Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Vermutlicher Befall mit Verschlüsselungstrojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.07.2012, 20:14   #1
WebWicht
 
Vermutlicher Befall mit Verschlüsselungstrojaner - Standard

Vermutlicher Befall mit Verschlüsselungstrojaner



Hallo liebe Gemeinde,

das Notebook meines Bekannten wurde vermutlich durch einen Verschlüsselungstrojaner kompromitiert.
Die zugehörige Mail mit der Anlage habe ich bereits zugesendet.

Meine Scans mit Avira, Norton 360 und Malwarebytes liefern keine Funde mehr. Evtl. hat ein nachträglicher Komplettscan die Spuren entfernt ...

Die Frage ist, wie oder mit welchem Tool könnte man die verschlüsselten Dateien wieder herstellen ?

Viele Dateien habe einfach kryptische Namen, z. B.:
"qANOaponsGDeONdfnovu"

bei anderen wiederum stimmt der Name, aber die Dateien lassen sich mit verschiedensten Programme und Fehlermeldungen nicht öffnen. So z. B. mit Word 2003, Excel 2003, Powerpoint 2003, aber auch Bilder oder Filme gehen mit verschiedenen Programmen nicht auf.

Bestimmt könnt Ihr aus der Mail erkennen, welcher Schädling zugeschlagen hat und was man dagegen tun kann ?

Im voraus vielen Dank für Eure Mühen !

