Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA Bundespolizei Trojaner OTLPE Scan

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.08.2011, 08:33   #1
_-_-_
 
BKA Bundespolizei Trojaner OTLPE Scan - Standard

BKA Bundespolizei Trojaner OTLPE Scan



Die Mitbewohnerin meiner Freundin hat sich den BKA Trojaner "installiert".

Samsung Netbook ohne CD Laufwerk.

OTLPE Scan durch bootbaren USB Stick mit REATOGO-X-PE durch Hilfe von:
http://www.trojaner-board.de/97572-b...tml#post641534

OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 8/16/2011 1:03:29 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Starter  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,013.00 Mb Total Physical Memory | 789.00 Mb Available Physical Memory | 78.00% Memory free
901.00 Mb Paging File | 821.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 75.75 Mb Free Space | 75.75% Space Free | Partition Type: NTFS
Drive D: | 130.10 Gb Total Space | 129.84 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive E: | 87.00 Gb Total Space | 60.48 Gb Free Space | 69.51% Space Free | Partition Type: NTFS
Drive F: | 3.67 Gb Total Space | 0.77 Gb Free Space | 20.88% Space Free | Partition Type: FAT32
Drive X: | 3.73 Gb Total Space | 3.33 Gb Free Space | 89.27% Space Free | Partition Type: FAT
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto] -- E:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/09 15:04:04 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand] -- E:\windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2010/07/21 06:55:00 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto] -- E:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/06/01 02:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) [Auto] -- E:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System] -- E:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System] -- E:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System] -- E:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System] -- E:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto] -- E:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto] -- E:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/25 12:05:47 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2010/07/08 04:28:46 | 000,322,336 | ---- | M] (Marvell) [Kernel | On_Demand] -- E:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Daniela_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKU\Daniela_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKU\Daniela_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.t-online.de"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/17 12:33:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/17 13:54:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011/06/17 13:54:40 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Daniela\AppData\Roaming\Mozilla\Extensions
[2011/07/02 05:59:45 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2011/07/02 05:59:45 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011/06/17 12:33:11 | 000,000,000 | ---D | M] (avast! WebRep) -- E:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 12:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,001,392 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,153 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 04:00:00 | 000,006,805 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 04:00:00 | 000,001,105 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - E:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast] E:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ETDCtrl] E:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: E:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - E:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Daniela_ON_E Winlogon: Shell - (C:\Users\Daniela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1EXOIMRS\contacts[1].exe) - E:\Users\Daniela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1EXOIMRS\contacts[1].exe (Heaventools Software)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 13:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/08/15 05:27:21 | 000,000,000 | ---D | C] -- E:\ProgramData\AVS4YOU
[2011/08/15 05:26:40 | 000,000,000 | ---D | C] -- E:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/08/15 05:25:52 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/08/15 05:25:45 | 000,774,144 | ---- | C] (Terra Informatica Software, Inc., British Columbia, Canada.) -- E:\windows\System32\htmlayout.dll
[2011/08/15 05:25:27 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\AVSMedia
[2011/08/15 05:23:49 | 001,700,352 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\GdiPlus.dll
[2011/08/15 05:23:49 | 000,024,576 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\msxml3a.dll
[2011/08/15 05:23:48 | 000,000,000 | ---D | C] -- E:\Program Files\AVS4YOU
[2011/08/11 03:54:06 | 003,957,120 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\ntkrnlpa.exe
[2011/08/11 03:54:05 | 003,902,336 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\ntoskrnl.exe
[2011/08/11 03:53:32 | 000,599,552 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\msfeeds.dll
[2011/08/11 03:53:31 | 000,381,440 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\iedkcs32.dll
[2011/08/11 03:53:31 | 000,064,512 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\msfeedsbs.dll
[2011/08/11 03:53:30 | 000,606,208 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\mstime.dll
[2011/08/11 03:53:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\ieui.dll
[2011/08/11 03:53:29 | 000,185,856 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\iepeers.dll
[2011/08/11 03:53:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\url.dll
[2011/08/11 03:53:29 | 000,048,128 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\jsproxy.dll
[2011/08/11 03:53:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\licmgr10.dll
[2011/08/11 03:53:28 | 001,638,912 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\mshtml.tlb
[2011/08/11 03:53:28 | 000,386,048 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\html.iec
[2011/08/11 03:53:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\msfeedssync.exe
[2011/08/11 03:53:21 | 000,271,360 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\conhost.exe
[2011/08/11 03:53:20 | 000,169,984 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\winsrv.dll
[2011/08/11 03:53:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/11 03:53:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/11 03:53:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/11 03:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/11 03:53:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/11 03:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/11 03:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/11 03:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/11 03:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/11 03:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/11 03:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/11 03:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/11 03:53:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/11 03:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/11 03:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/11 03:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/11 03:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/11 03:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/11 03:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/11 03:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/11 03:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/11 03:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/11 03:53:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/11 03:53:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/11 03:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/11 03:53:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/11 03:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/11 03:53:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/11 03:53:11 | 000,319,488 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\odbcjt32.dll
[2011/08/11 03:53:11 | 000,122,880 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\odbccp32.dll
[2011/08/11 03:53:10 | 000,086,016 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\odbccu32.dll
[2011/08/11 03:53:10 | 000,081,920 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\odbccr32.dll
[2011/08/11 03:53:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\odbctrac.dll
[2011/08/09 03:37:21 | 000,000,000 | ---D | C] -- E:\Users\Daniela\Desktop\Heribert
[2011/07/25 06:18:55 | 000,000,000 | ---D | C] -- E:\Users\Daniela\Desktop\Kowi Hausarbeit
 
