Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Windows Verschlüsselungstrojaner

Windows Verschlüsselungstrojaner


Plagegeister aller Art und deren Bekämpfung: Windows Verschlüsselungstrojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.06.2012, 14:39   #1
Chrost04
 
Windows Verschlüsselungstrojaner - Standard

Windows Verschlüsselungstrojaner


Hallo,

Ich habe mir den Windowsvershclüsselungstrojaner eingefangen.
Sobald ich mich anmelden möchte erscheint der bekannte Bildschirm und ich kann nichts mehr machen. Ich werde aufgefordert Geld zu überweisen.

Wichtige Daten haben nicht mehr die uhrsprünglichen Namen und lassen sich mit dem eigentlich vorgesehenen Programm nicht mehr öffnen. (z.B. Word-Dateien).
Dies ist sowohl auf Partition C:\ als auch D:\ der Fall.

Hier die Log-Datei des OTLPENet überprüfung:


Code:
ATTFilter
OTL logfile created on: 6/9/2012 5:17:29 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19.53 Gb Total Space | 3.54 Gb Free Space | 18.13% Space Free | Partition Type: NTFS
Drive D: | 446.22 Gb Total Space | 424.65 Gb Free Space | 95.17% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = All Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/06/04 11:41:38 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/05 12:31:12 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/29 00:20:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/13 20:23:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/11/12 03:59:50 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto] -- C:\WINDOWS\system32\UpdSvc.dll -- (Update-Service)
SRV - [2011/06/08 04:32:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/01 05:07:58 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) [Auto] -- C:\Programme\Hama\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2003/07/28 03:58:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (hwdatacard)
DRV - File not found [Kernel | On_Demand] --  -- (ewusbnet)
DRV - File not found [Kernel | On_Demand] --  -- (ew_hwusbdev)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2012/04/18 20:20:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/02/21 20:55:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/30 20:16:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 05:02:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/05/27 06:22:12 | 000,829,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/05/08 02:52:28 | 001,358,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/04/21 07:01:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2008/08/26 01:56:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/18 06:54:24 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/04/13 15:56:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/24 23:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/03/24 23:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/02/14 05:42:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/04/16 08:16:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/16 01:41:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 01:41:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2001/08/23 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\ICH_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/17 12:51:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/05/05 12:31:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/04/18 04:00:15 | 000,000,000 | ---D | M]
 
[2009/10/23 11:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\mozilla\Extensions
[2012/05/30 20:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\mozilla\Firefox\Profiles\03j57ej5.default\extensions
[2012/06/06 07:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\mozilla\Firefox\Profiles\03j57ej5.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}
[2012/03/18 07:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/05/05 12:36:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/05 12:31:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/03/17 12:22:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 12:10:52 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/09/30 12:10:52 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/09/30 12:10:52 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/30 12:10:52 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/30 12:10:52 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/30 12:10:52 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/05/20 07:36:29 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\ICH_ON_C..\Run: [D0AA00FD] C:\WINDOWS\system32\5DB54D8DD0AA00FD13BC.exe (Al Momento Non è Registrata)
O4 - HKU\ICH_ON_C..\Run: [GAINWARD] C:\Programme\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2]  File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [nltide_2]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [nltide_2]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ICH_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ICH_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\ICH_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\ICH_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\ICH_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\5DB54D8DD0AA00FD13BC.exe) - C:\WINDOWS\system32\5DB54D8DD0AA00FD13BC.exe (Al Momento Non è Registrata)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/23 12:57:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/05/20 06:20:43 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{07c77aa6-8895-11e1-98cd-001966e1ad0e}\Shell - "" = AutoRun
O33 - MountPoints2\{07c77aa6-8895-11e1-98cd-001966e1ad0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07c77aa6-8895-11e1-98cd-001966e1ad0e}\Shell\AutoRun\command - "" = I:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{38dbbe36-a718-11e0-95fe-001966e1ad0e}\Shell - "" = AutoRun
O33 - MountPoints2\{38dbbe36-a718-11e0-95fe-001966e1ad0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{38dbbe36-a718-11e0-95fe-001966e1ad0e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{3944c2b2-8644-11e1-98c7-001966e1ad0e}\Shell - "" = AutoRun
O33 - MountPoints2\{3944c2b2-8644-11e1-98c7-001966e1ad0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3944c2b2-8644-11e1-98c7-001966e1ad0e}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{62e2b0d5-86ee-11e1-98c8-001966e1ad0e}\Shell - "" = AutoRun
O33 - MountPoints2\{62e2b0d5-86ee-11e1-98c8-001966e1ad0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{62e2b0d5-86ee-11e1-98c8-001966e1ad0e}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{829636d8-8846-11df-923d-001966e1ad0e}\Shell - "" = Autorun
O33 - MountPoints2\{829636d8-8846-11df-923d-001966e1ad0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{829636d8-8846-11df-923d-001966e1ad0e}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-3-83-100030914-100009785-100018514-3322.com f:\
O33 - MountPoints2\{829636d8-8846-11df-923d-001966e1ad0e}\Shell\Open\command - "" = RECYCLER\S-1-3-83-100030914-100009785-100018514-3322.com f:\
O33 - MountPoints2\{88c04b3c-889b-11e1-98ce-001966e1ad0e}\Shell - "" = AutoRun
O33 - MountPoints2\{88c04b3c-889b-11e1-98ce-001966e1ad0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{88c04b3c-889b-11e1-98ce-001966e1ad0e}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{88c04b3e-889b-11e1-98ce-001966e1ad0e}\Shell - "" = AutoRun
O33 - MountPoints2\{88c04b3e-889b-11e1-98ce-001966e1ad0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{88c04b3e-889b-11e1-98ce-001966e1ad0e}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{90090106-8867-11e1-98cb-001966e1ad0e}\Shell - "" = AutoRun
O33 - MountPoints2\{90090106-8867-11e1-98cb-001966e1ad0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{90090106-8867-11e1-98cb-001966e1ad0e}\Shell\AutoRun\command - "" = I:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{c76a4284-8864-11e1-98ca-001966e1ad0e}\Shell - "" = AutoRun
O33 - MountPoints2\{c76a4284-8864-11e1-98ca-001966e1ad0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c76a4284-8864-11e1-98ca-001966e1ad0e}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{eb9cef3b-8d50-11e1-98d8-001966e1ad0e}\Shell - "" = AutoRun
O33 - MountPoints2\{eb9cef3b-8d50-11e1-98d8-001966e1ad0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eb9cef3b-8d50-11e1-98d8-001966e1ad0e}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{ef5d6e7d-8ec4-11e1-98d9-001966e1ad0e}\Shell - "" = AutoRun
O33 - MountPoints2\{ef5d6e7d-8ec4-11e1-98d9-001966e1ad0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ef5d6e7d-8ec4-11e1-98d9-001966e1ad0e}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within All Days ==========
 