Jörn

Das OTL-Log:
--------------
Code:
ATTFilter
OTL logfile created on: 29.07.2012 07:23:07 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 64,27% Memory free
3,81 Gb Paging File | 3,14 Gb Available in Paging File | 82,47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 158,17 Gb Free Space | 67,92% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.29 07:22:27 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2012.04.04 14:06:00 | 001,001,472 | ---- | M] (NCP engineering GmbH) -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NcpBudgetGui.exe
PRC - [2012.04.04 10:12:30 | 001,298,512 | ---- | M] (NCP Engineering GmbH) -- C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe
PRC - [2011.08.23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.08.22 14:48:22 | 000,883,792 | ---- | M] (NCP engineering GmbH) -- C:\Programme\LANCOM-Systems\Advanced VPN Client\rwsrsu.exe
PRC - [2011.07.27 14:12:56 | 000,139,344 | ---- | M] (NCP engineering GmbH) -- C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpclcfg.exe
PRC - [2011.06.09 14:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.04.21 08:11:36 | 000,119,808 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPSEC.EXE
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009.10.01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe
PRC - [2009.10.01 21:32:04 | 002,596,712 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProTray.exe
PRC - [2009.09.21 20:19:20 | 001,964,528 | ---- | M] (Symantec) -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2008.09.09 03:42:26 | 000,135,168 | ---- | M] (Citrix Systems, Inc) -- C:\Programme\Citrix\Secure Access Client\nsverctl.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.07.26 14:57:02 | 000,192,512 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2006.07.21 16:14:36 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.07 14:59:48 | 000,098,304 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPMIF32.DLL
MOD - [2011.12.22 16:28:30 | 001,724,416 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpgacc.dll
MOD - [2011.12.01 12:55:40 | 000,195,072 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPDLG.DLL
MOD - [2011.10.12 16:43:20 | 000,148,992 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NcpBudget2008.dll
MOD - [2011.08.19 13:24:12 | 000,964,608 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\rsussl.dll
MOD - [2011.04.21 08:11:36 | 000,119,808 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPSEC.EXE
MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2002.09.04 16:27:06 | 000,102,400 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NcpCry.DLL
MOD - [2002.06.28 11:16:42 | 000,151,552 | ---- | M] () -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPCFG.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.04 10:12:30 | 001,298,512 | ---- | M] (NCP Engineering GmbH) [Auto | Running] -- C:\Programme\LANCOM-Systems\Advanced VPN Client\ncprwsnt.exe -- (ncprwsnt)
SRV - [2011.08.22 14:48:22 | 000,883,792 | ---- | M] (NCP engineering GmbH) [Auto | Stopped] -- C:\Programme\LANCOM-Systems\Advanced VPN Client\rwsrsu.exe -- (rwsrsu)
SRV - [2011.07.27 14:12:56 | 000,139,344 | ---- | M] (NCP engineering GmbH) [Auto | Running] -- C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpclcfg.exe -- (ncpclcfg)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.21 08:11:36 | 000,119,808 | ---- | M] () [Auto | Running] -- C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPSEC.EXE -- (NcpSec)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.10.01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2009.09.21 20:25:34 | 001,571,336 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009.09.21 20:19:20 | 001,964,528 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2008.09.09 03:42:26 | 000,135,168 | ---- | M] (Citrix Systems, Inc) [Auto | Running] -- C:\Programme\Citrix\Secure Access Client\nsverctl.exe -- (nsverctl)
SRV - [2007.09.28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.06.19 02:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.06.14 20:39:26 | 000,369,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120727.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012.05.31 04:40:02 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.05.31 04:40:02 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.05.16 01:48:15 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120728.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.05.16 01:48:14 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120728.009\NAVENG.SYS -- (NAVENG)
DRV - [2012.04.03 11:50:40 | 000,086,768 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (ncpvaxp)
DRV - [2012.04.03 11:50:40 | 000,086,768 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (NcpFiltMP)
DRV - [2012.04.03 11:50:40 | 000,086,768 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (NcpFilt)
DRV - [2011.10.27 18:07:55 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.04.21 03:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symtdi.sys -- (SYMTDI)
DRV - [2011.03.31 05:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
DRV - [2011.03.31 05:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)
DRV - [2011.03.15 04:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011.01.27 08:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2011.01.27 07:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)
DRV - [2009.10.01 22:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.09.21 20:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009.09.21 20:26:10 | 000,046,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2009.09.21 20:20:42 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap)
DRV - [2008.09.09 03:43:14 | 000,048,280 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\net6im51.sys -- (Net6IM)
DRV - [2008.04.28 06:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008.04.13 23:04:34 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2008.04.11 17:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.26 18:37:26 | 004,713,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.03.25 16:24:22 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.03.25 13:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 11:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.01.22 20:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.03 22:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.11.29 09:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.18 14:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.02 11:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.01.07 05:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{70342950-0837-48E9-A7E7-15122D10E11A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F0FD1B99-89F3-45A1-89D4-DFAF1735CC45&apn_sauid=9FD0EA40-82CF-412C-B236-014CC2535A07&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =  ;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =  
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012.02.11 18:52:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_10_1 [2012.07.27 18:47:28 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [ITSecMng] C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe File not found
O4 - HKLM..\Run: [NcpBudgetGui] C:\Programme\LANCOM-Systems\Advanced VPN Client\NcpBudgetGui.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpMonitor] C:\Programme\LANCOM-Systems\Advanced VPN Client\ncpmon.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpPopup] C:\Programme\LANCOM-Systems\Advanced VPN Client\ncppopup.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpRsuGui] C:\Programme\LANCOM-Systems\Advanced VPN Client\rwsrsu.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Programme\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\WButton.exe File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Citrix Access Gateway.lnk = C:\Programme\Citrix\Secure Access Client\nsload.exe (Citrix Systems, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - c:\Programme\Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.24 20:56:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9eac8576-2a27-11e0-9f85-00215d2d3544}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.29 07:22:25 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012.07.28 19:45:18 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012.07.28 19:45:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.07.28 19:08:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.07.27 19:43:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2012.07.27 19:43:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.07.27 19:43:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.07.27 19:43:20 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.27 19:43:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.07.27 18:59:23 | 000,000,000 | ---D | C] -- C:\N360_RESTORE
[2012.07.26 19:50:27 | 000,116,736 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2012.07.26 19:50:24 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2012.07.26 19:50:13 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2012.07.26 19:50:10 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2012.07.26 19:49:47 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2012.07.26 19:49:44 | 000,035,402 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2012.07.26 19:49:36 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2012.07.26 19:49:19 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2012.07.26 19:49:06 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2012.07.26 19:49:03 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2012.07.26 19:49:00 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2012.07.26 19:48:55 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2012.07.26 19:48:52 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2012.07.26 19:48:49 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2012.07.26 19:48:45 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2012.07.26 19:48:32 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2012.07.26 19:48:20 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2012.07.26 19:48:17 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2012.07.26 19:48:14 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2012.07.26 19:48:09 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2012.07.26 19:47:53 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2012.07.26 19:47:41 | 000,212,480 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2012.07.26 19:47:38 | 000,216,576 