Bundespolizeit 2.0 Explorer.exe

markusg · 21.11.2011, 17:36

Erstellen wir einen bootbaren USB Stick für OTLPE

Wichtig:
Der USB Stick muss mindestens 512 MB oder mehr haben. Sichere gegebenfalls alle Dateien von dem USB Stick, diese werden nach den folgenden Schritten nicht
mehr vorhanden sein.

Downloade dir OTLPEstd.exe und speichere die Datei auf dem Desktop.
Solltest
Du kein 7-zip oder Winrar auf deinem System haben, lade dir 7-zip herunter und installiere
es.
Nach der Installation von 7-zip, extrahiere OTLPEstd mit einem Rechtsklick auf OTLPE.iso und wähle Entpacken nach "OTLPEstd\".

Nun öffne bitte den Ordner OTLPEStd und mache einen Rechtklick auf die OTLPE_New_Std.iso und wähle in 7zip Dateien entpacken

Entpacke die Dateien in einen Ordner ( OTLPE ) auf dem Desktop. Nehme bitte ebenfalls die Einstellung wie im Bild vor.

Downloade dir eeepcfr.zip und entpacke die Datei nach Systemroot (meistens
C:\).

Leere den USB Stick auf den Du OTLPE erstellen willst.
Navigiere nach C:\eeecpfr und starte usb_prep8.cmd.
Drücke
im DOS Fenster eine beliebige Taste.
Gehe nun sicher das der richtige Laufwerksbuchstabe deines USB Sticks ganz oben steht.
Für Drive Label: gib ein OTLPE.
Unter Source Path to built BartPE/WinPE Files klicke ... und wähle den vorher erstellten OTLPE Ordner .
Setze ein Häckchen bei Enable File Copy.
Klicke Start, akzeptiere die Nutzungsbestimmungen.

Nun kannst Du mit dem USB Stick dein System starten!

Nun boote von mit der OTLPE USB Stick.
Hinweis: Wie boote ich von CD (einfach statt ner CD USB Device
auswählen)

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Wenn Du gefragt
wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s)
for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt
und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste
den Inhalt von C:\OTL.Txt und Extras.Txt.

PeterPeter77 · 27.11.2011, 23:05

Ich kann es nicht entpacken, da es eine Direkte Instalation ist und mich dann fragt you want Burn this CD?

PeterPeter77 · 27.11.2011, 23:06

Also es gibt dadurch auch keine ISO datei die ich finden kann.

markusg · 28.11.2011, 11:54

na ist doch richtig, doppelklicken und dann wird gebrannt

PeterPeter77 · 28.11.2011, 18:11

Ich habs mehrmals versucht, aber die Einleitung ist ihrgednwie veraltete mir werden ganz andere Dinge angezeigt, gibt es auch eine andere möglichkeit?

markusg · 28.11.2011, 18:13

also so veraltet kann sie eig nicht sein, nutze die immer und keiner weiter hatte probleme, wo scheiterts?

PeterPeter77 · 28.11.2011, 18:15

So sieht bei mit die OTLPEStd Datei aus, als ich nur Doppelklick gemacht habe, also zum Entpacken gab es nichts

markusg · 28.11.2011, 18:19

hast du die
OTLPEstd.exe
genutzt oder den ersten download
wenn nicht brenne die cd halt mal bei nem bekannten...

PeterPeter77 · 30.11.2011, 11:51

Ich habe es grad mit der CD versucht, ka ob es geklappt hat.
Hab jetzt mein Laptop hochgefahren und jetzt komme ich auf meinen Desktop, also der Banner von der Bundespolizei erscheint nicht, stattdessen kann ich aber auf nichts mehr klicken.

Es ist alles da, nur unklickbar bzw aufrufbar

markusg · 30.11.2011, 11:54

geht denn nen rechtsklick, ansicht, symbole einblenden.
dann sollte es wieder klickbar sein

PeterPeter77 · 30.11.2011, 13:32

Bin jetzt bei reatogo desktop, aber wenn ich auf die otlpe.ee gehe soll ich nn folder bestimmen egal was ich klicke, bekomme die fehlermeldung: target ist not windows 2000 or later

markusg · 30.11.2011, 13:54

suche mal unter computer bzw arbeitsplatz das richtige laufwerk, dann das menü öffnen und auf windows klicken dann gehts

PeterPeter77 · 30.11.2011, 14:17

So jetzt hat alles geklappt, nur noch ein Problem ich habe die Txt Datei gefunden, aber nun wird mein USP Stick nicht angezeigt.