[2012/06/06 07:09:20 | 000,061,440 | -H-- | C] (Al Momento Non è Registrata) -- C:\WINDOWS\System32\5DB54D8DD0AA00FD13BC.exe
[2012/05/29 05:10:35 | 000,000,000 | ---D | C] -- C:\AVG2012
[2012/05/20 09:01:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/05/20 09:01:22 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/05/20 09:01:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/05/20 08:38:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ICH\Desktop\Portable_TrueCrypt_7.0
[2012/05/20 08:16:17 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/05/20 08:16:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/05/20 07:56:29 | 001,865,152 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2012/05/20 07:56:29 | 001,606,944 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\RaCertMgr.dll
[2012/05/20 07:56:29 | 000,180,224 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2012/05/20 07:56:29 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2012/05/20 07:56:16 | 000,829,792 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2012/05/20 07:56:16 | 000,238,944 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2012/05/20 07:51:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2012/05/20 07:46:33 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2012/05/20 07:46:33 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012/05/20 07:46:22 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2012/05/20 07:46:22 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/05/20 07:46:18 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012/05/20 07:46:05 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/05/20 07:46:00 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2012/05/20 07:46:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2012/05/20 07:45:55 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/05/20 07:45:41 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2012/05/20 07:45:22 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2012/05/20 07:44:31 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2012/05/20 07:44:23 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2012/05/20 07:41:21 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2012/05/20 07:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2012/05/20 07:40:54 | 002,194,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/05/20 07:40:54 | 002,150,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/05/20 07:40:54 | 002,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/05/20 07:40:53 | 002,071,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2012/05/20 07:40:53 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/05/20 07:40:48 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/05/20 07:40:44 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/05/20 07:40:32 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2012/05/20 07:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/05/20 07:26:27 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2012/05/20 07:26:27 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2012/05/20 07:26:27 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2012/05/20 07:26:27 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2012/05/20 07:26:27 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2012/05/20 07:26:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2012/05/20 07:26:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2012/05/20 07:26:26 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2012/05/20 07:26:26 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2012/05/20 07:26:26 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2012/05/20 07:26:26 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2012/05/20 07:26:26 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2012/05/20 07:26:26 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2012/05/20 07:26:26 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2012/05/20 07:26:26 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2012/05/20 07:26:26 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2012/05/20 07:26:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2012/05/20 07:26:26 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2012/05/20 07:26:26 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2012/05/20 07:26:26 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2012/05/20 07:26:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2012/05/20 07:26:26 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2012/05/20 07:26:26 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2012/05/20 07:26:26 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2012/05/20 07:26:26 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2012/05/20 07:26:25 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2012/05/20 07:26:25 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2012/05/20 07:26:25 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2012/05/20 07:26:25 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2012/05/20 07:26:25 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2012/05/20 07:26:25 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2012/05/20 07:26:25 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2012/05/20 07:26:25 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2012/05/20 07:26:25 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2012/05/20 07:26:25 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2012/05/20 07:26:25 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2012/05/20 07:26:25 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2012/05/20 07:26:25 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2012/05/20 07:26:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2012/05/20 07:26:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2012/05/20 07:26:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2012/05/20 07:26:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2012/05/20 07:26:24 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2012/05/20 07:26:24 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2012/05/20 07:26:24 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2012/05/20 07:26:24 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2012/05/20 07:26:24 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2012/05/20 07:26:24 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2012/05/20 07:26:24 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2012/05/20 07:26:24 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2012/05/20 07:26:24 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2012/05/20 07:26:24 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2012/05/20 07:26:24 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2012/05/20 07:26:24 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2012/05/20 07:26:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2012/05/20 07:26:24 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2012/05/20 07:26:24 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2012/05/20 07:26:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2012/05/20 07:26:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2012/05/20 07:26:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2012/05/20 07:26:24 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2012/05/20 07:26:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2012/05/20 07:26:24 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2012/05/20 07:26:23 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2012/05/20 07:26:23 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2012/05/20 07:26:23 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2012/05/20 07:26:22 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2012/05/20 07:26:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/05/20 07:26:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2012/05/20 07:26:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/05/20 07:25:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012/05/20 07:25:16 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2012/05/20 