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2012.07.26 19:47:28 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2012.07.26 19:47:26 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2012.07.26 19:47:23 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2012.07.26 19:47:20 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2012.07.26 19:47:17 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2012.07.26 19:47:14 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2012.07.26 19:46:52 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2012.07.26 19:46:48 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2012.07.26 19:46:45 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2012.07.26 19:46:44 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2012.07.26 19:46:40 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2012.07.26 19:46:38 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2012.07.26 19:46:27 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2012.07.26 19:46:24 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2012.07.26 19:45:58 | 000,159,744 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2012.07.26 19:45:56 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2012.07.26 19:45:53 | 000,287,232 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2012.07.26 19:45:50 | 000,017,152 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2012.07.26 19:45:45 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2012.07.26 19:45:07 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2012.07.26 19:45:03 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2012.07.26 19:45:01 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2012.07.26 19:44:58 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2012.07.26 19:44:56 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2012.07.26 19:44:33 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2012.07.26 19:44:31 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2012.07.26 19:44:28 | 000,095,178 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2012.07.26 19:44:22 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2012.07.26 19:43:59 | 000,161,888 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2012.07.26 19:43:56 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2012.07.26 19:43:54 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2012.07.26 19:43:51 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2012.07.26 19:43:31 | 000,017,792 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2012.07.26 19:43:25 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2012.07.26 19:43:23 | 000,024,192 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2012.07.26 19:43:11 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2012.07.26 19:43:08 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2012.07.26 19:43:06 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2012.07.26 19:43:03 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2012.07.26 19:43:01 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2012.07.26 19:42:58 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2012.07.26 19:42:56 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2012.07.26 19:42:53 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2012.07.26 19:42:51 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2012.07.26 19:42:46 | 000,083,968 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2012.07.26 19:42:43 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2012.07.26 19:42:42 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2012.07.26 19:42:41 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2012.07.26 19:42:30 | 000,010,752 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2012.07.26 19:42:26 | 000,079,360 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012.07.26 19:42:22 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2012.07.26 19:42:06 | 000,715,242 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2012.07.26 19:42:03 | 000,899,658 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2012.07.26 19:41:50 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2012.07.26 19:41:48 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2012.07.26 19:41:46 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2012.07.26 19:41:37 | 000,016,384 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2012.07.26 19:41:02 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2012.07.26 19:40:52 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2012.07.26 19:40:52 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2012.07.26 19:40:49 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2012.07.26 19:40:18 | 000,054,730 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2012.07.26 19:40:13 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2012.07.26 19:40:10 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2012.07.26 19:39:52 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2012.07.26 19:39:41 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2012.07.26 19:39:39 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2012.07.26 19:39:34 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2012.07.26 19:39:26 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2012.07.26 19:39:24 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2012.07.26 19:39:16 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2012.07.26 19:39:14 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2012.07.26 19:39:12 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2012.07.26 19:39:10 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2012.07.26 19:39:07 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2012.07.26 19:39:05 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2012.07.26 19:38:58 | 000,076,288 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2012.07.26 19:38:56 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2012.07.26 19:38:54 | 000,019,968 | ---- | C] (Macronix International Co., Ltd.                                               ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2012.07.26 19:38:51 | 000,020,480 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2012.07.26 19:38:49 | 000,022,144 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2012.07.26 19:37:37 | 000,164,970 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012.07.26 19:37:20 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012.07.26 19:37:18 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012.07.26 19:37:17 | 000,422,016 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012.07.26 19:37:15 | 000,607,196 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012.07.26 19:37:15 | 000,577,226 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012.07.26 19:37:12 | 000,728,298 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012.07.26 19:37:06 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012.07.26 19:37:04 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012.07.26 19:37:02 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012.07.26 19:36:59 | 000,016,256 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012.07.26 19:36:56 | 000,026,506 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012.07.26 19:36:54 | 000,019,016 | ---- | C] (Kingston Technology Company                                                             ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012.07.26 19:36:11 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012.07.26 19:35:43 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012.07.26 19:34:28 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012.07.26 19:34:20 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012.07.26 19:33:58 | 000,028,672 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012.07.26 19:33:56 | 000,082,560 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012.07.26 19:33:54 | 000,017,792 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012.07.26 19:33:42 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012.07.26 19:33:34 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012.07.26 19:33:32 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012.07.26 19:33:28 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012.07.26 19:33:27 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012.07.26 19:33:25 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012.07.26 19:33:24 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012.07.26 19:33:13 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012.07.26 19:33:10 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012.07.26 19:33:09 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012.07.26 19:32:00 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012.07.26 19:31:57 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012.07.26 19:31:50 | 000,029,696 | ---- | C] (CNet Technology, Inc.                                                    ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012.07.26 19:31:48 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012.07.26 19:31:47 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012.07.26 19:31:43 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012.07.26 19:31:42 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012.07.26 19:31:41 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012.07.26 19:31:39 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012.07.26 19:31:23 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012.07.26 19:31:22 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012.07.26 19:31:19 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012.07.26 19:31:01 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012.07.26 19:31:00 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012.07.26 19:30:59 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012.07.26 19:30:59 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012.07.26 19:30:58 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012.07.26 19:30:57 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012.07.26 19:30:56 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012.07.26 19:30:55 | 000,252,928 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012.07.26 19:30:49 | 000,216,576 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012.07.26 19:30:39 | 000,020,864 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012.07.26 19:30:33 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012.07.26 19:30:27 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012.07.26 19:30:27 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012.07.26 