Es erscheint das "sicher entfernen" symbol, aber am Arbeitsplatz nichts..

markusg · 30.11.2011, 15:33

versuch nen andern steckplatz oder nen andern stick,oder prüfe ob du an dem pc internet verbindung hast und kopiere dann das log von dem infiziertem pc aus hier her

PeterPeter77 · 01.12.2011, 13:40

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11/30/2011 2:06:39 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 8.73 Gb Free Space | 5.86% Space Free | Partition Type: NTFS
Drive D: | 69.33 Gb Total Space | 42.44 Gb Free Space | 61.22% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (clr_optimization_v4.0.30319_32)
SRV - [2011/11/21 06:13:21 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/18 05:26:07 | 003,313,752 | ---- | M] () [Auto] -- C:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/09/22 13:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011/06/01 07:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/05 13:04:56 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/09 12:13:25 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/08/20 09:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 09:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/03/17 23:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/31 22:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/21 05:17:02 | 000,017,408 | ---- | M] () [Auto] -- C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV - [2007/10/02 23:53:00 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/07/23 18:59:11 | 000,140,568 | ---- | M] (Infineon Technologies AG) [Auto] -- C:\Windows\System32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/02/06 12:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/21 05:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (EagleNT)
DRV - [2011/06/10 15:42:41 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010/07/15 02:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 02:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/01/28 09:26:48 | 000,141,312 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2010/01/28 09:26:44 | 000,134,656 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk)
DRV - [2010/01/28 09:26:40 | 000,185,344 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV - [2009/12/14 09:59:05 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/22 07:47:05 | 000,786,576 | ---- | M] (DiBcom SA) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009/07/22 07:47:05 | 000,020,496 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
DRV - [2009/06/09 12:13:25 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 03:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/09/19 07:02:17 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/08/28 16:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/06/03 01:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/05/29 12:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008/05/02 00:59:39 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/22 11:36:31 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/20 23:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/15 19:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/20 21:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/12/18 19:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007/10/01 01:59:45 | 001,769,984 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/07/30 13:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 12:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/24 13:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/07/23 18:59:13 | 000,038,816 | ---- | M] (Infineon Technologies AG) [Kernel | System] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007/06/16 23:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2006/12/14 02:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2004/11/29 10:53:18 | 000,258,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZD1211U.sys -- (ZD1211U(WLAN)) WLAN ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(WLAN)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer Inc.
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Anosch_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer Inc.
IE - HKU\Anosch_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\Anosch_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Anosch_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Anosch_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071301000019
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Anosch\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 14:25:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/28 06:52:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Anosch\AppData\Roaming\5042 [2011/11/17 04:53:10 | 000,000,000 | ---D | M]
 
