Muss ich mir Sorgen machen? - Mein HiJackThis/eSan Log

Wile_E_Coyote · 12.06.2007, 22:51

Hallo zusammen,

wäre mir eine sehr große Hilfe, wenn Ihr Euch meine Log-Files anschauen könntet...
Ich hatte vor einigen Tagen einen "Trojan.Win32.BHO.g" auf meinem Rechner (in einer tmp.exe-Datei). Ich habe mich bemüht, das Ding zu entfernen... war ich erfolgreich? Wäre super, wenn mir jemand helfen könnte. Hier meine Log-Files:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:42:49, on 12.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ANYCOM\Blue USB-130\bin\btwdins.exe
C:\Programme\Eset\nod32krn.exe
C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ASUS\Power4 Gear\BatteryLife.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
C:\Programme\ASUS\Wireless Console\wcourier.exe
C:\Programme\Eset\nod32kui.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Windows\ATK0100\HControl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot\TeaTimer.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\ANYCOM\Blue USB-130\BTTray.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\TC\TC.exe
C:\Programme\PopTray\PopTray.exe
C:\Programme\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\Programme\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programme\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programme\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Windows\ATK0100\ATKOSD.exe
C:\Programme\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\HiJackThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23df659a-d2f8-4a4f-8b51-18f30647aab8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Programme\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HControl] C:\Windows\ATK0100\HControl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot\TeaTimer.exe
O4 - Startup: PopTray.lnk = C:\Programme\PopTray\PopTray.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programme\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Mozilla Firefox.lnk = C:\Programme\Mozilla Firefox\firefox.exe
O4 - Global Startup: TC.lnk = C:\Programme\TC\TC.exe
O8 - Extra context menu item: Mit GetRight laden - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Mit GetRight-Browser öffnen - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ANYCOM\Blue USB-130\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ANYCOM\Blue USB-130\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ANYCOM\Blue USB-130\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - h**p://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171497554501
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - h**p://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - h**p://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ECF6556-D08B-49F4-91BC-84CD318BD0D5}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: counsrv - C:\WINDOWS\
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ANYCOM\Blue USB-130\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: spmgr - Unknown owner - C:\Programme\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9141 bytes

eScan:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Microsoft Windows XP [Version 5.1.2600]
Tue Jun 12 18:39:00 2007 => Version 9.2.7 (C:\DOKUME~1\MM\LOKALE~1\Temp\mexe.com)
Tue Jun 12 18:39:08 2007 => Virus Database Date: 6/11/2007
Tue Jun 12 18:39:48 2007 => Virus Database Date: 6/12/2007
Tue Jun 12 18:42:00 2007 => Virus Database Date: 6/12/2007
Tue Jun 12 19:47:16 2007 => Virus Database Date: 6/12/2007
Tue Jun 12 19:48:36 2007 => Virus Database Date: 6/12/2007
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue Jun 12 19:02:42 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: No Action Taken.
Tue Jun 12 19:02:42 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swsc.exe)! Action taken: No Action Taken.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Tue Jun 12 19:02:42 2007 => Offending file found: C:\WINDOWS\system32\swreg.exe
Tue Jun 12 19:02:42 2007 => Offending file found: C:\WINDOWS\system32\swsc.exe
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
~~~~~~~~~~~
Registry
~~~~~~~~~~~
Tue Jun 12 18:43:05 2007 => Offending Key found: HKLM\Software\magnet !!!
Tue Jun 12 19:02:40 2007 => Offending Key found: HKCU\\magnet !!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Die von eScan angegebenen Dateien (swreg.exe und swsc.exe) habe ich überprüft... anscheinend sind die i.O., oder?