07:25:16 | 000,701,952 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2012/05/20 07:25:16 | 000,327,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2012/05/20 07:25:16 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2012/05/20 07:25:16 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2012/05/20 07:25:16 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2012/05/20 07:25:16 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2012/05/20 07:25:16 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2012/05/20 07:25:16 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2012/05/20 07:25:16 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2012/05/20 07:25:16 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2012/05/20 07:25:16 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2012/05/20 07:25:16 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2012/05/20 07:25:16 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2012/05/20 07:25:16 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2012/05/20 07:25:16 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2012/05/20 07:25:16 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2012/05/20 07:25:16 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2012/05/20 07:25:16 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2012/05/20 07:25:16 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2012/05/20 07:25:16 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2012/05/20 07:25:16 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2012/05/20 07:25:16 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2012/05/20 07:25:16 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2012/05/20 07:25:16 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2012/05/20 07:25:16 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2012/05/20 07:25:16 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2012/05/20 07:25:16 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2012/05/20 07:25:16 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2012/05/20 07:25:16 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2012/05/20 07:25:16 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2012/05/20 07:25:16 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2012/05/20 07:25:16 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2012/05/20 07:25:16 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2012/05/20 07:25:16 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2012/05/20 07:25:16 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2012/05/20 07:25:16 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2012/05/20 07:25:16 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2012/05/20 07:25:15 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2012/05/20 07:25:15 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2012/05/20 07:25:15 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2012/05/20 07:25:15 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2012/05/20 07:25:15 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2012/05/20 07:25:15 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2012/05/20 07:25:15 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2012/05/20 07:25:15 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2012/05/20 07:25:15 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2012/05/20 07:25:15 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2012/05/20 07:25:15 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2012/05/20 07:25:15 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2012/05/20 07:25:15 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2012/05/20 07:25:15 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2012/05/20 07:25:15 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2012/05/20 07:25:15 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2012/05/20 07:25:15 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2012/05/20 07:25:15 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2012/05/20 07:25:15 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2012/05/20 07:23:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/05/20 07:17:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/05/05 12:22:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2012/05/05 12:22:40 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2012/05/05 12:22:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2012/05/05 12:22:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2012/05/05 12:22:40 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2012/05/05 12:22:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2012/05/05 12:22:40 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2012/05/05 12:18:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/05/02 13:12:50 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/18 20:20:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2012/03/17 12:36:19 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/03/17 12:22:19 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/17 12:22:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/17 12:22:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/17 12:22:19 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/06 06:07:09 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2012/02/29 21:12:03 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2012/02/29 10:09:48 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2012/02/29 10:09:48 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imagehlp.dll
[2012/02/21 20:55:32 | 000,235,216 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2012/01/30 20:16:50 | 000,031,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2012/01/22 09:30:30 | 000,000,000 | ---D | C] -- C:\Eigene Dateien\Euro
[2012/01/15 09:25:11 | 000,000,000 | ---D | C] -- C:\Eigene Dateien\My Boards
[2011/12/23 05:02:14 | 000,041,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/11/29 09:01:18 | 000,000,000 | ---D | C] -- C:\Eigene Dateien\Strickanleitungen
[2011/11/26 10:18:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/11/26 09:55:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Grundschrift für den PC
[2011/11/20 02:12:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\packager.exe
[2011/11/12 03:59:50 | 000,114,000 | ---- | C] (Joosoft.com GmbH) -- C:\WINDOWS\System32\UpdSvc.dll
[2011/11/03 11:28:30 | 000,387,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2011/10/20 19:26:22 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2011/10/14 10:47:27 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmm.dll
[2011/10/14 10:47:27 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciseq.dll
[2011/10/04 10:50:58 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2011/10/04 10:45:34 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2011/10/04 10:45:24 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2011/10/04 10:45:24 | 000,605,696 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2011/10/04 10:45:24 | 000,123,904 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll
[2011/10/04 10:45:24 | 000,075,264 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2011/10/01 09:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/09/28 03:06:43 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/26 03:11:54 | 000,614,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 03:11:54 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/26 03:11:20 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/19 05:10:26 | 000,018,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/09/19 05:10:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2011/09/19 05:10:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WgaTray.exe
[2011/09/19 05:10:09 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WgaLogon.dll
[2011/08/31 08:15:02 | 000,000,000 | ---D | C] -- C:\Eigene Dateien\Spiele und Materialien
[2011/08/30 10:19:21 | 000,000,000 | ---D | C] -- C:\Eigene Dateien\Licht und Schatten
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\ICH\*.tmp files -> C:\Dokumente und Einstellungen\ICH\*.tmp -> ]
 
