Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
BKA-Trojaner - mit OTLPE von CD gebootet - was nun?

BKA-Trojaner - mit OTLPE von CD gebootet - was nun?


Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner - mit OTLPE von CD gebootet - was nun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 13.08.2011, 17:25   #1
Massivo
 
BKA-Trojaner - mit OTLPE von CD gebootet - was nun? - Standard

BKA-Trojaner - mit OTLPE von CD gebootet - was nun?


Hallo zusammen,

auch ich bin leider seit kurzem vom BKA-Trojaner befallen. Weißer Bildschirm mit Zahlungsaufforderung und das komplette Betriebssystem gesperrt, ist ja mittlerweile allgemein bekannt.
Hatte schon ein wenig hier im Forum gelesen und bin auf eine Anleitung mit Starten im abgesicherten Modus mit Eingabeaufforderung und ausführen von srep.exe gestoßen. Das habe ich auch versucht, srep.exe hat bei mir aber leider nicht funktioniert.

Fehlermeldung von srep:
Line9671 (File"G:\srep.exe"):

Error: Variable used without being declared.

Danach habe ich es mit Booten per OTLPE-CD versucht, was geklappt hat. Den Scan habe ich bereits ausgeführt. Es wurde allerdings nur eine Datei OTL.txt ausgegeben und nicht extras.txt, die laut einer anderen Anleitung hier im Board normalerweise auch erstellt werden soll.

Anbei der Code der OTL.txt
Code:
ATTFilter
OTL logfile created on: 8/13/2011 6:58:46 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 61.73 Gb Free Space | 53.01% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 139.48 Gb Free Space | 41.68% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/09/17 15:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto] -- C:\Windows\System32\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/08/22 05:37:45 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/08/22 05:37:45 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/08/22 05:03:13 | 000,838,528 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 04:08:40 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/06/10 16:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011/05/25 11:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto] -- D:\Programme\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/01/25 02:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/09/14 21:03:42 | 000,044,312 | ---- | M] () [Auto] -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/09/02 03:46:18 | 000,192,000 | ---- | M] (IVT Corporation) [On_Demand] -- D:\Programme\Bluetooth Adapter\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009/09/02 03:41:24 | 001,466,476 | ---- | M] (IVT Corporation) [Auto] -- D:\Programme\Bluetooth Adapter\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009/07/21 08:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- D:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/15 21:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/13 10:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- D:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/03/31 06:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/06/10 16:42:42 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010/04/16 02:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/05 12:16:49 | 000,314,016 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/04/05 12:16:49 | 000,043,680 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/11/25 06:19:02 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/10/04 21:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/04 01:39:07 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/08/28 10:05:00 | 000,043,912 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV:64bit: - [2009/08/28 10:04:44 | 000,047,880 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2009/08/26 05:18:20 | 000,034,440 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009/08/26 05:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009/08/26 05:16:44 | 000,024,840 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\Windows\System32\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009/08/26 05:16:20 | 000,017,032 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV:64bit: - [2009/08/22 05:38:33 | 001,883,152 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2009/08/22 05:38:33 | 000,258,064 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2009/08/22 05:38:33 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/08/22 05:38:33 | 000,042,000 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2009/08/21 02:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/07/20 05:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/06/26 16:25:09 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/18 16:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/17 08:02:44 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/20 04:11:05 | 001,799,680 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/12 21:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/03/18 11:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/02/24 13:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/12/08 12:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/05/23 12:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 15:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009/02/24 13:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Hannes_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\Hannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\Hannes_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\Hannes_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.01.25
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.1.3
 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.0.3: D:\Programme\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011/02/08 10:21:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011/06/22 19:02:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011/06/22 19:02:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011/06/22 19:02:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011/06/22 19:02:38 | 000,000,000 | ---D | M]
 