19:30:26 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012.07.26 19:30:26 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012.07.26 19:30:25 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012.07.26 19:30:23 | 000,715,210 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012.07.26 19:30:23 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012.07.26 19:30:23 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012.07.26 19:30:22 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012.07.26 19:30:21 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012.07.26 19:30:20 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012.07.26 19:29:51 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012.07.26 19:29:51 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012.07.26 19:29:51 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012.07.26 19:29:50 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012.07.26 19:29:50 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012.07.26 19:29:49 | 000,039,808 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012.07.26 19:29:49 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012.07.26 19:29:48 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012.07.26 19:29:47 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012.07.26 19:29:47 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012.07.26 19:29:46 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012.07.26 19:29:45 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012.07.26 19:29:45 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012.07.26 19:29:45 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012.07.26 19:29:44 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012.07.26 19:29:44 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012.07.26 19:29:43 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012.07.26 19:29:43 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012.07.26 19:29:40 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012.07.26 19:29:38 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012.07.26 19:29:37 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012.07.26 19:29:37 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012.07.26 19:29:36 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012.07.26 19:29:36 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012.07.26 19:29:36 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012.07.26 19:29:35 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012.07.26 19:29:04 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012.07.26 19:29:01 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012.07.26 19:28:49 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012.07.26 19:28:48 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012.07.26 19:28:48 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012.07.26 19:28:47 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012.07.26 19:28:47 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012.07.26 19:28:46 | 000,061,952 | ---- | C] (Farb-Flachbett-Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012.07.26 19:28:43 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012.07.26 19:28:43 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012.07.26 19:28:41 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012.07.26 19:28:41 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012.07.26 19:28:40 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012.07.26 19:19:03 | 000,138,592 | ---- | C] (StorageCraft) -- C:\WINDOWS\System32\drivers\symsnap.sys
[2012.07.26 19:18:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton Ghost
[2012.07.26 19:18:56 | 000,015,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\vproeventmonitor.sys
[2012.07.26 16:13:13 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.26 15:38:16 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DESIGNER
[2012.07.26 15:37:43 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio
[2012.07.25 22:03:48 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.07.25 18:22:54 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.29 07:25:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E668057B-472F-4D7B-B2E1-57E0E78A8C25}.job
[2012.07.29 07:22:27 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012.07.29 07:17:47 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012.07.28 19:48:48 | 000,094,165 | ---- | M] () -- C:\Zweite Abmahnung für 56410969799.7z
[2012.07.28 19:48:23 | 000,110,592 | ---- | M] () -- C:\Zweite Abmahnung für 56410969799.msg
[2012.07.28 19:34:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.28 19:30:00 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.07.28 19:08:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2012.07.27 19:43:22 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.27 18:47:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.27 18:47:32 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.27 18:47:14 | 2106,466,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.26 19:09:45 | 000,002,754 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LUUnInstall.LiveUpdate
[2012.07.26 16:32:57 | 000,001,492 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Rechner.lnk
[2012.07.26 15:41:23 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.23 23:37:26 | 000,004,096 | ---- | M] () -- C:\VSNAP.IDX
[2012.07.10 22:17:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.29 16:35:00 | 004,485,154 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Frau Berger
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.29 07:17:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012.07.28 19:48:48 | 000,094,165 | ---- | C] () -- C:\Zweite Abmahnung für 56410969799.7z
[2012.07.28 19:48:23 | 000,110,592 | ---- | C] () -- C:\Zweite Abmahnung für 56410969799.msg
[2012.07.28 19:08:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2012.07.27 19:43:22 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.26 19:50:24 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2012.07.26 19:50:21 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2012.07.26 19:42:19 | 000,086,097 | ---- | C] () -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2012.07.26 19:41:42 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012.07.26 19:41:39 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012.07.26 19:41:26 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012.07.26 19:40:15 | 000,044,105 | ---- | C] () -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2012.07.26 19:38:13 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012.07.26 19:36:49 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012.07.26 19:35:55 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012.07.26 19:35:54 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012.07.26 19:35:51 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012.07.26 19:35:09 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012.07.26 19:34:26 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012.07.26 19:34:22 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012.07.26 19:34:19 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012.07.26 19:34:15 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012.07.26 19:34:11 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012.07.26 19:33:59 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012.07.26 19:31:46 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012.07.26 19:31:45 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012.07.26 19:31:44 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012.07.26 19:31:41 | 000,031,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012.07.26 19:30:33 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012.07.26 19:29:27 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012.07.26 19:29:26 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012.07.26 19:29:25 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012.07.26 19:29:24 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012.07.26 19:29:23 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012.07.26 19:29:23 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012.07.26 19:29:22 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012.07.26 19:29:22 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012.07.26 19:29:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012.07.26 19:29:13 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012.07.26 19:09:45 | 000,002,754 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LUUnInstall.LiveUpdate
[2012.02.20 17:09:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.24 15:38:52 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin0407.exe
[2011.10.29 17:19:05 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2011.10.29 17:17:01 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2010.11.15 22:43:24 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010.11.15 22:43:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010.11.15 22:43:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010.11.15 22:43:24 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010.11.15 22:43:24 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010.11.15 22:43:24 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010.11.15 22:43:24 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010.11.15 22:43:24 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010.11.15 22:43:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010.11.15 22:43:24 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010.11.15 22:43:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010.11.15 22:43:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010.11.15 22:43:24 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010.11.15 22:43:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010.11.15 22:43:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010.11.15 22:43:24 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010.11.15 22:43:24 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010.11.15 22:43:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010.11.15 22:43:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010.10.16 21:25:51 | 000,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.04.28 12:48:10 | 000,000,675 | ---- | C] () -- C:\Dokumente und Einstellungen\***\reader.ini
[2009.04.11 20:12:40 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.10 10:31:51 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== LOP Check ==========
 
