Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei - OTL Scan durchgeführt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 24.09.2011, 14:25   #1
lowbrow
 
Bundespolizei - OTL Scan durchgeführt - Standard

Bundespolizei - OTL Scan durchgeführt



Hallo,
ich habe auch den Bundespolizei Virus und habe gelesen, dass man OTLPE herunterladen und darauf booten soll. Dies habe ich gemacht und anschließend den Scan durchgeführt. Die OTL.txt ist folgende:
Code:
ATTFilter
OTL logfile created on: 9/24/2011 4:12:26 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.10 Gb Total Space | 161.40 Gb Free Space | 55.83% Space Free | Partition Type: NTFS
Drive E: | 8.98 Gb Total Space | 1.66 Gb Free Space | 18.51% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2008/10/19 09:30:02 | 000,222,456 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008/10/15 08:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 08:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/04/25 19:15:26 | 000,361,808 | ---- | M] () [Auto] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 06:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2009/05/27 14:50:39 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/27 14:50:36 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/27 14:50:34 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/06/10 14:54:36 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 12:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/04 13:54:22 | 000,113,664 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/04/27 06:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/08 13:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 11:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  File not found
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -  File not found
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Anna_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKU\Anna_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\Anna_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Anna_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Anna_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Anna_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  File not found
IE - HKU\Anna_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -  File not found
IE - HKU\Anna_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.type: 2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Users\Anna\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Users\Anna\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Anna\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/13 15:06:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 06:33:39 | 000,000,000 | ---D | M]
 
[2010/02/15 12:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\Mozilla\Extensions
[2009/06/04 15:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\extensions
[2009/06/04 15:58:28 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/08/18 05:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8yzx6ird.default\extensions
[2010/04/29 10:49:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8yzx6ird.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/18 05:38:05 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8yzx6ird.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/06/22 13:38:27 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8yzx6ird.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/04/03 06:15:19 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8yzx6ird.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011/05/13 07:39:19 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8yzx6ird.default\extensions\engine@conduit.com
[2010/04/04 04:11:59 | 000,000,873 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8yzx6ird.default\searchplugins\conduit.xml
[2011/06/25 14:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2011/09/13 15:06:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 04:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 04:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  File not found
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -  File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -  File not found
O3 - HKU\Anna_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Anna_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  File not found
O3 - HKU\Anna_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} -  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Anna_ON_C..\Run: [avupdate] C:\Users\Anna\AppData\Roaming\jashla.exe ()
O4 - HKU\Anna_ON_C..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6e4503a4-787a-11df-a7e6-001d727f4ae2}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/09/22 16:15:39 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2010/08/25 13:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[49 C:\Users\Anna\Documents\*.tmp files -> C:\Users\Anna\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/09/23 01:06:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/23 00:40:21 | 000,000,286 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/09/23 00:40:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/23 00:40:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/22 10:28:48 | 000,000,008 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\uvi78ggaoec4llsh.dat
[2011/09/22 10:28:47 | 000,213,504 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\jashla.exe
[2011/09/18 16:45:49 | 171,932,556 | ---- | M] () -- C:\Windows\MEMORY.DMP
[49 C:\Users\Anna\Documents\*.tmp files -> C:\Users\Anna\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/09/22 10:28:48 | 000,000,008 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\uvi78ggaoec4llsh.dat
[2011/09/22 10:28:47 | 000,213,504 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\jashla.exe
[2010/08/25 14:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 14:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 14:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 13:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 13:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 13:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/03/02 10:47:50 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/01/25 05:58:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/12 13:41:01 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/06/12 13:41:01 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/12/29 13:44:25 | 000,000,680 | ---- | C] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat
[2008/12/27 07:54:12 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/12/27 07:54:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/26 16:00:24 | 000,084,992 | ---- | C] () -- C:\Users\Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/21 17:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/21 17:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/07/08 09:14:34 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/07/08 09:14:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/07/08 09:14:34 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/07/08 09:14:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/07/08 00:49:54 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008/06/12 14:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 14:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/04 13:54:12 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,346,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010/12/01 15:51:54 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/05/31 03:54:27 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\elsterformular
[2010/04/08 06:34:38 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Facebook
[2011/09/20 08:44:21 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ICQ
[2008/12/31 07:43:32 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Opera
[2009/04/20 15:25:54 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Zylom
[2008/12/26 11:31:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/12/26 11:31:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/05/31 03:34:43 | 000,000,000 | ---D | M] -- C:\ProgramData\ElsterFormular
[2008/12/26 11:31:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/12/26 16:12:25 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/12/26 11:31:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/12/26 11:39:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint
[2008/12/26 11:31:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/07/08 00:13:43 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2011/08/04 11:33:58 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2009/04/21 06:36:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom
[2008/07/08 00:40:21 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/09/20 18:01:43 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/04 10:42:26 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DF3B5A84-0E1F-4A13-9961-C94C8E50F4AF}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 15 bytes -> C:\Users\Anna:zylomtr{100HQ7FF-AD7A-3FG6-LH31-23G9CBQV6VS2}
< End of report >
         