[2008/09/18 12:35:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anosch\AppData\Roaming\Mozilla\Extensions
[2011/10/28 07:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\extensions
[2010/10/29 09:49:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/24 15:48:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/05/24 15:48:31 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009/01/29 04:08:05 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\extensions\moveplayer@movenetworks.com
[2010/06/21 07:16:25 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\extensions\searchrecs@veoh.com
[2011/10/28 07:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\extensions\trash
[2008/09/19 07:42:31 | 000,002,108 | ---- | M] () -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\searchplugins\youtube-videosuche.xml
[2011/03/09 14:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/15 05:03:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/10 09:27:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/23 06:59:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/09 14:56:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011/11/17 04:53:10 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ANOSCH\APPDATA\ROAMING\5042
() (No name found) -- C:\USERS\ANOSCH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X8K6FZJO.DEFAULT\EXTENSIONS\{5B52016C-D097-4AEC-BE61-9F129D8FDDBA}.XPI
[2011/10/01 14:25:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 15:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/01 14:25:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/01 14:25:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/01 14:25:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/01 14:25:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/01 14:25:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/01 14:25:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\Anosch_ON_C\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\Anosch_ON_C..\Run: [Akamai NetSession Interface] C:\Users\Anosch\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\Anosch_ON_C..\Run: [avupdate] C:\Users\Anosch\AppData\Roaming\mahmud.exe (Agnitum Ltd.)
O4 - HKU\Anosch_ON_C..\Run: [Octoshape Streaming Services] C:\Users\Anosch\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\Anosch_ON_C..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\Anosch_ON_C..\Run: [Userinit]  File not found
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\pokerelephant_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Anosch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\802.11g USB 2.0 WLan Utility.lnk = C:\Program Files\WLAN Technology Corporation\802.11g_Utility\ZDWlan.exe ()
O4 - Startup: C:\Users\Anosch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Anosch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} -  File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} -  File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6a1aa6d1-5aad-11e0-8b97-0015affde2c5}\Shell - "" = AutoRun
O33 - MountPoints2\{6a1aa6d1-5aad-11e0-8b97-0015affde2c5}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{6e9280f5-4726-11df-96d4-00221562bd61}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe
O33 - MountPoints2\{f8ea4221-8642-11dd-8410-f8a9dc6b70f3}\Shell - "" = AutoRun
O33 - MountPoints2\{f8ea4221-8642-11dd-8410-f8a9dc6b70f3}\Shell\AutoRun\command - "" = G:\autoplay.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/11/30 06:09:40 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/11/21 10:04:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/21 10:03:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/19 12:35:22 | 000,194,048 | ---- | C] (Agnitum Ltd.) -- C:\Users\Anosch\AppData\Roaming\mahmud.exe
[2011/11/18 10:10:15 | 000,220,112 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Anosch\AppData\Roaming\AcroIEHelpe048.dll
[2011/11/17 04:53:10 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Roaming\5042
[2011/11/16 06:38:35 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Roaming\5041
[2011/11/15 08:12:50 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Roaming\5040
[2011/11/12 05:44:52 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Roaming\5039
[2011/11/10 09:44:49 | 000,000,000 | ---D | C] -- C:\Users\Anosch\Pictures\Desktop\Technische Informatik
[2011/11/09 19:07:43 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Local\Akamai
[2011/11/09 07:30:32 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Roaming\5038
[2011/11/09 07:30:22 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Roaming\xmldm
[2011/11/09 07:30:20 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Roaming\kock
[2011/11/07 18:37:34 | 000,000,000 | R--D | C] -- C:\Users\Anosch\Pictures\Desktop\Dropbox
[2011/11/06 11:28:50 | 000,000,000 | ---D | C] -- C:\Users\Anosch\Pictures\Desktop\Lehrstuhlarbeit
[2011/11/01 09:57:03 | 000,000,000 | ---D | C] -- C:\Users\Anosch\Pictures\Desktop\Blatt02
[2008/06/03 01:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[3 C:\Users\Anosch\Pictures\Desktop\*.tmp files -> C:\Users\Anosch\Pictures\Desktop\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[15 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Anosch\AppData\Roaming\*.tmp files -> C:\Users\Anosch\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/11/30 07:12:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/30 07:11:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/30 07:11:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/30 07:10:38 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6F28120C-05C3-49A5-9144-92BFDD7D5821}.job