[2012.02.11 22:19:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2009.06.01 11:55:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix
[2011.01.16 20:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic
[2011.10.27 18:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings
[2012.07.25 14:56:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WAHLKONZEPT_P
[2011.10.29 17:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2010.05.04 06:17:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.07.25 14:56:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2011.06.03 18:52:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Anthropics
[2012.07.25 14:56:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DocumentsToGoDesktop
[2011.06.03 19:07:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IN-MEDIAKG
[2011.06.03 19:07:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\mresreg
[2009.06.24 14:44:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Toshiba
[2010.05.09 17:24:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search
[2010.12.09 18:21:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search
[2012.07.28 19:30:00 | 000,000,224 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012.07.29 07:25:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E668057B-472F-4D7B-B2E1-57E0E78A8C25}.job
 
========== Purity Check ==========

< End of report >
         
Die OTL-extras:
---------------
Code:
ATTFilter
OTL Extras logfile created on: 29.07.2012 07:23:07 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 64,27% Memory free
3,81 Gb Paging File | 3,14 Gb Available in Paging File | 82,47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 158,17 Gb Free Space | 67,92% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Office\Office12\OUTLOOK.EXE" = C:\Programme\Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPMON.exe" = C:\Programme\LANCOM-Systems\Advanced VPN Client\NCPMON.exe:*:Enabled:ncpmon.exe -- (NCP engineering GmbH)
"C:\Programme\LANCOM\LANconfig\lanconf.exe" = C:\Programme\LANCOM\LANconfig\lanconf.exe:*:Enabled:LANconfig -- (LANCOM Systems GmbH, Würselen (Germany))
"C:\Programme\Citrix\Secure Access Client\nsload.exe" = C:\Programme\Citrix\Secure Access Client\nsload.exe:*:Enabled:Citrix AGEE Client -- (Citrix Systems, Inc)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41241757-781F-41E3-A2E7-BD8B37E355CA}" = WAHLKONZEPT (P)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A345E562-C6F1-4F6B-9F91-FB18A007F321}" = Citrix Access Gateway Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"7-Zip" = 7-Zip 9.28 alpha
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"DTGDesktop" = Documents To Go Desktop for iPhone
"EC2000 A4" = EC2000 A4
"FotoWorks XL_is1" = FotoWorks XL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"LANconfig" = LANconfig
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360 Premier Edition
"NCP RWS/GA" = LANCOM Advanced VPN Client
"PortraitProfessional9Trial_is1" = Portrait Professional 9.8 Test
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"Wdf01000" = Microsoft Kernel-Mode Driver Framework 1.0
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.07.2012 13:08:30 | Computer Name = *** | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 vproconsole.exe, P2 9.0.0.0, P3 4b8e6cf9, P4
 system.configuration, P5 2.0.0.0, P6 4889de74, P7 277, P8 14, P9 ioibmurhynrxkw0zxkyrvfn0boyyufow,
 P10 NIL.
 