========== Files - Modified Within All Days ==========
 
[2012/06/09 06:22:06 | 000,235,621 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/06/09 06:21:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/08 06:38:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/06 07:09:20 | 000,061,440 | -H-- | M] (Al Momento Non è Registrata) -- C:\WINDOWS\System32\5DB54D8DD0AA00FD13BC.exe
[2012/06/06 04:10:49 | 099,830,459 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/06/04 11:41:38 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/04 11:41:38 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/04 11:41:38 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/02 07:48:54 | 000,100,418 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/05/31 09:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/30 10:26:12 | 000,612,287 | ---- | M] () -- C:\Dokumente und Einstellungen\ICH\Desktop\OxdUsfxlTsXXlasqLj
[2012/05/30 10:25:16 | 001,285,160 | ---- | M] () -- C:\Dokumente und Einstellungen\ICH\Desktop\XdtfplTseXlaEqLjjEyL
[2012/05/29 11:38:40 | 000,044,544 | ---- | M] () -- C:\Eigene Dateien\VUGrAslGujoDtQJ
[2012/05/29 05:10:22 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2012.lnk
[2012/05/28 12:55:50 | 000,192,512 | ---- | M] () -- C:\Eigene Dateien\jaXdNEAXdNgjsUsg
[2012/05/27 07:09:21 | 000,029,184 | ---- | M] () -- C:\Dokumente und Einstellungen\ICH\Desktop\JdsfTepleXDanAEqjoynu
[2012/05/21 13:20:32 | 000,000,584 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/20 09:04:36 | 000,000,801 | ---- | M] () -- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Internet Explorer Browser starten.lnk
[2012/05/20 08:48:32 | 000,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/20 08:47:30 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2012/05/20 08:15:33 | 000,316,924 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/05/20 08:15:33 | 000,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/20 08:15:33 | 000,048,360 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/05/20 08:15:33 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/20 07:51:36 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/05/20 07:36:29 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/20 07:25:12 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2012/05/19 11:16:47 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\ICH\Desktop\Microsoft Office Word 2003.lnk
[2012/05/11 13:20:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/05/11 13:20:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/05/11 13:20:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/05/11 13:20:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[2012/05/06 06:53:49 | 000,036,352 | ---- | M] () -- C:\Eigene Dateien\TfvEstrATdQnDG
[2012/05/06 05:55:30 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012/05/02 10:40:10 | 000,020,992 | ---- | M] () -- C:\Eigene Dateien\vgjLqoqojnXeTllXe
[2012/04/26 10:08:10 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325
[2012/04/26 10:07:48 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324
[2012/04/18 20:20:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2012/04/18 04:00:15 | 000,001,715 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2012/04/17 13:06:54 | 000,127,386 | ---- | M] () -- C:\Eigene Dateien\TaGQLEaVQNEpVdN
[2012/04/11 09:51:24 | 002,029,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/04/11 09:51:24 | 002,029,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2012/04/11 09:51:20 | 002,071,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2012/04/11 09:51:18 | 002,150,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2012/04/11 09:51:18 | 002,150,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/04/11 09:51:18 | 001,862,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/04/11 09:51:18 | 001,862,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012/04/11 09:51:17 | 002,194,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/03/28 14:00:43 | 000,210,232 | ---- | M] () -- C:\Eigene Dateien\qOgurJxdtffxdsXlTe
[2012/03/26 12:21:59 | 000,037,888 | ---- | M] () -- C:\Eigene Dateien\jvrQojnyoALqsTDXpsT
[2012/03/25 04:45:01 | 000,163,590 | ---- | M] () -- C:\Eigene Dateien\JEVqluararesrA
[2012/03/22 13:52:58 | 000,020,992 | ---- | M] () -- C:\Eigene Dateien\dljXJyNjGJxNaxl
[2012/03/20 13:34:32 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd06bfb5b44d68.job
[2012/03/19 15:00:02 | 000,032,256 | ---- | M] () -- C:\Eigene Dateien\OvrnpGQyefgEasJADUN
[2012/03/17 12:22:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/03/17 12:22:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/17 12:22:11 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/17 12:22:11 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/17 12:22:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/10 15:12:24 | 000,000,572 | ---- | M] () -- C:\Eigene Dateien\LQdXqNsDnvVTAgGeEQU
[2012/03/01 21:30:10 | 011,082,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2012/03/01 07:00:09 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2012/03/01 07:00:09 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2012/03/01 07:00:09 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2012/03/01 07:00:09 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2012/03/01 07:00:08 | 005,978,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2012/03/01 07:00:08 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/03/01 07:00:08 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2012/03/01 07:00:08 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2012/03/01 07:00:08 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2012/03/01 07:00:08 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2012/03/01 07:00:08 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2012/03/01 07:00:08 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/03/01 07:00:08 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2012/03/01 07:00:08 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2012/03/01 07:00:08 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2012/03/01 07:00:08 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2012/03/01 07:00:08 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2012/03/01 07:00:08 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/03/01 07:00:08 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2012/03/01 07:00:08 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2012/03/01 07:00:08 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2012/03/01 07:00:08 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2012/03/01 07:00:07 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/03/01 07:00:07 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2012/03/01 07:00:07 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2012/02/29 21:12:01 | 000,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2012/02/29 10:09:48 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2012/02/29 10:09:48 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imagehlp.dll