[2009/12/25 15:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\Mozilla\Extensions
[2011/08/11 10:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\yqiqk3k9.default\extensions
[2010/06/11 13:17:33 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\yqiqk3k9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/02/13 10:38:35 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\yqiqk3k9.default\extensions\vshare@toolbar
[2011/02/08 10:21:48 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2010/04/15 16:37:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2010/01/01 11:36:04 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\Hannes_ON_C\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [BtTray] D:\Programme\Bluetooth Adapter\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Setwallpaper]  File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\Hannes_ON_C..\Run: [avupdate] C:\Users\Hannes\AppData\Roaming\jashla.exe (Watts Pavlovian Damon Angora Nostrand Pablo)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk ()
O4 - Startup: C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Hannes_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Hannes_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{64f9e8a0-d30e-11de-9476-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{64f9e8a0-d30e-11de-9476-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/08/11 10:56:20 | 000,171,520 | ---- | C] (Watts Pavlovian Damon Angora Nostrand Pablo) -- C:\Users\Hannes\AppData\Roaming\jashla.exe
[2011/08/10 03:12:36 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/10 03:12:36 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/10 03:12:35 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/10 03:12:35 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/10 03:12:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/10 03:12:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/10 03:12:35 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/10 03:12:35 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/10 03:12:35 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/10 03:11:50 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
[2011/08/10 03:11:50 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 03:11:49 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2011/08/10 03:11:49 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow64win.dll
[2011/08/10 03:11:49 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/10 03:11:49 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow64.dll
[2011/08/10 03:11:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/10 03:11:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntvdm64.dll
[2011/08/10 03:11:49 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/10 03:11:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow64cpu.dll
[2011/08/10 03:11:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/10 03:11:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/10 03:11:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 03:11:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 03:11:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 03:11:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 03:11:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 03:11:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 03:11:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 03:11:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 03:11:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 03:11:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 03:11:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 03:11:47 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 03:11:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 03:11:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 03:11:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 03:11:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 03:11:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 03:11:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 03:11:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 03:11:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 03:11:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 03:11:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 03:11:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 03:11:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 03:11:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 03:11:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 03:11:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 03:11:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 03:11:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 03:11:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 03:11:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 03:11:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 03:11:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 03:11:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 03:11:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/10 03:11:30 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/10 03:11:30 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/08/10 03:11:30 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 03:11:30 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 03:11:29 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/10 03:11:29 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/10 03:11:29 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/10 03:11:29 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/10 03:11:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/10 03:11:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/10 03:11:29 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2011/08/10 03:11:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/10 03:11:29 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/10 03:11:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/10 03:11:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/10 03:11:29 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/10 03:11:02 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 03:11:01 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/10 03:11:00 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/07/27 11:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2008/08/12 01:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/08/13 09:33:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/13 09:19:49 | 000,654,096 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/08/13 09:19:49 | 000,615,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/13 09:19:49 | 000,130,952 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/08/13 09:19:49 | 000,107,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/13 09:09:43 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/13 09:07:39 | 000,005,050 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2011/08/13 09:07:26 | 000,000,905 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2011/08/11 12:05:15 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\tmvsthfud.bin
[2011/08/11 12:05:15 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\tmvsthfss.bin
[2011/08/11 11:36:37 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/11 11:36:37 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/11 11:11:21 | 000,002,074 | ---- | M] () -- C:\Windows\System32\AutoRunFilter.ini
[2011/08/11 10:56:20 | 000,171,520 | ---- | M] (Watts Pavlovian Damon Angora Nostrand Pablo) -- C:\Users\Hannes\AppData\Roaming\jashla.exe
[2011/08/11 02:59:54 | 000,001,135 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk
[2011/07/27 11:44:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2011/07/16 01:26:54 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wow64win.dll
[2011/07/16 01:26:53 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wow64.dll
[2011/07/16 01:26:53 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wow64cpu.dll
[2011/07/16 01:26:18 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/16 01:24:09 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm64.dll
[2011/07/16 01:21:32 | 001,162,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2011/07/16 01:21:32 | 000,422,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
[2011/07/16 01:17:46 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/07/16 01:04:54 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/07/16 01:04:54 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/07/16 01:04:54 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/16 01:04:54 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/16 01:04:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/16 01:04:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/07/16 01:04:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/16 01:04:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/16 01:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/07/16 00:36:09 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/16 00:31:50 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/16 00:30:29 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/16 00:19:58 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/16 00:19:58 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/16 00:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/16 00:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/16 00:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/16 00:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/16 00:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/16 00:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/15 22:26:12 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/15 22:26:11 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/15 22:21:47 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/15 22:21:47 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/15 22:21:47 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/15 22:21:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
 
========== Files Created - No Company Name ==========
 
[2011/05/17 11:22:54 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/10/08 14:05:05 | 000,000,876 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2010/10/08 14:04:52 | 000,000,140 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2010/10/08 14:02:19 | 000,005,050 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2010/10/08 14:02:17 | 000,000,099 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2010/10/08 13:55:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2010/04/15 16:38:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/20 06:15:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/19 17:03:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/12/26 06:43:01 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/12/25 09:39:04 | 000,000,094 | ---- | C] () -- C:\Users\Hannes\AppData\Local\fusioncache.dat
[2009/12/24 10:16:17 | 007,256,062 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/16 20:06:24 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/09/07 09:42:42 | 000,000,905 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2009/09/02 03:39:46 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2009/08/19 04:33:09 | 000,018,944 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 04:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 01:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/01 04:10:50 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/06/19 14:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/08 14:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/12/01 22:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/05/22 12:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2006/05/18 23:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2009/12/26 06:40:16 | 000,000,000 | -HSD | M] -- C:\Users\Hannes\AppData\Roaming\.#
[2009/12/24 08:02:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Asus WebStorage
[2011/08/03 09:59:58 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Azureus
[2009/12/26 06:39:51 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\GameConsole
[2010/01/03 14:34:12 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\OpenOffice.org
[2011/02/14 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Swiss Academic Software
[2010/04/05 12:45:13 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Ubisoft
[2009/11/16 20:21:11 | 000,000,000 | ---D | M] -- C:\ProgramData\AmUStor
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/12/26 06:30:01 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
[2010/09/07 13:22:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/10/28 19:15:32 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2010/10/28 19:15:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/02/14 19:12:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Gibraltar
[2010/06/25 05:08:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Last.fm
[2009/11/16 20:21:55 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G
[2010/10/28 18:46:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/02/08 10:21:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Swiss Academic Software
[2009/11/16 19:48:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/11/16 19:27:58 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/06/11 13:14:32 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/06/15 14:17:30 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
Es wurde auch eine jashla.exe gefunden, die ja vom BKA-Trojaner stammt. Wurde diese nun schon gelöscht bzw unschädlich gemacht, oder muss ich noch andere Maßnahmen ergreifen? Was ist als nächstes zu tun, um dem Trojaner Herr zu werden?