Hier die virustotal-Angaben:

Complete scanning result of "swreg.exe", received in VirusTotal at 06.12.2007, 22:11:30 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.12.2 06.12.2007 no virus found
AntiVir 7.4.0.32 06.12.2007 no virus found
Authentium 4.93.8 06.12.2007 could be a corrupted executable file
Avast 4.7.997.0 06.12.2007 no virus found
AVG 7.5.0.467 06.12.2007 no virus found
BitDefender 7.2 06.12.2007 no virus found
CAT-QuickHeal 9.00 06.12.2007 no virus found
ClamAV devel-20070416 06.12.2007 no virus found
DrWeb 4.33 06.12.2007 no virus found
eSafe 7.0.15.0 06.12.2007 no virus found
eTrust-Vet 30.7.3713 06.12.2007 no virus found
Ewido 4.0 06.12.2007 no virus found
FileAdvisor 1 06.12.2007 No threat detected
Fortinet 2.85.0.0 06.12.2007 suspicious
F-Prot 4.3.2.48 06.12.2007 no virus found
F-Secure 6.70.13030.0 06.12.2007 no virus found
Ikarus T3.1.1.8 06.12.2007 no virus found
Kaspersky 4.0.2.24 06.12.2007 no virus found
McAfee 5051 06.12.2007 no virus found
Microsoft 1.2503 06.12.2007 no virus found
NOD32v2 2325 06.12.2007 no virus found
Norman 5.80.02 06.12.2007 no virus found
Panda 9.0.0.4 06.12.2007 Suspicious file
Prevx1 V2 06.12.2007 no virus found
Sophos 4.18.0 06.12.2007 no virus found
Sunbelt 2.2.907.0 06.09.2007 no virus found
Symantec 10 06.12.2007 no virus found
TheHacker 6.1.6.132 06.11.2007 no virus found
VBA32 3.12.0.1 06.12.2007 no virus found
VirusBuster 4.3.23:9 06.12.2007 no virus found
Webwasher-Gateway 6.0.1 06.12.2007 Virus.Win32.FileInfector.gen!90 (suspicious)

Aditional Information
File size: 428032 bytes
MD5: 21d1f38b96b8b2ea895d5005987b239e
SHA1: 139325b6691a8ac39277e1dbc29e7663136324dd
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=21d1f38b96b8b2ea895d5005987b239e

Complete scanning result of "swsc.exe", received in VirusTotal at 06.12.2007, 22:22:53 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.12.2 06.12.2007 no virus found
AntiVir 7.4.0.32 06.12.2007 no virus found
Authentium 4.93.8 06.12.2007 could be a corrupted executable file
Avast 4.7.997.0 06.12.2007 no virus found
AVG 7.5.0.467 06.12.2007 no virus found
BitDefender 7.2 06.12.2007 no virus found
CAT-QuickHeal 9.00 06.12.2007 no virus found
ClamAV devel-20070416 06.12.2007 no virus found
DrWeb 4.33 06.12.2007 no virus found
eSafe 7.0.15.0 06.12.2007 no virus found
eTrust-Vet 30.7.3713 06.12.2007 no virus found
Ewido 4.0 06.12.2007 no virus found
FileAdvisor 1 06.12.2007 No threat detected
Fortinet 2.85.0.0 06.12.2007 no virus found
F-Prot 4.3.2.48 06.12.2007 no virus found
F-Secure 6.70.13030.0 06.12.2007 no virus found
Ikarus T3.1.1.8 06.12.2007 no virus found
Kaspersky 4.0.2.24 06.12.2007 no virus found
McAfee 5051 06.12.2007 no virus found
Microsoft 1.2503 06.12.2007 no virus found
NOD32v2 2325 06.12.2007 no virus found
Norman 5.80.02 06.12.2007 no virus found
Panda 9.0.0.4 06.12.2007 no virus found
Prevx1 V2 06.12.2007 no virus found
Sophos 4.18.0 06.12.2007 no virus found
Sunbelt 2.2.907.0 06.09.2007 no virus found
Symantec 10 06.12.2007 no virus found
TheHacker 6.1.6.132 06.11.2007 no virus found
VBA32 3.12.0.1 06.12.2007 no virus found
VirusBuster 4.3.23:9 06.12.2007 no virus found
Webwasher-Gateway 6.0.1 06.12.2007 Virus.Win32.FileInfector.gen!90 (suspicious)

Aditional Information
File size: 370688 bytes
MD5: af52196cf5593c13f8c2f00a55fe132b
SHA1: 8b6628f141f4cb889121d7c903c8f97b8a85fbae
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=af52196cf5593c13f8c2f00a55fe132b

Was meint ihr, alles i.O.?

