| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei - OTL Scan durchgeführtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.09.2011, 14:25
| #1 |
| |  Bundespolizei - OTL Scan durchgeführt Hallo, ich habe auch den Bundespolizei Virus und habe gelesen, dass man OTLPE herunterladen und darauf booten soll. Dies habe ich gemacht und anschließend den Scan durchgeführt. Die OTL.txt ist folgende: Code:
ATTFilter OTL logfile created on: 9/24/2011 4:12:26 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.10 Gb Total Space | 161.40 Gb Free Space | 55.83% Space Free | Partition Type: NTFS
Drive E: | 8.98 Gb Total Space | 1.66 Gb Free Space | 18.51% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2008/10/19 09:30:02 | 000,222,456 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008/10/15 08:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 08:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/04/25 19:15:26 | 000,361,808 | ---- | M] () [Auto] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 06:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2009/05/27 14:50:39 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/27 14:50:36 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/27 14:50:34 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/06/10 14:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 12:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/04 13:54:22 | 000,113,664 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/04/27 06:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/08 13:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 11:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - File not found
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Anna_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKU\Anna_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\Anna_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Anna_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Anna_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Anna_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - File not found
IE - HKU\Anna_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found
IE - HKU\Anna_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.type: 2
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Users\Anna\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Users\Anna\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Anna\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/13 15:06:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 06:33:39 | 000,000,000 | ---D | M]
[2010/02/15 12:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\Mozilla\Extensions
[2009/06/04 15:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\extensions
[2009/06/04 15:58:28 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/08/18 05:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8yzx6ird.default\extensions
[2010/04/29 10:49:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8yzx6ird.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/18 05:38:05 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8yzx6ird.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/06/22 13:38:27 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8yzx6ird.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/04/03 06:15:19 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8yzx6ird.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011/05/13 07:39:19 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8yzx6ird.default\extensions\engine@conduit.com
[2010/04/04 04:11:59 | 000,000,873 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8yzx6ird.default\searchplugins\conduit.xml
[2011/06/25 14:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/09/13 15:06:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 04:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 04:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - File not found
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found
O3 - HKU\Anna_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Anna_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - File not found
O3 - HKU\Anna_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Anna_ON_C..\Run: [avupdate] C:\Users\Anna\AppData\Roaming\jashla.exe ()
O4 - HKU\Anna_ON_C..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6e4503a4-787a-11df-a7e6-001d727f4ae2}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/22 16:15:39 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2010/08/25 13:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[49 C:\Users\Anna\Documents\*.tmp files -> C:\Users\Anna\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/23 01:06:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/23 00:40:21 | 000,000,286 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/09/23 00:40:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/23 00:40:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/22 10:28:48 | 000,000,008 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\uvi78ggaoec4llsh.dat
[2011/09/22 10:28:47 | 000,213,504 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\jashla.exe
[2011/09/18 16:45:49 | 171,932,556 | ---- | M] () -- C:\Windows\MEMORY.DMP
[49 C:\Users\Anna\Documents\*.tmp files -> C:\Users\Anna\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/22 10:28:48 | 000,000,008 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\uvi78ggaoec4llsh.dat
[2011/09/22 10:28:47 | 000,213,504 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\jashla.exe
[2010/08/25 14:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 14:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 14:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 13:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 13:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 13:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/03/02 10:47:50 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/01/25 05:58:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/12 13:41:01 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/06/12 13:41:01 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/12/29 13:44:25 | 000,000,680 | ---- | C] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat
[2008/12/27 07:54:12 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/12/27 07:54:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/26 16:00:24 | 000,084,992 | ---- | C] () -- C:\Users\Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/21 17:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/21 17:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/07/08 09:14:34 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/07/08 09:14:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/07/08 09:14:34 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/07/08 09:14:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/07/08 00:49:54 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008/06/12 14:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 14:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/04 13:54:12 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,346,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/12/01 15:51:54 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/05/31 03:54:27 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\elsterformular
[2010/04/08 06:34:38 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Facebook
[2011/09/20 08:44:21 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ICQ
[2008/12/31 07:43:32 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Opera
[2009/04/20 15:25:54 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Zylom
[2008/12/26 11:31:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/12/26 11:31:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/05/31 03:34:43 | 000,000,000 | ---D | M] -- C:\ProgramData\ElsterFormular
[2008/12/26 11:31:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/12/26 16:12:25 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/12/26 11:31:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/12/26 11:39:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint
[2008/12/26 11:31:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/07/08 00:13:43 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2011/08/04 11:33:58 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2009/04/21 06:36:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom
[2008/07/08 00:40:21 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/09/20 18:01:43 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/04 10:42:26 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DF3B5A84-0E1F-4A13-9961-C94C8E50F4AF}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 15 bytes -> C:\Users\Anna:zylomtr{100HQ7FF-AD7A-3FG6-LH31-23G9CBQV6VS2}
< End of report >
Danke im Voraus und liebe Grüße lowbrow Geändert von lowbrow (24.09.2011 um 14:28 Uhr) Grund: lieber Code als Quote :) |
| Themen zu Bundespolizei - OTL Scan durchgeführt |
| .dll, alternate, antivir, askbar, autorun, avira, bho, booten, converter, defender, desktop, error, explorer, firefox, format, home, kaspersky, logfile, mp3, nvidia, otl scan, otl.txt, pdf, plug-in, realtek, registry, scan, sched.exe, software, virus, vista |
Baum-Darstellung