Müsste mein infizierter Laptop mittlerweile zumindest wieder normal booten können? Habe es noch nicht ausprobiert und poste momentan von einem anderen PC.

Über eure Hilfe würde ich mich sehr freuen!

Vielen Dank im Voraus und viele Grüße
Hannes

 

Themen zu BKA-Trojaner - mit OTLPE von CD gebootet - was nun?
0x00000001, antivir, avira, bho, bildschirm, bonjour, booten, browser, conduit, defender, desktop, explorer, extras.txt, file, firefox, format, gesperrt, gfnexsrv.exe, helper, home, logfile, maßnahme, nvidia, otl.txt, plug-in, programme, reatogo, registry, scan, sched.exe, security, software, srep.exe, start menu, starten, version=1.0, webcheck, zahlungsaufforderung


« habe auch den BKA-Trojana | Internet/Seitenaufbau ist nach dem Systemstart oft (nicht immer) extrem langsam »


Ähnliche Themen: BKA-Trojaner - mit OTLPE von CD gebootet - was nun?


  1. BKA Trojaner OTLPE File
    Plagegeister aller Art und deren Bekämpfung - 10.05.2014 (8)
  2. Trojaner Bundespolizei und OTLPE
    Plagegeister aller Art und deren Bekämpfung - 31.08.2013 (11)
  3. Polizei Trojaner Schweiz - Laptop kann nicht mehr gebootet werden
    Log-Analyse und Auswertung - 11.04.2013 (6)
  4. BKA Trojaner: Otlpe fix.txt
    Log-Analyse und Auswertung - 09.04.2013 (8)
  5. GVU Trojaner eingefangen und habe bereits mit OTL Bootdatei gebootet
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (18)
  6. weisser bildschirm auch im abgesicherten modus otlpe gebootet
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (11)
  7. AKM-Trojaner, OTLPE
    Log-Analyse und Auswertung - 31.05.2012 (20)
  8. GVU Trojaner, OTLPE von Cd
    Plagegeister aller Art und deren Bekämpfung - 28.03.2012 (17)
  9. (2x) GVU Trojaner, OTLPE von Cd
    Mülltonne - 26.03.2012 (3)
  10. GEMA-Trojaner, mit OTL gebootet, hier ist die otl.txt
    Log-Analyse und Auswertung - 25.03.2012 (4)
  11. BKA und GEMA Virus auf dem Laptop. Mit OTLPE gebootet,hier die Log Files bzw OTL.txt
    Log-Analyse und Auswertung - 24.03.2012 (1)
  12. Dell Laptop hat nicht mehr gebootet
    Plagegeister aller Art und deren Bekämpfung - 18.02.2012 (19)
  13. Nach langer Zeit Vista Gebootet mit Bluescreen!
    Alles rund um Windows - 04.02.2012 (11)
  14. BKA-Trojaner - Probleme mit OTLPE
    Plagegeister aller Art und deren Bekämpfung - 08.08.2011 (4)
  15. OTLPE log bei BKA-Trojaner
    Log-Analyse und Auswertung - 15.07.2011 (7)
  16. BKA-Trojaner OTLPE-Log-Auswertung
    Log-Analyse und Auswertung - 03.07.2011 (37)
  17. eeePC nach Bundespolizei-Trojaner mit REATOGO gebootet - wie geht's nun weiter?
    Log-Analyse und Auswertung - 01.07.2011 (31)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA-Trojaner - mit OTLPE von CD gebootet - was nun? - Hallo zusammen, auch ich bin leider seit kurzem vom BKA-Trojaner befallen. Weißer Bildschirm mit Zahlungsaufforderung und das komplette Betriebssystem gesperrt, ist ja mittlerweile allgemein bekannt. Hatte schon ein wenig hier - BKA-Trojaner - mit OTLPE von CD gebootet - was nun?...
Archiv
Du betrachtest: BKA-Trojaner - mit OTLPE von CD gebootet - was nun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131