Error - 25.07.2012 13:08:57 | Computer Name = *** | Source = Norton Ghost | ID = 1000
Description = 
 
Error - 25.07.2012 13:09:00 | Computer Name = *** | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 vproconsole.exe, P2 9.0.0.0, P3 4b8e6cf9, P4
 system.configuration, P5 2.0.0.0, P6 4889de74, P7 277, P8 14, P9 ioibmurhynrxkw0zxkyrvfn0boyyufow,
 P10 NIL.
 
Error - 26.07.2012 05:12:10 | Computer Name = *** | Source = Norton Ghost | ID = 1000
Description = 
 
Error - 26.07.2012 05:12:29 | Computer Name = *** | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 vproconsole.exe, P2 9.0.0.0, P3 4b8e6cf9, P4
 system.configuration, P5 2.0.0.0, P6 4889de74, P7 277, P8 14, P9 ioibmurhynrxkw0zxkyrvfn0boyyufow,
 P10 NIL.
 
Error - 26.07.2012 05:17:38 | Computer Name = *** | Source = MsiInstaller | ID = 11719
Description = Produkt: Microsoft Office Excel MUI (German) 2007 -- Fehler 1719. 
Auf den Windows Installer-Dienst konnte nicht zugegriffen werden. Dies kann auftreten,
 wenn Windows im abgesicherten Modus ausgeführt wird oder wenn der Windows Installer
 nicht korrekt installiert wurde. Setzen Sie sich mit dem Supportpersonal in Verbindung,
 um weitere Unterstützung zu erhalten.
 
Error - 26.07.2012 13:26:49 | Computer Name = *** | Source = Norton Ghost | ID = 1000
Description = 
 
Error - 26.07.2012 13:56:35 | Computer Name = *** | Source = Norton Ghost | ID = 1000
Description = 
 
Error - 26.07.2012 13:57:02 | Computer Name = *** | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 vproconsole.exe, P2 9.0.0.0, P3 4ac5720c, P4
 system.configuration, P5 2.0.0.0, P6 4889de74, P7 277, P8 14, P9 ioibmurhynrxkw0zxkyrvfn0boyyufow,
 P10 NIL.
 
Error - 29.07.2012 01:02:45 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung rwsrsu.exe, Version 3.0.2.0, fehlgeschlagenes
 Modul rwsrsu.exe, Version 3.0.2.0, Fehleradresse 0x000425dc.
 
[ OSession Events ]
Error - 13.06.2010 10:35:40 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.08.2011 02:04:23 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1070
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 28.08.2011 02:05:58 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 37
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.12.2011 16:09:31 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 194
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25.07.2012 08:58:34 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: 2147749155 (0x80040D23).
 
Error - 25.07.2012 08:58:57 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows
 Search.
 
Error - 25.07.2012 08:58:57 | Computer Name = *** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "WSearch"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error - 25.07.2012 08:58:57 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 25.07.2012 09:08:19 | Computer Name = *** | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "C:" aus.
 
Error - 26.07.2012 06:06:38 | Computer Name = *** | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.130 für die Netzwerkkarte mit der Netzwerkadresse
 001F16035597 wurde durch  den DHCP-Server 192.168.0.10 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 26.07.2012 09:26:58 | Computer Name = *** | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 27.07.2012 12:48:05 | Computer Name = *** | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 29.07.2012 01:02:46 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "rwsrsu" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error - 29.07.2012 01:23:36 | Computer Name = *** | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NAS1",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7D74EC76-2933-4666-9F60-Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
< End of report >
         
Das GMER-Log:
---------------
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-29 08:42:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0
Running: gmer.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\kwliqpow.sys


