Bundespolizeit 2.0 Explorer.exe

markusg · 01.12.2011, 13:49

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O4 - HKU\Anosch_ON_C..\Run: [avupdate] C:\Users\Anosch\AppData\Roaming\mahmud.exe (Agnitum Ltd.)
[2011/11/19 12:35:22 | 000,194,048 | ---- | C] (Agnitum Ltd.) -- C:\Users\Anosch\AppData\Roaming\mahmud.exe
[2011/11/18 10:10:15 | 000,220,112 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Anosch\AppData\Roaming\AcroIEHelpe048.dll
[2011/11/17 04:53:10 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Roaming\5042
[2011/11/16 06:38:35 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Roaming\5041
[2011/11/15 08:12:50 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Roaming\5040
[2011/11/12 05:44:52 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Roaming\5039
[2011/11/09 07:30:32 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Roaming\5038
[2011/11/09 07:30:22 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Roaming\xmldm
[2011/11/09 07:30:20 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Roaming\kock
[3 C:\Users\Anosch\Pictures\Desktop\*.tmp files -> C:\Users\Anosch\Pictures\Desktop\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[15 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Anosch\AppData\Roaming\*.tmp files -> C:\Users\Anosch\AppData\Roaming\*.tmp -> ]
:Files
C:\Users\Anosch\AppData\Roaming\mahmud.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
bzw wenn du über die otl cd internet hast kannst du es auch einfach kopieren und in otl einfügen
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

PeterPeter77 · 01.12.2011, 15:10

Jedesmal wenn ich auf Run Fix gehen und die Datein laden will, bzw wenn ich auf einen Ordner höher gehen will bekomme ich die Meldung:

Access violation at address 7CA0C936 in module 'shell32.dll'. Read of address 00000006

Danach hängt alles.

markusg · 01.12.2011, 15:27

auch wenn du den fix manuell eingibst und dann auf run fix klickst

PeterPeter77 · 01.12.2011, 15:48

Habs geschaft die Fix,txt zuladen, jetzt hängt es aber. Soll ich warten oder neustarten?

markusg · 01.12.2011, 15:54

versuch mal mit neustarten, und wenn es nicht klappt tippe den fix per hand ein

PeterPeter77 · 01.12.2011, 15:59

Wie kann ich den Fix per Hand eingeben?

markusg · 01.12.2011, 16:10

in das feld eintragen wo man reinschreiben kann. müsste im unteren teil von otl sein

PeterPeter77 · 01.12.2011, 17:47

Die Anzeige kommt bei mir nicht mehr (Bundespolizei), dafür ist jetzt nichts anklickbar, strg alt entf funktioniert auch nicht.

markusg · 01.12.2011, 17:58

rechtsklick auf den desktop, ansicht, desktop symbole anzeigen
kannst du jetzt wieder was anklicken, falls ja weiter mit dem upload

PeterPeter77 · 01.12.2011, 18:03

Nein auch kein Rechtsklick funktioniert, gar nichts!!! Nur die Mausbewegeung.
Hab auch mehrmals von Neugestartet

markusg · 01.12.2011, 18:08

ok dann erstelle mir über die otl cd noch mal ein neues log

PeterPeter77 · 03.12.2011, 22:48

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12/2/2011 12:00:56 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 9.75 Gb Free Space | 6.54% Space Free | Partition Type: NTFS
Drive D: | 69.33 Gb Total Space | 42.44 Gb Free Space | 61.22% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/11/21 06:13:21 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/18 05:26:07 | 003,313,752 | ---- | M] () [Auto] -- C:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/09/22 13:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011/06/01 07:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/05 13:04:56 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/09 12:13:25 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/08/20 09:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 09:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/03/17 23:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/31 22:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/21 05:17:02 | 000,017,408 | ---- | M] () [Auto] -- C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV - [2007/10/02 23:53:00 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/07/23 18:59:11 | 000,140,568 | ---- | M] (Infineon Technologies AG) [Auto] -- C:\Windows\System32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/02/06 12:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/21 05:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (EagleNT)
DRV - [2011/06/10 15:42:41 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010/07/15 02:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 02:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/01/28 09:26:48 | 000,141,312 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2010/01/28 09:26:44 | 000,134,656 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk)
DRV - [2010/01/28 09:26:40 | 000,185,344 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV - [2009/12/14 09:59:05 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/22 07:47:05 | 000,786,576 | ---- | M] (DiBcom SA) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009/07/22 07:47:05 | 000,020,496 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
DRV - [2009/06/09 12:13:25 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 03:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/09/19 07:02:17 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/08/28 16:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/06/03 01:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/05/29 12:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008/05/02 00:59:39 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/22 11:36:31 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/20 23:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/15 19:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/20 21:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/12/18 19:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007/10/01 01:59:45 | 001,769,984 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/07/30 13:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 12:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/24 13:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/07/23 18:59:13 | 000,038,816 | ---- | M] (Infineon Technologies AG) [Kernel | System] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007/06/16 23:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2006/12/14 02:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2004/11/29 10:53:18 | 000,258,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZD1211U.sys -- (ZD1211U(WLAN)) WLAN ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(WLAN)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Anosch_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\Anosch_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Anosch_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Anosch_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Anosch_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071301000019
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Anosch\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 14:25:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/28 06:52:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Anosch\AppData\Roaming\5042
 