[2012/02/29 08:29:27 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2012/02/29 08:17:40 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2012/02/26 09:11:00 | 000,024,576 | ---- | M] () -- C:\Eigene Dateien\esUTfysqTJyrqsJGrpse
[2012/02/21 20:55:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2012/01/30 20:16:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2012/01/29 12:24:18 | 000,029,184 | ---- | M] () -- C:\Eigene Dateien\TxtlEjujnuJGsnqJt
[2012/01/29 09:55:25 | 000,020,992 | ---- | M] () -- C:\Eigene Dateien\dUsVVxUtepDTTepDn
[2012/01/22 13:18:15 | 000,032,256 | ---- | M] () -- C:\Eigene Dateien\DaDsNqafvnlsNyXUgoa
[2012/01/15 09:26:56 | 000,000,674 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Boardmaker version 5.lnk
[2012/01/11 15:06:33 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/11 15:06:33 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/01/09 12:20:20 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/12/23 05:02:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/12/11 07:36:32 | 000,112,640 | ---- | M] () -- C:\Eigene Dateien\gdtsXTqnvxslrvxyuUDN
[2011/12/10 11:45:00 | 000,167,424 | ---- | M] () -- C:\Eigene Dateien\AseUGNjelxQAElsQvEpsU
[2011/12/10 08:09:59 | 000,025,088 | ---- | M] () -- C:\Eigene Dateien\rUajNteovfXqgxDnQdT
[2011/12/08 14:57:49 | 000,000,922 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NAVIGON Fresh.lnk
[2011/11/30 14:22:47 | 000,011,770 | ---- | M] () -- C:\Dokumente und Einstellungen\ICH\Desktop\JsTjJVsEOGXyudDnrsaAJ
[2011/11/29 07:58:21 | 000,145,289 | ---- | M] () -- C:\Eigene Dateien\ueuuEnefuvnTfVuJna
[2011/11/26 11:33:21 | 000,135,680 | ---- | M] () -- C:\Eigene Dateien\gpnTgjOntOdODtsdEDA
[2011/11/26 09:57:51 | 000,000,752 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Verknüpfung mit Grundschrift für den PC.lnk
[2011/11/26 09:40:05 | 000,000,510 | ---- | M] () -- C:\Dokumente und Einstellungen\ICH\Desktop\Verknüpfung mit Grundschrift Beta.ttf.lnk
[2011/11/25 17:57:03 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winsrv.dll
[2011/11/25 17:57:03 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2011/11/23 14:41:12 | 000,027,136 | ---- | M] () -- C:\Eigene Dateien\NvnlsNyealtrypUQr
[2011/11/21 14:51:17 | 000,043,008 | ---- | M] () -- C:\Eigene Dateien\gaAOxsoudXyNsDnv
[2011/11/20 02:12:19 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\packager.exe
[2011/11/20 02:12:19 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\packager.exe
[2011/11/16 10:21:44 | 000,354,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2011/11/16 10:21:44 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2011/11/13 14:09:06 | 000,001,357 | ---- | M] () -- C:\Dokumente und Einstellungen\ICH\Desktop\DivX Movies.lnk
[2011/11/12 03:59:50 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\WINDOWS\System32\UpdSvc.dll
[2011/11/03 11:28:30 | 001,297,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quartz.dll
[2011/11/03 11:28:30 | 000,387,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2011/11/01 12:07:05 | 001,288,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll
[2011/10/28 01:31:46 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2011/10/28 01:31:46 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2011/10/20 19:26:22 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2011/10/19 14:41:13 | 000,021,504 | ---- | M] () -- C:\Eigene Dateien\olyusTLNVeAJGXEOd
[2011/10/18 08:15:08 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\UdvXteUApneuAOnV
[2011/10/18 07:13:23 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/10/16 10:21:54 | 000,019,389 | ---- | M] () -- C:\Eigene Dateien\glpdQEsGOAaVvLl
[2011/10/14 10:47:27 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmm.dll
[2011/10/14 10:47:27 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mciseq.dll
[2011/10/14 10:47:27 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciseq.dll
[2011/10/11 13:49:21 | 000,034,816 | ---- | M] () -- C:\Eigene Dateien\TrrolVVryllfJqqlNrE
[2011/10/10 10:22:46 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/10/05 07:31:07 | 000,734,027 | ---- | M] () -- C:\Eigene Dateien\guNsDnvfajgGeo
[2011/10/05 06:55:53 | 000,020,480 | ---- | M] () -- C:\Eigene Dateien\duQgJNyEjLyoAnX
[2011/10/04 10:58:53 | 000,069,632 | ---- | M] () -- C:\Dokumente und Einstellungen\ICH\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/04 10:51:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/10/04 10:51:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/10/04 10:21:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/09/26 03:11:54 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 03:11:54 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 03:11:54 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/26 03:11:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/18 09:05:12 | 000,185,119 | ---- | M] () -- C:\Eigene Dateien\DdTfyeqaJqNqsJ
[2011/09/18 09:01:05 | 000,188,109 | ---- | M] () -- C:\Eigene Dateien\fVQqaaVNyyTxrNyeGx
[2011/09/18 08:58:41 | 000,189,178 | ---- | M] () -- C:\Eigene Dateien\tdTspllTspTGGUONoedfr
[2011/09/18 08:53:33 | 000,500,047 | ---- | M] () -- C:\Eigene Dateien\eplDTeEAEynJOQNNJOQ
[2011/09/06 05:39:54 | 000,025,600 | ---- | M] () -- C:\Eigene Dateien\rDsVxUjGurvgpDaeGdsVq
[2011/09/02 05:58:08 | 000,001,816 | ---- | M] () -- C:\Dokumente und Einstellungen\ICH\Desktop\Play games (GameXN).lnk
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2011/07/15 09:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/07/08 10:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/07/03 06:44:13 | 000,019,968 | ---- | M] () -- C:\Eigene Dateien\AAVpEQDnrtAgfXudDLs
[2011/06/21 02:54:06 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\ICH\*.tmp files -> C:\Dokumente und Einstellungen\ICH\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/06/06 07:09:44 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/06/06 07:09:44 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/06/06 07:09:44 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/06/06 07:09:44 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/06/06 07:09:44 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/06/06 07:09:44 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/06/06 04:10:49 | 099,830,459 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/06/02 07:48:54 | 000,100,418 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/05/20 08:16:53 | 000,000,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2012.lnk
