        460296        ----a-w-        C:\Windows\System32\drivers\cng.sys

2011-11-17 07:14:10        1739160        ----a-w-        C:\Windows\System32\ntdll.dll

2011-11-17 07:12:02        395776        ----a-w-        C:\Windows\System32\webio.dll

2011-11-17 07:11:33        28672        ----a-w-        C:\Windows\System32\sspisrv.dll

2011-11-17 07:11:33        136192        ----a-w-        C:\Windows\System32\sspicli.dll

2011-11-17 07:11:02        28160        ----a-w-        C:\Windows\System32\secur32.dll

2011-11-17 07:10:58        340992        ----a-w-        C:\Windows\System32\schannel.dll

2011-11-17 07:08:18        1446912        ----a-w-        C:\Windows\System32\lsasrv.dll

2011-11-17 07:05:16        31232        ----a-w-        C:\Windows\System32\lsass.exe

2011-11-17 05:41:38        1292592        ----a-w-        C:\Windows\SysWow64\ntdll.dll

2011-11-17 05:39:28        314368        ----a-w-        C:\Windows\SysWow64\webio.dll

2011-11-17 05:39:21        224768        ----a-w-        C:\Windows\SysWow64\schannel.dll

2011-11-17 05:39:21        22016        ----a-w-        C:\Windows\SysWow64\secur32.dll

2011-11-17 05:35:13        96768        ----a-w-        C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 15:52:22,05 ===============

dann hab ich noch die attach hier im zipformat hinzugefügt