|
Windows Update Trojaner Hallo, ich habe auch den Trojaner auf dem PC. Bitte um Hilfe OTL logfile created on: 6/7/2012 3:30:01 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298.09 Gb Total Space | 286.11 Gb Free Space | 95.98% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 ========== Win32 Services (SafeList) ========== SRV - [2010/10/15 18:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2008/11/03 20:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007/01/09 12:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl) SRV - [2006/12/19 12:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2006/10/26 09:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2006/10/09 10:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX) DRV - [2006/10/04 04:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5) DRV - [2002/12/31 08:00:00 | 006,039,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2002/12/31 08:00:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2002/12/31 08:00:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2002/12/31 08:00:00 | 000,233,984 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\a320raid.sys -- (a320raid) DRV - [2002/12/31 08:00:00 | 000,197,120 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aarsi3x.sys -- (aarsi3x) DRV - [2002/12/31 08:00:00 | 000,173,568 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2) DRV - [2002/12/31 08:00:00 | 000,155,688 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx) DRV - [2002/12/31 08:00:00 | 000,101,120 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\m5287.sys -- (m5287) DRV - [2002/12/31 08:00:00 | 000,100,096 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\m5288.sys -- (m5288) DRV - [2002/12/31 08:00:00 | 000,097,920 | ---- | M] (Silicon Image, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r) DRV - [2002/12/31 08:00:00 | 000,089,088 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts) DRV - [2002/12/31 08:00:00 | 000,086,528 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi) DRV - [2002/12/31 08:00:00 | 000,081,920 | ---- | M] (AMCC) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\3wareDrv.sys -- (3wareDrv) DRV - [2002/12/31 08:00:00 | 000,077,440 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\fasttrak.sys -- (fasttrak) DRV - [2002/12/31 08:00:00 | 000,056,320 | ---- | M] () [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\3wDrv100.sys -- (3wDrv100) DRV - [2002/12/31 08:00:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2002/12/31 08:00:00 | 000,053,128 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aac.sys -- (aac) DRV - [2002/12/31 08:00:00 | 000,052,480 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\m5289.sys -- (m5289) DRV - [2002/12/31 08:00:00 | 000,052,115 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aacsas.sys -- (aacsas) DRV - [2002/12/31 08:00:00 | 000,048,128 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\SiSRaid.sys -- (SiSRaid) DRV - [2002/12/31 08:00:00 | 000,046,464 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\SiSRaid1.sys -- (SiSRaid1) DRV - [2002/12/31 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2002/12/31 08:00:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2002/12/31 08:00:00 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run) DRV - [2002/12/31 08:00:00 | 000,010,240 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2002/12/31 08:00:00 | 000,007,680 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dontgo.sys -- (dontgo) DRV - [2002/12/31 08:00:00 | 000,004,096 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Steffen_Joos_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\Steffen_Joos_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\Steffen_Joos_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 40 10 FA B4 35 CC 01 [binary data] IE - HKU\Steffen_Joos_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Steffen_Joos_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2002/12/31 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java Runtime) - {279384DD-3D1B-4086-8679-AA5EC7268BE1} - File not found O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.) O4 - HKLM..\Run: [FUFAXSTM] C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] File not found O4 - HKLM..\Run: [PMSpeed] C:\Programme\NewSoft\Presto! PageManager 9 for EP\PMSpeed.exe (NewSoft Technology Corporation) O4 - HKLM..\Run: [PtiuPbmd] C:\WINDOWS\System32\ulutil2.dll (Promise Technology,Inc.) O4 - HKLM..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation) O4 - HKU\Steffen_Joos_ON_C..\Run: [20EC63F0] C:\WINDOWS\system32\113DF85820EC63F05AE3.exe (Al Momento Non è Registrata) O4 - HKU\Steffen_Joos_ON_C..\Run: [EPSON BX305 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\Steffen_Joos_ON_C..\Run: [Scan Buttons] C:\Programme\NewSoft\Presto! PageManager 9 for EP\Pmsb.exe (NewSoft Technology Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Steffen_Joos_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Steffen_Joos_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\Steffen_Joos_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\Steffen_Joos_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\113DF85820EC63F05AE3.exe) - C:\WINDOWS\system32\113DF85820EC63F05AE3.exe (Al Momento Non è Registrata) O24 - Desktop Components:0 () - https://finanzportal.fiducia.de/g16pepe/resource/background-header?rzbk=0054&rzid=XC O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/02/04 07:16:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{a16e7b11-1e0b-11df-89a7-00199975202e}\Shell\AutoRun\command - "" = E:\startmenu.exe O33 - MountPoints2\{a16e7b11-1e0b-11df-89a7-00199975202e}\Shell\opensm\command - "" = E:\startmenu.