========== Files - Modified Within 30 Days ==========
 
[2011/08/15 18:03:03 | 000,067,584 | --S- | M] () -- E:\windows\bootstat.dat
[2011/08/15 15:59:53 | 000,010,272 | -H-- | M] () -- E:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 15:59:53 | 000,010,272 | -H-- | M] () -- E:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 15:56:52 | 000,694,430 | ---- | M] () -- E:\windows\System32\perfh00C.dat
[2011/08/15 15:56:52 | 000,689,108 | ---- | M] () -- E:\windows\System32\perfh010.dat
[2011/08/15 15:56:52 | 000,654,166 | ---- | M] () -- E:\windows\System32\perfh007.dat
[2011/08/15 15:56:52 | 000,616,008 | ---- | M] () -- E:\windows\System32\perfh009.dat
[2011/08/15 15:56:52 | 000,130,140 | ---- | M] () -- E:\windows\System32\perfc00C.dat
[2011/08/15 15:56:52 | 000,130,006 | ---- | M] () -- E:\windows\System32\perfc007.dat
[2011/08/15 15:56:52 | 000,127,144 | ---- | M] () -- E:\windows\System32\perfc010.dat
[2011/08/15 15:56:52 | 000,106,388 | ---- | M] () -- E:\windows\System32\perfc009.dat
[2011/08/15 15:52:15 | 1062,518,784 | -HS- | M] () -- E:\hiberfil.sys
[2011/08/15 05:26:52 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/08/15 05:26:45 | 000,001,255 | ---- | M] () -- E:\Users\Daniela\Desktop\AVS4YOU Software Navigator.lnk
[2011/08/15 05:25:54 | 000,001,235 | ---- | M] () -- E:\Users\Daniela\Desktop\AVS Document Converter.lnk
[2011/08/12 06:13:01 | 000,016,699 | ---- | M] () -- E:\Users\Daniela\Desktop\Lebenslauf.odt
[2011/07/25 05:44:23 | 000,646,164 | ---- | M] () -- E:\Users\Daniela\Desktop\Laage-1981-STSG-30-57-67-11ss-17443-3488.pdf
[2011/07/22 00:56:17 | 001,638,912 | ---- | M] (Microsoft Corporation) -- E:\windows\System32\mshtml.tlb
 