---- System - GMER 1.0.15 ----

SSDT            88E81B70                                                                                    ZwAlertResumeThread
SSDT            88E841A8                                                                                    ZwAlertThread
SSDT            88FFF4B8                                                                                    ZwAllocateVirtualMemory
SSDT            88E790B0                                                                                    ZwAssignProcessToJobObject
SSDT            84E23118                                                                                    ZwConnectPort
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwCreateKey [0x9968F710]
SSDT            8887EE28                                                                                    ZwCreateMutant
SSDT            89649350                                                                                    ZwCreateSymbolicLinkObject
SSDT            892D8FB0                                                                                    ZwCreateThread
SSDT            88EEE240                                                                                    ZwDebugActiveProcess
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwDeleteKey [0x9968F990]
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwDeleteValueKey [0x9968FEF0]
SSDT            892F4850                                                                                    ZwDuplicateObject
SSDT            88852C90                                                                                    ZwFreeVirtualMemory
SSDT            88F050C0                                                                                    ZwImpersonateAnonymousToken
SSDT            88EBD350                                                                                    ZwImpersonateThread
SSDT            88F4B0C0                                                                                    ZwLoadDriver
SSDT            88849B88                                                                                    ZwMapViewOfSection
SSDT            88F450C0                                                                                    ZwOpenEvent
SSDT            8940C078                                                                                    ZwOpenProcess
SSDT            88867220                                                                                    ZwOpenProcessToken
SSDT            88F1FB30                                                                                    ZwOpenSection
SSDT            84E28168                                                                                    ZwOpenThread
SSDT            89451360                                                                                    ZwProtectVirtualMemory
SSDT            88EA11D8                                                                                    ZwResumeThread
SSDT            89076110                                                                                    ZwSetContextThread
SSDT            888B9E28                                                                                    ZwSetInformationProcess
SSDT            88ED7488                                                                                    ZwSetSystemInformation
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwSetValueKey [0x99690140]
SSDT            88EAB0C0                                                                                    ZwSuspendProcess
SSDT            88EE41A8                                                                                    ZwSuspendThread
SSDT            88866638                                                                                    ZwTerminateProcess
SSDT            890761A8                                                                                    ZwTerminateThread
SSDT            88934240                                                                                    ZwUnmapViewOfSection
SSDT            88F56280                                                                                    ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2C0C                                                        805044C4 8 Bytes  [70, 1B, E8, 88, A8, 41, E8, ...]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2FD0                                                        80504888 8 Bytes  JMP EE41A888 
?               SYMDS.SYS                                                                                   Das System kann die angegebene Datei nicht finden. !
?               SYMEFA.SYS                                                                                  Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\SearchIndexer.exe[2052] kernel32.dll!WriteFile                          7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] ntdll.dll!NtMapViewOfSection              7C91D51E 5 Bytes  JMP 03290048 
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] ntdll.dll!NtSetInformationProcess         7C91DC9E 5 Bytes  JMP 0329012A 
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] kernel32.dll!VirtualProtectEx + 6E        7C801ACF 7 Bytes  JMP 03290676 
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] kernel32.dll!ReadProcessMemory + 3E       7C80220E 7 Bytes  JMP 032903D0 
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] kernel32.dll!lstrlenW + 43                7C809AEC 7 Bytes  JMP 03290594 
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] kernel32.dll!CreateRemoteThread + 206     7C8106D2 7 Bytes  JMP 032902EE 
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] kernel32.dll!GetVersionExA + D3           7C812C51 7 Bytes  JMP 03290758 
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] kernel32.dll!GetProcessHandleCount + 35   7C86229F 7 Bytes  JMP 032904B2 
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxParamW                7E3747AB 5 Bytes  JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!SetWindowsHookExW              7E37820F 5 Bytes  JMP 41269A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!CallNextHookEx                 7E37B3C6 5 Bytes  JMP 4125D0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!CreateWindowExW                7E37D0A3 5 Bytes  JMP 4126DAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!UnhookWindowsHookEx            7E37D5F3 5 Bytes  JMP 411D466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxIndirectParamW        7E382072 5 Bytes  JMP 41367207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxIndirectA            7E38A082 5 Bytes  JMP 41367139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxParamA                7E38B144 5 Bytes  JMP 413671A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxExW                  7E3A0838 5 Bytes  JMP 4136700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxExA                  7E3A085C 5 Bytes  JMP 4136706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxIndirectParamA        7E3A6D7D 5 Bytes  JMP 4136726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxIndirectW            7E3B64D5 5 Bytes  JMP 413670CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] ole32.dll!CreateBindCtx + B5F             774CF15F 7 Bytes  JMP 0329091C 
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] ole32.dll!CoCreateInstance                774CF1BC 5 Bytes  JMP 4126DB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] ole32.dll!CoImpersonateClient + 51        774E5200 7 Bytes  JMP 0329083A 
.text           C:\Programme\Internet Explorer\iexplore.exe[2388] ole32.dll!OleLoadFromStream               774F983B 5 Bytes  JMP 4136756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamW                7E3747AB 5 Bytes  JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!CreateWindowExW                7E37D0A3 5 Bytes  JMP 4126DAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamW        7E382072 5 Bytes  JMP 41367207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectA            7E38A082 5 Bytes  JMP 41367139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamA                7E38B144 5 Bytes  JMP 413671A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExW                  7E3A0838 5 Bytes  JMP 4136700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExA                  7E3A085C 5 Bytes  JMP 4136706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamA        7E3A6D7D 5 Bytes  JMP 4136726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectW            7E3B64D5 5 Bytes  JMP 413670CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                      symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                    SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                     Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                     Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                   SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                      symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                   SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                 SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
         

Alt 30.07.2012, 14:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermutlicher Befall mit Verschlüsselungstrojaner - Standard

Vermutlicher Befall mit Verschlüsselungstrojaner



Zitat:
Die Frage ist, wie oder mit welchem Tool könnte man die verschlüsselten Dateien wieder herstellen ?
Wozu haben wir die Hinweise oben? Da steht doch oben alles!