[2008/09/18 12:35:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anosch\AppData\Roaming\Mozilla\Extensions
[2011/10/28 07:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\extensions
[2010/10/29 09:49:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/24 15:48:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/05/24 15:48:31 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009/01/29 04:08:05 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\extensions\moveplayer@movenetworks.com
[2010/06/21 07:16:25 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\extensions\searchrecs@veoh.com
[2011/10/28 07:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\extensions\trash
[2008/09/19 07:42:31 | 000,002,108 | ---- | M] () -- C:\Users\Anosch\AppData\Roaming\Mozilla\Firefox\Profiles\x8k6fzjo.default\searchplugins\youtube-videosuche.xml
[2011/03/09 14:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/15 05:03:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/10 09:27:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/23 06:59:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/09 14:56:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- 
File not found (No name found) -- C:\USERS\ANOSCH\APPDATA\ROAMING\5042
() (No name found) -- C:\USERS\ANOSCH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X8K6FZJO.DEFAULT\EXTENSIONS\{5B52016C-D097-4AEC-BE61-9F129D8FDDBA}.XPI
[2011/10/01 14:25:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 15:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/01 14:25:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/01 14:25:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/01 14:25:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/01 14:25:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/01 14:25:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/01 14:25:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\Anosch_ON_C\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\Anosch_ON_C..\Run: [Akamai NetSession Interface] C:\Users\Anosch\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\Anosch_ON_C..\Run: [avupdate]  File not found
O4 - HKU\Anosch_ON_C..\Run: [Octoshape Streaming Services] C:\Users\Anosch\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\Anosch_ON_C..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\Anosch_ON_C..\Run: [Userinit]  File not found
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\pokerelephant_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Anosch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\802.11g USB 2.0 WLan Utility.lnk = C:\Program Files\WLAN Technology Corporation\802.11g_Utility\ZDWlan.exe ()
O4 - Startup: C:\Users\Anosch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Anosch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} -  File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} -  File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.248.21.22 137.248.1.5 192.76.176.9
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6a1aa6d1-5aad-11e0-8b97-0015affde2c5}\Shell - "" = AutoRun
O33 - MountPoints2\{6a1aa6d1-5aad-11e0-8b97-0015affde2c5}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{6e9280f5-4726-11df-96d4-00221562bd61}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe
O33 - MountPoints2\{f8ea4221-8642-11dd-8410-f8a9dc6b70f3}\Shell - "" = AutoRun
O33 - MountPoints2\{f8ea4221-8642-11dd-8410-f8a9dc6b70f3}\Shell\AutoRun\command - "" = G:\autoplay.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/01 16:16:19 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/12/01 16:16:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/01 15:01:01 | 000,000,000 | R--D | C] -- C:\Windows\Users
[2011/11/30 06:09:40 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/11/21 10:04:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/21 10:03:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/10 09:44:49 | 000,000,000 | ---D | C] -- C:\Users\Anosch\Pictures\Desktop\Technische Informatik
[2011/11/09 19:07:43 | 000,000,000 | ---D | C] -- C:\Users\Anosch\AppData\Local\Akamai
[2011/11/07 18:37:34 | 000,000,000 | R--D | C] -- C:\Users\Anosch\Pictures\Desktop\Dropbox
[2011/11/06 11:28:50 | 000,000,000 | ---D | C] -- C:\Users\Anosch\Pictures\Desktop\Lehrstuhlarbeit
[2008/06/03 01:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/01 11:40:31 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011/12/01 11:40:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 11:40:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 11:40:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/01 11:40:00 | 3218,231,296 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/30 07:10:38 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6F28120C-05C3-49A5-9144-92BFDD7D5821}.job
[2011/11/30 05:45:37 | 003,744,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/21 10:16:41 | 000,670,448 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/11/21 10:16:41 | 000,631,514 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/21 10:16:41 | 000,143,986 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/11/21 10:16:41 | 000,118,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/19 13:25:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/18 07:32:42 | 000,000,072 | ---- | M] () -- C:\Users\Anosch\AppData\Roaming\blckdom.res
[2011/11/18 06:00:04 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Security Platform Backup Schedule.job
[2011/11/15 07:33:16 | 000,161,792 | ---- | M] () -- C:\Users\Anosch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/06 11:11:27 | 000,032,435 | ---- | M] () -- C:\Users\Anosch\Pictures\Desktop\MS-08-2011.pdf
[2011/11/04 10:52:40 | 000,183,658 | ---- | M] () -- C:\Users\Anosch\Pictures\Desktop\admm.jpg
 