[2011/11/30 07:09:29 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/30 05:45:51 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011/11/30 05:45:37 | 003,744,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/21 10:16:41 | 000,670,448 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/11/21 10:16:41 | 000,631,514 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/21 10:16:41 | 000,143,986 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/11/21 10:16:41 | 000,118,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/19 13:25:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/19 12:35:22 | 000,194,048 | ---- | M] (Agnitum Ltd.) -- C:\Users\Anosch\AppData\Roaming\mahmud.exe
[2011/11/18 10:10:15 | 000,220,112 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Anosch\AppData\Roaming\AcroIEHelpe048.dll
[2011/11/18 07:32:42 | 000,000,072 | ---- | M] () -- C:\Users\Anosch\AppData\Roaming\blckdom.res
[2011/11/18 06:00:04 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Security Platform Backup Schedule.job
[2011/11/15 07:33:16 | 000,161,792 | ---- | M] () -- C:\Users\Anosch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/06 11:11:27 | 000,032,435 | ---- | M] () -- C:\Users\Anosch\Pictures\Desktop\MS-08-2011.pdf
[2011/11/04 10:52:40 | 000,183,658 | ---- | M] () -- C:\Users\Anosch\Pictures\Desktop\admm.jpg
[2011/11/01 09:56:51 | 000,000,643 | ---- | M] () -- C:\Users\Anosch\Pictures\Desktop\Hilfe02.rar
[3 C:\Users\Anosch\Pictures\Desktop\*.tmp files -> C:\Users\Anosch\Pictures\Desktop\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[15 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Anosch\AppData\Roaming\*.tmp files -> C:\Users\Anosch\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/11/26 17:06:40 | 3220,295,680 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/09 07:30:29 | 000,000,072 | ---- | C] () -- C:\Users\Anosch\AppData\Roaming\blckdom.res
[2011/11/06 11:11:27 | 000,032,435 | ---- | C] () -- C:\Users\Anosch\Pictures\Desktop\MS-08-2011.pdf
[2011/11/04 10:52:38 | 000,183,658 | ---- | C] () -- C:\Users\Anosch\Pictures\Desktop\admm.jpg
[2011/11/01 09:57:01 | 000,000,643 | ---- | C] () -- C:\Users\Anosch\Pictures\Desktop\Hilfe02.rar
[2011/03/08 12:28:36 | 000,000,600 | ---- | C] () -- C:\Users\Anosch\AppData\Roaming\winscp.rnd
[2010/12/01 18:10:41 | 002,217,088 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/12/01 18:10:41 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/12/01 18:10:40 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/12/01 18:10:40 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/12/01 18:10:39 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/02/18 09:09:51 | 018,499,623 | ---- | C] () -- C:\ProgramData\vlc-1.0.5-win32.exe
[2009/09/29 08:47:43 | 018,527,244 | ---- | C] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2009/09/04 03:40:49 | 018,015,723 | ---- | C] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009/08/04 15:42:11 | 000,968,192 | ---- | C] () -- C:\Windows\System32\wcnwiz2.dll
[2009/08/04 15:41:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/04 15:41:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/12 17:27:43 | 000,007,777 | ---- | C] () -- C:\Users\Anosch\AppData\Roaming\.civclientrc
[2009/06/13 06:13:08 | 000,001,057 | ---- | C] () -- C:\Windows\APDFPRP.INI
[2009/01/04 05:05:19 | 000,000,615 | ---- | C] () -- C:\Windows\eReg.dat
[2008/12/29 10:06:35 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/05 16:11:30 | 000,000,018 | ---- | C] () -- C:\Windows\ssetup.ini
[2008/11/29 21:18:03 | 000,000,680 | ---- | C] () -- C:\Users\Anosch\AppData\Local\d3d9caps.dat
[2008/11/19 20:03:17 | 014,618,605 | ---- | C] () -- C:\ProgramData\vlc-0.9.6-win32.exe
[2008/10/07 11:49:23 | 000,000,381 | ---- | C] () -- C:\Users\Anosch\AppData\Local\postgresinstall.bat
[2008/09/27 08:51:14 | 000,000,552 | ---- | C] () -- C:\Users\Anosch\AppData\Local\d3d8caps.dat
[2008/09/19 13:14:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/19 06:00:36 | 000,970,194 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008/09/18 12:23:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/18 11:17:47 | 000,161,792 | ---- | C] () -- C:\Users\Anosch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/18 11:13:43 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008/09/18 11:07:33 | 000,000,084 | -H-- | C] () -- C:\ProgramData\aspg.dat
[2008/09/18 10:03:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/25 06:22:19 | 000,039,480 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2008/07/25 06:22:19 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2008/07/25 06:22:17 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008/07/25 06:13:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/07/25 05:02:52 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/07/01 21:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008/05/22 11:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008/04/22 09:05:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/04/22 08:35:13 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/04/16 06:11:34 | 000,670,448 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/04/16 06:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/04/16 06:11:34 | 000,143,986 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/04/16 06:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/04/16 05:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/03/05 21:40:53 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/04 06:01:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/10/01 01:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/05/09 02:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007/04/16 05:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,744,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,631,514 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,118,140 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/08 20:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/04/02 18:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[2004/03/23 10:38:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2003/03/14 06:24:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998/05/05 23:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