Vielen Dank für Euer Bemühen!
Gruß,
Matthias

TrojanWarr · 13.06.2007, 11:54

hey

stelle den CleanUp genauso ein, wie hier angegeben:
hier

Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
hier

Wile_E_Coyote · 13.06.2007, 18:27

@ TrojanWarr:

Schon 'mal vielen Dank für Deine Mühe!

Habe alles mit CleanUp gesäubert, hier die weiteren Log-Files:

C:\WINDOWS\system32
-----------------------

13.06.2007 18:24 2.422 wpa.dbl
12.06.2007 12:10 898 counsrv.dns
11.06.2007 21:05 876.659.062 dn_crash.log
11.06.2007 20:18 2.550 Uninstall.ico
11.06.2007 20:18 1.406 Help.ico
11.06.2007 20:18 30.590 pavas.ico
01.06.2007 16:08 195 imon1.dat
20.05.2007 13:05 194.568 FNTCACHE.DAT
19.05.2007 17:01 34.634 awvts.exe
16.05.2007 17:11 683.520 inetcomm.dll
11.05.2007 16:05 403.862 perfh009.dat
11.05.2007 16:05 63.464 perfc009.dat
11.05.2007 16:05 419.208 perfh007.dat
11.05.2007 16:05 76.394 perfc007.dat
11.05.2007 16:05 968.214 PerfStringBackup.INI
08.05.2007 10:59 3.583.488 mshtml.dll
25.04.2007 16:22 144.896 schannel.dll
25.04.2007 09:42 822.784 wininet.dll
25.04.2007 09:42 232.960 webcheck.dll
25.04.2007 09:42 1.152.000 urlmon.dll
25.04.2007 09:42 105.984 url.dll
25.04.2007 09:42 102.400 occache.dll
25.04.2007 09:42 670.720 mstime.dll
25.04.2007 09:42 193.024 msrating.dll
25.04.2007 09:42 477.696 mshtmled.dll
25.04.2007 09:41 52.224 msfeedsbs.dll
25.04.2007 09:41 459.264 msfeeds.dll
25.04.2007 09:41 1.824.768 inetcpl.cpl
25.04.2007 09:41 27.648 jsproxy.dll
25.04.2007 09:41 267.776 iertutil.dll
25.04.2007 09:41 44.544 iernonce.dll
25.04.2007 09:41 6.058.496 ieframe.dll
25.04.2007 09:41 384.512 iedkcs32.dll
25.04.2007 09:41 383.488 ieapfltr.dll
25.04.2007 09:41 132.608 extmgr.dll
25.04.2007 09:41 153.088 ieakeng.dll
25.04.2007 09:41 230.400 ieaksie.dll
25.04.2007 09:41 124.928 advpack.dll
24.04.2007 16:26 13.824 ieudinit.exe
24.04.2007 11:58 56.832 ie4uinit.exe
24.04.2007 11:32 1.485.696 LegitCheckControl.dll
24.04.2007 09:34 161.792 ieakui.dll
18.04.2007 18:13 2.854.400 msi.dll
17.04.2007 19:46 4.254 jupdate-1.6.0_01-b06.log
17.04.2007 11:32 2.455.488 ieapfltr.dat
16.04.2007 18:09 1.059.840 kernel32.dll
02.04.2007 14:21 428.032 swreg.exe
02.04.2007 07:58 546.304 hhctrl.ocx
17.03.2007 15:44 293.376 winsrv.dll
14.03.2007 02:04 69.632 javacpl.cpl
14.03.2007 02:04 139.264 javaws.exe
14.03.2007 00:31 135.168 javaw.exe
14.03.2007 00:31 135.168 java.exe
09.03.2007 13:51 270.336 xpsp3res.dll
08.03.2007 17:36 40.960 mf3216.dll
08.03.2007 17:36 579.072 user32.dll
08.03.2007 17:36 281.600 gdi32.dll
08.03.2007 17:32 1.843.712 win32k.sys
05.03.2007 13:34 676.224 OGACheckControl.DLL