========== Files Created - No Company Name ==========
 
[2011/08/15 05:26:45 | 000,001,255 | ---- | C] () -- E:\Users\Daniela\Desktop\AVS4YOU Software Navigator.lnk
[2011/08/15 05:25:54 | 000,001,235 | ---- | C] () -- E:\Users\Daniela\Desktop\AVS Document Converter.lnk
[2011/08/12 06:09:08 | 000,016,699 | ---- | C] () -- E:\Users\Daniela\Desktop\Lebenslauf.odt
[2011/07/25 05:44:23 | 000,646,164 | ---- | C] () -- E:\Users\Daniela\Desktop\Laage-1981-STSG-30-57-67-11ss-17443-3488.pdf
[2011/06/17 13:59:29 | 000,000,017 | ---- | C] () -- E:\Users\Daniela\AppData\Local\resmon.resmoncfg
[2011/06/17 08:40:42 | 000,131,368 | ---- | C] () -- E:\ProgramData\FullRemove.exe
[2011/06/17 08:38:59 | 000,120,688 | ---- | C] () -- E:\windows\Wiainst.exe
[2011/06/17 08:38:07 | 000,552,960 | ---- | C] () -- E:\windows\System32\SnMinDrv.dll
[2011/06/17 08:38:07 | 000,154,112 | ---- | C] () -- E:\windows\System32\SNWIAUI.dll
[2011/06/17 08:38:07 | 000,135,168 | ---- | C] () -- E:\windows\System32\SnImgFlt.dll
[2011/06/17 08:38:07 | 000,094,208 | ---- | C] () -- E:\windows\System32\SnErHdlr.dll
[2011/06/17 08:37:47 | 000,484,656 | ---- | C] () -- E:\windows\ssndii.exe
[2011/06/17 08:36:53 | 000,151,552 | ---- | C] () -- E:\windows\System32\spd__ci.exe
[2011/06/17 08:36:50 | 000,259,888 | ---- | C] () -- E:\windows\SUPDRun.exe
[2011/06/17 08:36:48 | 000,283,136 | ---- | C] () -- E:\windows\System32\DscPnt.dll
[2011/06/17 08:36:48 | 000,026,624 | ---- | C] () -- E:\windows\System32\spd__l.dll
[2010/08/31 22:32:50 | 000,654,166 | ---- | C] () -- E:\windows\System32\perfh007.dat
[2010/08/31 22:32:50 | 000,295,922 | ---- | C] () -- E:\windows\System32\perfi007.dat
[2010/08/31 22:32:50 | 000,130,006 | ---- | C] () -- E:\windows\System32\perfc007.dat
[2010/08/31 22:32:50 | 000,038,104 | ---- | C] () -- E:\windows\System32\perfd007.dat
[2010/08/31 22:20:42 | 000,689,108 | ---- | C] () -- E:\windows\System32\perfh010.dat
[2010/08/31 22:20:42 | 000,335,478 | ---- | C] () -- E:\windows\System32\perfi010.dat
[2010/08/31 22:20:42 | 000,127,144 | ---- | C] () -- E:\windows\System32\perfc010.dat
[2010/08/31 22:20:42 | 000,037,534 | ---- | C] () -- E:\windows\System32\perfd010.dat
[2010/08/31 22:09:50 | 000,694,430 | ---- | C] () -- E:\windows\System32\perfh00C.dat
[2010/08/31 22:09:50 | 000,344,522 | ---- | C] () -- E:\windows\System32\perfi00C.dat
[2010/08/31 22:09:50 | 000,130,140 | ---- | C] () -- E:\windows\System32\perfc00C.dat
[2010/08/31 22:09:50 | 000,038,160 | ---- | C] () -- E:\windows\System32\perfd00C.dat
[2010/08/31 06:22:52 | 000,001,064 | ---- | C] () -- E:\windows\HotFixList.ini
[2010/08/31 05:49:49 | 000,006,656 | ---- | C] () -- E:\windows\System32\bcmwlrc.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- E:\windows\bootstat.dat
[2009/07/14 00:33:53 | 000,284,200 | ---- | C] () -- E:\windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,008 | ---- | C] () -- E:\windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- E:\windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,388 | ---- | C] () -- E:\windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- E:\windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- E:\windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- E:\windows\System32\dssec.dat
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- E:\windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- E:\windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- E:\windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\windows\System32\BWContextHandler.dll
[2009/07/13 18:09:19 | 000,982,196 | ---- | C] () -- E:\windows\System32\igkrng500.bin
[2009/07/13 18:09:19 | 000,417,344 | ---- | C] () -- E:\windows\System32\igcompkrng500.bin
[2009/07/13 18:09:19 | 000,139,824 | ---- | C] () -- E:\windows\System32\igfcg500.bin
[2009/07/13 18:09:19 | 000,097,448 | ---- | C] () -- E:\windows\System32\igfcg500m.bin
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2011/06/17 12:32:53 | 000,000,000 | ---D | M] -- E:\ProgramData\AVAST Software
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2011/06/17 08:45:08 | 000,000,000 | ---D | M] -- E:\ProgramData\OberonGameConsole
[2010/08/31 07:02:47 | 000,000,000 | ---D | M] -- E:\ProgramData\SAMSUNG
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/06/17 08:51:38 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2010/09/01 16:51:30 | 000,000,000 | ---D | M] -- E:\ProgramData\WinClon
[2009/07/14 00:53:46 | 000,025,528 | ---- | M] () -- E:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---