[2012/05/20 07:56:29 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2012/05/20 07:56:29 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2012/05/20 07:56:29 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2012/05/20 07:56:16 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/05/20 07:51:36 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/05/20 07:40:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/20 07:40:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/05/20 07:25:16 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2012/05/20 07:25:16 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2012/05/20 07:25:15 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2012/05/02 13:12:50 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/20 13:34:32 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd06bfb5b44d68.job
[2012/01/15 09:26:56 | 000,000,674 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Boardmaker version 5.lnk
[2012/01/12 07:42:18 | 000,001,715 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/08 14:57:49 | 000,000,922 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NAVIGON Fresh.lnk
[2011/11/26 09:57:51 | 000,000,752 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Verknüpfung mit Grundschrift für den PC.lnk
[2011/11/26 09:40:05 | 000,000,510 | ---- | C] () -- C:\Dokumente und Einstellungen\ICH\Desktop\Verknüpfung mit Grundschrift Beta.ttf.lnk
[2011/10/18 09:08:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/10/18 07:13:23 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/10/18 06:33:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\UdvXteUApneuAOnV
[2011/10/04 10:51:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/10/04 10:51:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/09/02 05:58:08 | 000,001,816 | ---- | C] () -- C:\Dokumente und Einstellungen\ICH\Desktop\Play games (GameXN).lnk
[2010/11/04 14:16:59 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\GkSui20.EXE
[2010/09/23 07:16:24 | 000,000,221 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/09/23 07:16:24 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/09/23 07:13:52 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2010/09/23 07:13:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/09/23 07:11:21 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/12/13 11:58:25 | 000,000,427 | ---- | C] () -- C:\WINDOWS\capture.ini
[2009/12/11 10:55:04 | 000,069,632 | ---- | C] () -- C:\Dokumente und Einstellungen\ICH\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/18 15:20:13 | 000,000,117 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/11/15 07:36:16 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/10/27 11:32:23 | 000,000,924 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/10/27 11:32:23 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/10/27 10:23:22 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/10/23 13:50:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/23 13:48:50 | 000,204,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/23 13:16:08 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/23 13:11:08 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/10/23 13:07:51 | 000,005,165 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/10/23 13:07:46 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/10/23 13:06:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/23 12:58:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/23 12:55:09 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/23 11:34:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/02 23:11:18 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/07/02 23:11:18 | 000,007,756 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2009/06/09 23:59:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/09 23:59:34 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/06/09 23:59:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/09 23:59:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/09 23:59:34 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/06/09 23:59:34 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/06/09 23:59:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/10/07 00:43:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 00:43:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 00:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 00:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 00:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 00:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 00:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 00:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 00:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 00:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004/08/03 15:12:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 04:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 04:00:00 | 000,316,924 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001/08/23 04:00:00 | 000,311,740 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 04:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001/08/23 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 04:00:00 | 000,048,360 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001/08/23 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 04:00:00 | 000,040,128 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 04:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001/08/23 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2012/05/20 08:17:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\AVG2012
[2012/06/06 07:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\Clat
[2012/06/06 07:21:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\DDMSettings
[2012/06/06 07:21:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\go
[2009/10/31 07:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\OpenOffice.org
[2011/10/04 10:52:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\PC Suite
[2012/05/20 06:40:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ICH\Anwendungsdaten\TuneUp Software
[2012/05/20 08:17:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2012
[2009/10/27 09:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bitstream Font Navigator
[2011/12/08 14:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2012/05/20 07:27:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011/09/02 05:58:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2012/06/06 07:21:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GameXN
[2011/09/19 11:06:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Joosoft.com
[2012/06/06 07:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2011/10/04 10:52:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2011/10/04 10:44:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2012/05/12 10:52:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012/05/20 07:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RalinkRT2870 Driver
[2010/09/23 07:11:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2012/05/20 08:41:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012/06/06 07:21:50 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012/05/20 07:51:36 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
 