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/06/07 09:59:45 | 000,000,000 | ---D | C] -- C:\tmp [2012/06/07 09:50:22 | 000,000,000 | ---D | C] -- C:\Quarantine [2012/06/07 06:46:53 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Steffen Joos\IETldCache [2012/06/07 04:27:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Steffen Joos\Anwendungsdaten\Nhfdwkgrsl [2012/06/07 04:27:21 | 000,037,888 | -H-- | C] (Al Momento Non è Registrata) -- C:\WINDOWS\System32\113DF85820EC63F05AE3.exe [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Dokumente und Einstellungen\Steffen Joos\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Steffen Joos\Eigene Dateien\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/07 06:46:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/06/07 06:46:12 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2012/06/07 06:46:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/07 04:27:21 | 000,037,888 | -H-- | M] (Al Momento Non è Registrata) -- C:\WINDOWS\System32\113DF85820EC63F05AE3.exe [2012/06/06 09:52:00 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323 [2012/06/06 09:51:42 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322 [2012/06/06 09:51:18 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321 [2012/06/06 09:50:48 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320 [2012/05/31 09:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll [2012/05/26 09:41:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/05/10 11:09:58 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/05/10 10:14:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/05/10 10:12:06 | 000,463,098 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012/05/10 10:12:06 | 000,444,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/05/10 10:12:06 | 000,085,970 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012/05/10 10:12:06 | 000,072,476 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Dokumente und Einstellungen\Steffen Joos\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Steffen Joos\Eigene Dateien\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/07 04:28:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325 [2012/06/07 04:28:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324 [2012/06/07 04:28:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323 [2012/06/07 04:28:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322 [2012/06/07 04:28:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321 [2012/06/07 04:28:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320 [2012/02/16 10:05:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010/11/03 05:49:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2010/02/25 11:22:51 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2010/02/25 11:22:51 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2010/02/25 11:22:51 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat [2010/02/25 11:22:37 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2010/02/25 11:22:37 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2010/02/25 11:22:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2010/02/25 11:22:09 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2010/02/25 11:20:48 | 000,027,114 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2010/02/25 10:39:34 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Steffen Joos\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010/02/20 06:52:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2010/02/20 06:20:44 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010/02/20 06:13:05 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2010/02/04 07:28:06 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010/02/04 07:19:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/02/04 07:13:57 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010/02/04 07:11:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/02/04 07:10:15 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2002/12/31 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/12/31 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002/12/31 08:00:00 | 000,463,098 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2002/12/31 08:00:00 | 000,444,600 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002/12/31 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002/12/31 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2002/12/31 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002/12/31 08:00:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\coin5288.dll [2002/12/31 08:00:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll [2002/12/31 08:00:00 | 000,085,970 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2002/12/31 08:00:00 | 000,072,476 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002/12/31 08:00:00 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\3wDrv100.sys [2002/12/31 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002/12/31 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2002/12/31 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002/12/31 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2002/12/31 08:00:00 | 000,004,559 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002/12/31 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2002/12/31 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002/12/31 08:00:00 | 000,000,228 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2002/03/04 05:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [1601/02/13 04:28:18 | 000,000,089 | ---- | C] () -- C:\Dokumente und Einstellungen\Steffen Joos\Lokale Einstellungen\Anwendungsdaten\OoLsGONpaGtqjT ========== LOP Check ========== [2012/06/07 06:46:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffen Joos\Anwendungsdaten\.oit [2011/01/15 13:21:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffen Joos\Anwendungsdaten\Epson [2011/04/11 09:58:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffen Joos\Anwendungsdaten\JavaRun [2012/06/07 04:27:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffen Joos\Anwendungsdaten\Nhfdwkgrsl [2010/11/02 12:04:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffen Joos\Anwendungsdaten\PC-FAX TX [2010/02/25 10:42:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffen Joos\Anwendungsdaten\T-Online [2011/05/17 09:59:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2010/02/25 11:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2010/02/25 10:42:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2012/06/07 04:32:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL [2012/06/07 04:32:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2011/05/12 12:23:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} ========== Purity Check ========== < End of report > |
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung? Abgesicherter Modus zur Bereinigung
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:44 Uhr. |
Copyright ©2000-2025, Trojaner-Board