[/CODE]

Vielen Dank im Voraus



_________________


Habe jetzt doch ein Recovery über das BIOS durchgeführt, da nicht sonderlich viele Daten auf dem Rechner waren.

Damit sollte das Problem erledigt sein oder?

Alt 17.08.2011, 10:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Bundespolizei Trojaner OTLPE Scan - Standard

BKA Bundespolizei Trojaner OTLPE Scan



Zitat:
Damit sollte das Problem erledigt sein oder?
Normalerweise ja...
__________________

__________________

Antwort

Themen zu BKA Bundespolizei Trojaner OTLPE Scan
antivirus, autorun, avast, bho, cdrom, defender, desktop, document, explorer, explorer.exe, firefox, format, ics, logfile, microsoft, ohne cd, reatogo-x-pe, registry, scan, software, start menu, stick, symantec, system32, trojaner, usb, usb stick, version=1.0, webcheck, winlogon



Ähnliche Themen: BKA Bundespolizei Trojaner OTLPE Scan


  1. OTLPE Scan gemacht, was nun? (AKM-Trojaner?)
    Log-Analyse und Auswertung - 08.02.2015 (15)
  2. Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt
    Log-Analyse und Auswertung - 17.02.2014 (9)
  3. BKA Trojaner - OTLPE Fix scan - kann mir jemand diese Datei erstellen?Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (5)
  4. Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt
    Log-Analyse und Auswertung - 04.11.2013 (3)
  5. Trojaner Bundespolizei und OTLPE
    Plagegeister aller Art und deren Bekämpfung - 31.08.2013 (11)
  6. GVU Trojaner - OTLPE scan crashes bei firefox settings
    Plagegeister aller Art und deren Bekämpfung - 06.01.2013 (30)
  7. Auswertung von OTLPE Scan
    Log-Analyse und Auswertung - 05.07.2012 (11)
  8. Windows Verschlüsslungtrojaner Win 7 nach OTLPE Scan
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (3)
  9. OTLPE scan durchgeführt wie gehts weiter
    Log-Analyse und Auswertung - 04.05.2012 (5)
  10. Gema-Trojaner OTLPE bleibt beim Scan bei "Getting Folder structure" stehen
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (13)
  11. Bundespolizei Trojaner. OTLPE USB erstellt und gescant
    Log-Analyse und Auswertung - 05.04.2012 (15)
  12. Bundespolizei-Trojaner mit Scanergebnis von OTLPE
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (1)
  13. [doppelt]OTLPE kann keine Log-Datei erstellen - Bundespolizei Trojaner
    Mülltonne - 02.12.2011 (2)
  14. BKA Trojaner - OTLPE Fix scan - wie kann ich diese Datei erstellen
    Log-Analyse und Auswertung - 16.11.2011 (33)
  15. BKA Virus - Windows 7 - OTLPE Scan
    Plagegeister aller Art und deren Bekämpfung - 22.10.2011 (5)
  16. OTLPE Logfile erstellt - Bundespolizei Trojaner - Weiteres Vorgehen?
    Log-Analyse und Auswertung - 13.09.2011 (5)
  17. Bundespolizei + OTLPE-File
    Log-Analyse und Auswertung - 12.08.2011 (3)

Zum Thema BKA Bundespolizei Trojaner OTLPE Scan - Die Mitbewohnerin meiner Freundin hat sich den BKA Trojaner "installiert". Samsung Netbook ohne CD Laufwerk. OTLPE Scan durch bootbaren USB Stick mit REATOGO-X-PE durch Hilfe von: http://www.trojaner-board.de/97572-b...tml#post641534 OTL.txt OTL Logfile: - BKA Bundespolizei Trojaner OTLPE Scan...
Archiv
Du betrachtest: BKA Bundespolizei Trojaner OTLPE Scan auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.