========== Purity Check ==========
 
 
< End of report >
Hier noch eine andere erstellte Log-Datei (Ich weiß leider nicht welche Ihr benötigt, aber hilfreich wirds auf jeden Fall sein):

Code:
ATTFilter
========== OTL ==========
Registry key HKEY_USERS\Reiner_Rosenwald_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Dokumente und Einstellungen\Reiner Rosenwald\Anwendungsdaten\Realtec\Realtecdriver.exe not found.
Registry key HKEY_USERS\Reiner_Rosenwald_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Dokumente und Einstellungen\Reiner Rosenwald\Anwendungsdaten\Ljltcidrhk\5CDBCC0ABC75221A48DD.exe not found.
Registry key HKEY_USERS\Iris_Rosenwald_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Dokumente und Einstellungen\Iris Rosenwald\Anwendungsdaten\Realtec\Realtecdriver.exe not found.
Registry key HKEY_USERS\Iris_Rosenwald_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\system32\CB6E3819BC75221AB5F4.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry key HKEY_USERS\Reiner_Rosenwald_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Reiner_Rosenwald_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\CB6E3819BC75221AB5F4.exe deleted successfully.
File C:\WINDOWS\system32\CB6E3819BC75221AB5F4.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ deleted successfully.
========== FILES ==========
File\Folder C:\Dokumente und Einstellungen\Reiner Rosenwald\Anwendungsdaten\Realtec\Realtecdriver.exe not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: ICH
->Temp folder emptied: 92961608 bytes
->Temporary Internet Files folder emptied: 4767435 bytes
->Java cache emptied: 5757906 bytes
->FireFox cache emptied: 250534721 bytes
->Flash cache emptied: 154912 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
Total Flash Files Cleaned = 338.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ICH
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108806 bytes
 
Total Files Cleaned = 2.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06092012_172454

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\scs1.tmp not found!
File\Folder C:\WINDOWS\temp\scs18.tmp not found!