Eine Entschlüsselung ist unwahrscheinlich bis unmöglich!

Zitat:
3. Bei Dateien wie locked-<DATEINAME>.<ENDUNG>.wxyz entschlüsseln:Übersicht der 8 Entschlüsselungs-Tools
ansonsten Daten retten / Daten wiederherstellen: Daten retten nach Verschlüsselungstrojaner
Wenn das keine einfache Verschlüsselung mit "locked-" im Dateinamen ist, sollte man sich um Datenrettung und nicht um Entschlüsselung kümmern!
Wenn Vista oder Win7 im Einsatz sind, den ShadowExplorer testen! Aber keine unnötige Zeit mit Entschlüsselungsversuchen verschwenden

Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html
__________________

__________________

Antwort

Themen zu Vermutlicher Befall mit Verschlüsselungstrojaner
anderen, avira, befall, bilder, dateien, einfach, entfernt, erkennen, excel, fehlermeldungen, frage, gen, google earth, hewlett packard, hotkey.sys, launch, mail, malwarebytes, msiinstaller, namen, norton, norton 360, notebook, ntdll.dll, office 2007, powerpoint, programme, schädling, searchscopes, spuren, tool, verschiedene, welchem, windows internet, word 2003, wsearch



Ähnliche Themen: Vermutlicher Befall mit Verschlüsselungstrojaner


  1. Vermutlicher Virus / Trojaner / Malware, langsames System, Popups in div. Browsern
    Plagegeister aller Art und deren Bekämpfung - 06.12.2014 (19)
  2. Windows 7: Vermutlicher Schädlingsbefall, keine Videos abspielbar
    Log-Analyse und Auswertung - 20.06.2014 (13)
  3. Vermutlicher Trojaner/Rat/Stealer "RtVOsd.exe" oder ein anderes Programm (klicken im Hintergrund und cmd überträgt dateien ohne Auforderung)
    Plagegeister aller Art und deren Bekämpfung - 05.03.2013 (12)
  4. Belgian Cybercrime Unit: Befall mit Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 05.01.2013 (21)
  5. Alle Dateien versteckt nach Befall mit S.M.A.R.T Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (50)
  6. Befall Verschlüsselungstrojaner 256bit AES - Wer kann mir beim Fix helfen?
    Log-Analyse und Auswertung - 30.06.2012 (1)
  7. Vorgehensweise nach Verschlüsselungstrojaner-Befall
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (3)
  8. Verschlüsselungstrojaner Befall
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  9. Befall Verschlüsselungstrojaner 256bit AES
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  10. Befall vom Windows Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  11. Verschlüsselungstrojaner...
    Log-Analyse und Auswertung - 28.05.2012 (11)
  12. Verschlüsselungstrojaner: Windowsdateien sind verschlüsselt nach Befall
    Plagegeister aller Art und deren Bekämpfung - 24.05.2012 (2)
  13. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 27.04.2012 (3)
  14. vermutlicher Trojaner automatisch über ICQ verschickt worden
    Log-Analyse und Auswertung - 21.04.2010 (10)
  15. Vermutlicher Trojaner in Last Minute
    Plagegeister aller Art und deren Bekämpfung - 22.03.2007 (1)
  16. vermutlicher Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.02.2007 (1)
  17. Softwareproblem / vermutlicher Befall
    Antiviren-, Firewall- und andere Schutzprogramme - 27.11.2006 (4)

Zum Thema Vermutlicher Befall mit Verschlüsselungstrojaner - Hallo liebe Gemeinde, das Notebook meines Bekannten wurde vermutlich durch einen Verschlüsselungstrojaner kompromitiert. Die zugehörige Mail mit der Anlage habe ich bereits zugesendet. Meine Scans mit Avira, Norton 360 und - Vermutlicher Befall mit Verschlüsselungstrojaner...
Archiv
Du betrachtest: Vermutlicher Befall mit Verschlüsselungstrojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.