========== Files Created - No Company Name ==========
 
[2011/11/26 17:06:40 | 3218,231,296 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/09 07:30:29 | 000,000,072 | ---- | C] () -- C:\Users\Anosch\AppData\Roaming\blckdom.res
[2011/11/06 11:11:27 | 000,032,435 | ---- | C] () -- C:\Users\Anosch\Pictures\Desktop\MS-08-2011.pdf
[2011/11/04 10:52:38 | 000,183,658 | ---- | C] () -- C:\Users\Anosch\Pictures\Desktop\admm.jpg
[2011/03/08 12:28:36 | 000,000,600 | ---- | C] () -- C:\Users\Anosch\AppData\Roaming\winscp.rnd
[2010/12/01 18:10:41 | 002,217,088 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/12/01 18:10:41 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/12/01 18:10:40 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/12/01 18:10:40 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/12/01 18:10:39 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/02/18 09:09:51 | 018,499,623 | ---- | C] () -- C:\ProgramData\vlc-1.0.5-win32.exe
[2009/09/29 08:47:43 | 018,527,244 | ---- | C] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2009/09/04 03:40:49 | 018,015,723 | ---- | C] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009/08/04 15:42:11 | 000,968,192 | ---- | C] () -- C:\Windows\System32\wcnwiz2.dll
[2009/08/04 15:41:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/04 15:41:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/12 17:27:43 | 000,007,777 | ---- | C] () -- C:\Users\Anosch\AppData\Roaming\.civclientrc
[2009/06/13 06:13:08 | 000,001,057 | ---- | C] () -- C:\Windows\APDFPRP.INI
[2009/01/04 05:05:19 | 000,000,615 | ---- | C] () -- C:\Windows\eReg.dat
[2008/12/29 10:06:35 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/05 16:11:30 | 000,000,018 | ---- | C] () -- C:\Windows\ssetup.ini
[2008/11/29 21:18:03 | 000,000,680 | ---- | C] () -- C:\Users\Anosch\AppData\Local\d3d9caps.dat
[2008/11/19 20:03:17 | 014,618,605 | ---- | C] () -- C:\ProgramData\vlc-0.9.6-win32.exe
[2008/10/07 11:49:23 | 000,000,381 | ---- | C] () -- C:\Users\Anosch\AppData\Local\postgresinstall.bat
[2008/09/27 08:51:14 | 000,000,552 | ---- | C] () -- C:\Users\Anosch\AppData\Local\d3d8caps.dat
[2008/09/19 13:14:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/19 06:00:36 | 000,970,194 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008/09/18 12:23:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/18 11:17:47 | 000,161,792 | ---- | C] () -- C:\Users\Anosch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/18 11:13:43 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008/09/18 11:07:33 | 000,000,084 | -H-- | C] () -- C:\ProgramData\aspg.dat
[2008/09/18 10:03:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/25 06:22:19 | 000,039,480 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2008/07/25 06:22:19 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2008/07/25 06:22:17 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008/07/25 06:13:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/07/25 05:02:52 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/07/01 21:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008/05/22 11:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008/04/22 09:05:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/04/22 08:35:13 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/04/16 06:11:34 | 000,670,448 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/04/16 06:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/04/16 06:11:34 | 000,143,986 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/04/16 06:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/04/16 05:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/03/05 21:40:53 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/04 06:01:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/10/01 01:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/05/09 02:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007/04/16 05:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,744,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,631,514 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,118,140 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/08 20:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/04/02 18:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[2004/03/23 10:38:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2003/03/14 06:24:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998/05/05 23:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
[1997/06/14 06:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011/07/06 15:55:30 | 000,000,000 | -HSD | M] -- C:\Users\Anosch\AppData\Roaming\.#
[2009/07/12 18:34:18 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\.freeciv