Registry entries deleted on Reboot...

Ich habe allerdings noch ein zweite Partition, die auch entschlüsselt werden muss.

Mein Problem liegt im enteffekt darin, dass ich bestimmte Daten retten muss und dann ein neues Betriebssystem aufsetzen möchte. Dies geht leider nicht, da ich ja diesen Trojaner drauf habe.

Vielen Dank im vorraus
Geändert von Chrost04 (09.06.2012 um 15:01 Uhr)

Alt 12.06.2012, 12:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Verschlüsselungstrojaner - Standard

Windows Verschlüsselungstrojaner


Hinweise bzgl. der verschlüsselten Dateien:
Wann genau deine Daten entschlüsselt werden können wird dir niemand genau sagen können außer vllt einer es kann sein, dass du eine neuere Variante hast, deren Verschlüsselungsalgorithmus noch unbekannt ist. Sowas kann man (noch) nicht entschlüsseln und ohne Schlüssel schon garnicht - ist ja auch logisch, sonst wär es ja keine vernünftige Verschlüsselung
Einfach hier nochmal reinsehen in regelmäßigen Abständen, obige Hinweise beachten. 8 Tools mitsamt hunderten Diskussionsbeiträgen stehen da schon

Eine Notlösung für Vista und Win7-User => http://www.trojaner-board.de/115496-...erstellen.html

Entschlüsselungsversuche der verschlüsselten Dateien sind nur auf zusätzliche Kopien der verschlüsselten Dateien anzuwenden, sonst zerhackt man sich die noch weiter ohne die "original" verschlüsselte Datei mehr zu haben. Das willst du sicher nicht!

Man darf sich aber keine falschen Hoffnungen machen. Mittlerweile sieht es finster aus => Delphi-PRAXiS - Einzelnen Beitrag anzeigen - Verschlüsselungs-Trojaner, Hilfe benötigt

Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html
__________________

__________________
Antwort

Themen zu Windows Verschlüsselungstrojaner
.com, adobe, adobe flash player, avg, bho, bildschirm, browser, desktop, disabletaskmgr, einstellungen, explorer, firefox, flash player, format, geld, google earth, helper, hilfreich, homepage, log-datei, logfile, microsoft office word, mozilla, nvidia, plug-in, rundll, scan, software, windows, windows verschlüsselungstrojaner, windows xp, winlogon


« Ukash Verschlüsselungs Trojaner eingefangen | Vorgehen beim Verschlüsselungs-Trojaner ? »


Ähnliche Themen: Windows Verschlüsselungstrojaner


  1. Windows 7 Pro Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (47)
  2. Windows XP Pro, Verschlüsselungstrojaner, Windows fährt nicht vollständig hoch
    Plagegeister aller Art und deren Bekämpfung - 21.06.2012 (1)
  3. Verschlüsselungstrojaner windows 7
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  4. Erwischt: Windows Verschlüsselungstrojaner unter Windows XP via E-Mail
    Log-Analyse und Auswertung - 17.06.2012 (11)
  5. Windows Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 15.06.2012 (13)
  6. Windows verschlüsselungstrojaner
    Log-Analyse und Auswertung - 14.06.2012 (3)
  7. Windows Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (2)
  8. Windows-Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (21)
  9. Windows Verschlüsselungstrojaner .....
    Log-Analyse und Auswertung - 29.05.2012 (1)
  10. Windows Verschlüsselungstrojaner ...
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (7)
  11. Windows Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 17.05.2012 (25)
  12. Windows Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 16.05.2012 (25)
  13. Windows Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 15.05.2012 (13)
  14. Windows Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 05.05.2012 (17)
  15. windows verschlüsselungstrojaner
    Log-Analyse und Auswertung - 27.04.2012 (12)
  16. Windows Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (3)
  17. Windows Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows Verschlüsselungstrojaner - Hallo, Ich habe mir den Windowsvershclüsselungstrojaner eingefangen. Sobald ich mich anmelden möchte erscheint der bekannte Bildschirm und ich kann nichts mehr machen. Ich werde aufgefordert Geld zu überweisen. Wichtige Daten - Windows Verschlüsselungstrojaner...
Archiv
Du betrachtest: Windows Verschlüsselungstrojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129