[1997/06/14 06:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011/07/06 15:55:30 | 000,000,000 | -HSD | M] -- C:\Users\Anosch\AppData\Roaming\.#
[2009/07/12 18:34:18 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\.freeciv
[2011/01/06 08:32:46 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\.kojo
[2011/11/09 07:30:33 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\5038
[2011/11/12 05:44:52 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\5039
[2011/11/15 08:12:50 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\5040
[2011/11/16 06:38:35 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\5041
[2011/11/17 04:53:10 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\5042
[2011/03/18 14:11:00 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\CrypTool
[2008/09/19 07:02:09 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\DAEMON Tools
[2011/11/30 07:12:55 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\Dropbox
[2011/10/04 23:06:19 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\DVDVideoSoft
[2011/05/06 10:03:21 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/28 15:37:53 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\Free iPad Video Converter
[2008/11/08 09:56:14 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\gtk-2.0
[2010/12/03 11:22:30 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\ICQ
[2008/09/18 10:08:43 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\Infineon
[2011/11/09 07:30:20 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\kock
[2010/10/15 15:12:58 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\Octoshape
[2009/05/05 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\OpenOffice.org
[2011/08/02 03:48:26 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\Research In Motion
[2011/07/31 16:22:08 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\Simfy
[2010/06/14 17:26:18 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\SpinTop
[2011/03/09 16:47:43 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/07/16 11:57:00 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\Teeworlds
[2011/11/15 13:32:59 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\xmldm
[2010/05/05 12:04:23 | 000,000,000 | ---D | M] -- C:\ProgramData\2DBoy
[2009/12/22 17:02:18 | 000,000,000 | ---D | M] -- C:\ProgramData\AA3DeployClient
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/09/18 11:04:30 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
[2011/07/06 17:06:33 | 000,000,000 | ---D | M] -- C:\ProgramData\BMWiSoftware
[2011/03/09 08:49:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco
[2010/05/10 07:36:22 | 000,000,000 | ---D | M] -- C:\ProgramData\CMUV
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/10/10 09:16:00 | 000,000,000 | ---D | M] -- C:\ProgramData\eBay
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/06/13 08:23:32 | 000,000,000 | ---D | M] -- C:\ProgramData\GameHouse
[2008/07/25 06:06:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Infineon
[2008/09/18 11:34:05 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2008/07/25 06:21:07 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G
[2010/10/11 12:10:47 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2011/03/10 11:38:23 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/08/02 03:45:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Research In Motion
[2009/06/26 16:07:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming
[2010/06/14 17:26:45 | 000,000,000 | ---D | M] -- C:\ProgramData\SpinTop Games
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/11/19 04:58:01 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/05/23 19:28:34 | 000,000,000 | ---D | M] -- C:\ProgramData\TmForever
[2010/07/20 10:51:53 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/05/24 17:09:01 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/30 09:07:40 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/06 15:09:00 | 000,000,000 | -H-D | M] -- C:\ProgramData\{BC3827BC-FEE6-47F6-A08C-EAFB1CE3AA56}
[2011/07/06 15:08:46 | 000,000,000 | -H-D | M] -- C:\ProgramData\{DA8DD039-AEE2-4D03-83AC-B1E508D4A724}
[2011/11/19 13:25:53 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/18 06:00:04 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\Security Platform Backup Schedule.job
[2011/11/30 07:10:38 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6F28120C-05C3-49A5-9144-92BFDD7D5821}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8CEFE51A
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:302A9871
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7D6EC5BE
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:196FC0A6
< End of report >

--- --- ---

28.11.2011, 11:54	#19
markusg /// Malware-holic	Bundespolizeit 2.0 Explorer.exe na ist doch richtig, doppelklicken und dann wird gebrannt __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

28.11.2011, 18:13	#21
markusg /// Malware-holic	Bundespolizeit 2.0 Explorer.exe also so veraltet kann sie eig nicht sein, nutze die immer und keiner weiter hatte probleme, wo scheiterts? __________________ --> Bundespolizeit 2.0 Explorer.exe

Bundespolizeit 2.0 Explorer.exe

Plagegeister aller Art und deren Bekämpfung: Bundespolizeit 2.0 Explorer.exe