Ich hoffe ihr könnt mir helfen.

Danke im Voraus und liebe Grüße

lowbrow

Geändert von lowbrow (24.09.2011 um 14:28 Uhr) Grund: lieber Code als Quote :)

 

Themen zu Bundespolizei - OTL Scan durchgeführt
.dll, alternate, antivir, askbar, autorun, avira, bho, booten, converter, defender, desktop, error, explorer, firefox, format, home, kaspersky, logfile, mp3, nvidia, otl scan, otl.txt, pdf, plug-in, realtek, registry, scan, sched.exe, software, virus, vista




Ähnliche Themen: Bundespolizei - OTL Scan durchgeführt


  1. Scan mit Farbars Recovery Scan Tool durchgeführt, was mache ich jetzt?
    Log-Analyse und Auswertung - 14.02.2014 (1)
  2. Maleware entdeckt - bootstrapper.exe - FRST Scan durchgeführt - was nun?
    Log-Analyse und Auswertung - 13.12.2013 (3)
  3. Interpol Virus Farbar Recovery Scan durchgeführt
    Log-Analyse und Auswertung - 22.09.2013 (3)
  4. GVU Trojaner! FRST scan schon durchgeführt, wie gehts weiter?
    Log-Analyse und Auswertung - 16.09.2013 (10)
  5. GVU Virus eingefangen - Malwarebytes Scan durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (4)
  6. dsgsdgdsdgsdw.dll Trojaner - DDS Scan durchgeführt...was tun?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (1)
  7. Spy-Hunter installiert und Scan durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (2)
  8. Habe Trojaner auf dem PC, OTL Scan bereits durchgeführt und nun?
    Log-Analyse und Auswertung - 15.08.2012 (1)
  9. Polizeitrojaner (Österreich) - Scan durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (2)
  10. Bundestrojaner OTL Scan durchgeführt
    Log-Analyse und Auswertung - 09.07.2012 (1)
  11. vom GEMA Trojaner befallen, scan schon durchgeführt, und jetzt?
    Log-Analyse und Auswertung - 05.07.2012 (5)
  12. gema-trojaner auf laptop, otl-scan bereits durchgeführt
    Log-Analyse und Auswertung - 29.05.2012 (8)
  13. OTLPE scan durchgeführt wie gehts weiter
    Log-Analyse und Auswertung - 04.05.2012 (5)
  14. Bundespolizei Trojaner Otl-Scan wurde durchgeführt, brauche Hilfe!
    Log-Analyse und Auswertung - 19.03.2012 (9)
  15. TR/Kazy.mekml.1 gefunden, OTL Scan durchgeführt
    Log-Analyse und Auswertung - 28.04.2011 (1)
  16. TR/Kazy.mekml.1 gefunden, OTL Scan bereits durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  17. Gmer Scan durchgeführt-und nun?
    Log-Analyse und Auswertung - 23.03.2011 (7)

Zum Thema Bundespolizei - OTL Scan durchgeführt - Hallo, ich habe auch den Bundespolizei Virus und habe gelesen, dass man OTLPE herunterladen und darauf booten soll. Dies habe ich gemacht und anschließend den Scan durchgeführt. Die OTL.txt ist - Bundespolizei - OTL Scan durchgeführt...
Archiv
Du betrachtest: Bundespolizei - OTL Scan durchgeführt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.