[2011/01/06 08:32:46 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\.kojo
[2011/03/18 14:11:00 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\CrypTool
[2008/09/19 07:02:09 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\DAEMON Tools
[2011/11/30 07:12:55 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\Dropbox
[2011/10/04 23:06:19 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\DVDVideoSoft
[2011/05/06 10:03:21 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/28 15:37:53 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\Free iPad Video Converter
[2008/11/08 09:56:14 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\gtk-2.0
[2010/12/03 11:22:30 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\ICQ
[2008/09/18 10:08:43 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\Infineon
[2010/10/15 15:12:58 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\Octoshape
[2009/05/05 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\OpenOffice.org
[2011/08/02 03:48:26 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\Research In Motion
[2011/07/31 16:22:08 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\Simfy
[2010/06/14 17:26:18 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\SpinTop
[2011/03/09 16:47:43 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/07/16 11:57:00 | 000,000,000 | ---D | M] -- C:\Users\Anosch\AppData\Roaming\Teeworlds
[2010/05/05 12:04:23 | 000,000,000 | ---D | M] -- C:\ProgramData\2DBoy
[2009/12/22 17:02:18 | 000,000,000 | ---D | M] -- C:\ProgramData\AA3DeployClient
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/09/18 11:04:30 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
[2011/07/06 17:06:33 | 000,000,000 | ---D | M] -- C:\ProgramData\BMWiSoftware
[2011/03/09 08:49:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco
[2010/05/10 07:36:22 | 000,000,000 | ---D | M] -- C:\ProgramData\CMUV
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/10/10 09:16:00 | 000,000,000 | ---D | M] -- C:\ProgramData\eBay
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/06/13 08:23:32 | 000,000,000 | ---D | M] -- C:\ProgramData\GameHouse
[2008/07/25 06:06:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Infineon
[2008/09/18 11:34:05 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2008/07/25 06:21:07 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G
[2010/10/11 12:10:47 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2011/03/10 11:38:23 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/08/02 03:45:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Research In Motion
[2009/06/26 16:07:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming
[2010/06/14 17:26:45 | 000,000,000 | ---D | M] -- C:\ProgramData\SpinTop Games
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/11/19 04:58:01 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/05/23 19:28:34 | 000,000,000 | ---D | M] -- C:\ProgramData\TmForever
[2010/07/20 10:51:53 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/05/24 17:09:01 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/30 09:07:40 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/06 15:09:00 | 000,000,000 | -H-D | M] -- C:\ProgramData\{BC3827BC-FEE6-47F6-A08C-EAFB1CE3AA56}
[2011/07/06 15:08:46 | 000,000,000 | -H-D | M] -- C:\ProgramData\{DA8DD039-AEE2-4D03-83AC-B1E508D4A724}
[2011/11/19 13:25:53 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/18 06:00:04 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\Security Platform Backup Schedule.job
[2011/11/30 07:10:38 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6F28120C-05C3-49A5-9144-92BFDD7D5821}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8CEFE51A
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:302A9871
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7D6EC5BE
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:196FC0A6
< End of report >

--- --- ---

PeterPeter77 · 04.12.2011, 13:02

Also kann auch immernoch nichts anklicken, wenn ich wieder normal hochfahre.

markusg · 04.12.2011, 17:33

nutzt du dieses system für onlinebanking einkäufe oder sonst was wichtiges?

PeterPeter77 · 04.12.2011, 17:50

Ja schon, wieso?

01.12.2011, 15:27	#33
markusg /// Malware-holic	Bundespolizeit 2.0 Explorer.exe auch wenn du den fix manuell eingibst und dann auf run fix klickst __________________ __________________

01.12.2011, 18:08	#41
markusg /// Malware-holic	Bundespolizeit 2.0 Explorer.exe ok dann erstelle mir über die otl cd noch mal ein neues log __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Bundespolizeit 2.0 Explorer.exe

Plagegeister aller Art und deren Bekämpfung: Bundespolizeit 2.0 Explorer.exe