C:\DOKUME~1\Username\LOKALE~1\Temp\
-----------------------------------------

13.06.2007 18:38 150.492 abkuerzungen.pdf
13.06.2007 18:29 170 jusched.log
13.06.2007 18:22 20.859 Turkish.bin
13.06.2007 18:22 20.608 Norwegian.bin
13.06.2007 18:22 24.446 Hungarian.bin
13.06.2007 18:22 18.436 Hebrew.bin
13.06.2007 18:22 21.562 Finnish.bin
13.06.2007 18:22 22.862 Czech.bin
13.06.2007 18:22 22.606 Polish.bin
13.06.2007 18:22 23.522 Portuguese(Brazil).bin
13.06.2007 18:22 19.506 Arabic.bin
13.06.2007 18:22 20.733 Thai.bin
13.06.2007 18:22 23.467 Greek.bin
13.06.2007 18:22 15.546 SimChin.bin
13.06.2007 18:22 21.773 English.bin
13.06.2007 18:22 24.654 Portuguese.bin
13.06.2007 18:22 22.684 SWEDISH.bin
13.06.2007 18:22 26.062 Spanish.bin
13.06.2007 18:22 24.638 Russian.bin
13.06.2007 18:22 25.824 Italian.bin
13.06.2007 18:22 24.274 German.bin
13.06.2007 18:22 25.665 French.bin
13.06.2007 18:22 16.913 TradChin.bin
13.06.2007 18:22 24.173 Dutch.bin
13.06.2007 18:22 22.856 Danish.bin
13.06.2007 18:22 18.977 Korean.bin
13.06.2007 18:22 22.913 Japanese.bin
13.06.2007 18:22 50.446 1ce_appcompat.txt

C:\WINDOWS\
--------------

13.06.2007 18:24 0 0.log
13.06.2007 18:24 2.048 bootstat.dat
13.06.2007 18:23 1.277.887 WindowsUpdate.log
13.06.2007 18:23 32.620 SchedLgU.Txt
13.06.2007 02:30 6.005 KB892130.log
13.06.2007 02:30 28.411 setupapi.log
13.06.2007 02:17 1.374 imsins.log
13.06.2007 02:17 9.436 tsoc.log
13.06.2007 02:17 8.205 comsetup.log
13.06.2007 02:17 4.970 ntdtcsetup.log
13.06.2007 02:17 1.368 ocmsn.log
13.06.2007 02:17 3.941 iis6.log
13.06.2007 02:17 19.744 KB929123.log
13.06.2007 02:17 11.664 ocgen.log
13.06.2007 02:17 1.212 msgsocm.log
13.06.2007 02:17 24.732 FaxSetup.log
13.06.2007 02:17 1.374 imsins.BAK
13.06.2007 02:17 19.071 KB935840.log
13.06.2007 02:17 21.807 KB935839.log
13.06.2007 02:16 24.120 KB933566-IE7.log
13.06.2007 02:16 0 setupact.log
13.06.2007 02:16 4.053 updspapi.log
12.06.2007 18:42 50 Lic.xxx
12.06.2007 18:40 171.270 ntbtlog.txt
12.06.2007 16:22 574 win.ini
05.06.2007 09:31 6.292 ModemLog_Bluetooth-Modem.txt
05.06.2007 05:24 87.552 catchme.exe
28.05.2007 15:03 918 APDFPRP.INI
11.04.2007 11:04 524.288 opuc.dll
20.02.2007 16:55 4.764 mozver.dat

C:\WINDOWS\temp\
-------------------

13.06.2007 18:24 409 WGANotify.settings
13.06.2007 18:24 255 WGAErrLog.txt

C:\WINDOWS\Downloaded Program Files
--------------------------------------

28.02.2007 20:24 361 OGAControl.inf
14.02.2007 20:19 65 desktop.ini

C:\
---

13.06.2007 19:26 0 sys.txt
13.06.2007 19:25 968 down.txt
13.06.2007 19:25 331 tmp.txt
13.06.2007 19:24 4.716 system.txt
13.06.2007 19:24 1.624 systemtemp.txt
13.06.2007 18:31 98.211 system32.txt
13.06.2007 18:24 1.342.177.280 pagefile.sys
14.02.2007 20:21 0 AUTOEXEC.BAT

Bin weiter für jede Hilfe dankbar!

Gruß,
Matthias

Muss ich mir Sorgen machen? - Mein HiJackThis/eSan Log

Log-Analyse und Auswertung: Muss ich mir Sorgen machen? - Mein HiJackThis/eSan Log