|
Adware.Iefeats befallen Hallo zusammen, jetzt habe ich mir auch Trojaner eingefangen und mit meinem Latein am Ende. Nach mehreren S&D-Durchläufen bleiben lt. Symantec noch 17 befallenen Dateien übrig. Hier mal mein Logfile: Logfile of HijackThis v1.99.1 Scan saved at 17:00:22, on 29.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\pctspk.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\per.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\iISystem Wiper\SystemWiper.exe C:\Programme\ScannerU\AM32.exe C:\Programme\Bluetooth Software\BTTray.exe C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Programme\1&1 Internet\Profi-Dialer\ProfiDialer.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\fxssvc.exe C:\Programme\Bluetooth Software\bin\btwdins.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Computer und Hilfe\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Class - {4F5FD300-8951-6232-0D6D-80B285FE1802} - C:\WINDOWS\system32\d3ez.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOKUME~1\xxx\EIGENE~1\COMPUT~1\SPYBOT~1\s&d\SDHelper.dll O2 - BHO: (no name) - {D6D61CAE-CB82-9B91-F7B6-9E1F3F604EE2} - (no file) O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [InstantAccess] C:\Programme\ScannerU\TBRIDGE\BIN\InstantAccess.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\Programme\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\per.exe internat.dll,LoadKeyboardProfile O4 - HKLM\..\Run: [ntdu32.exe] C:\WINDOWS\system32\ntdu32.exe O4 - HKLM\..\Run: [1E.tmp] C:\DOKUME~1\xxx\LOKALE~1\Temp\1E.tmp.exe O4 - HKLM\..\Run: [1F.tmp] C:\DOKUME~1\xxx\LOKALE~1\Temp\1F.tmp.exe O4 - HKLM\..\Run: [6.tmp] C:\DOKUME~1\xxx\LOKALE~1\Temp\6.tmp.exe O4 - HKLM\..\Run: [7.tmp] C:\DOKUME~1\xxx\LOKALE~1\Temp\7.tmp.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Programme\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE O4 - HKLM\..\RunOnce: [netni.exe] C:\WINDOWS\system32\netni.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iIWiper] C:\Programme\iISystem Wiper\SystemWiper.exe m O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Computer und Hilfe\Spybot - Search & Destroy\s&d\TeaTimer.exe O4 - Global Startup: Action Manager 32.lnk = C:\Programme\ScannerU\AM32.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all02.kundenserver.de/app/static/activex/msxml4.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3FFC3D4F-935A-468D-9080-4313602FC387}: NameServer = 217.237.150.141 217.237.150.97 O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\Bluetooth Software\bin\btwdins.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Vielen Dank schon mal und Gruß Robert Nerud |
Hallo, Überprüfe zunächst die folgenden Dateien online auf http://virusscan.jotti.org/de und poste das Ergebnis. Ein kurze Beschreibung dazu findest du hier (das Ganze natürlich mit deinen Dateien ;)). Zitat:
|
Hi, Ergebnis per.exe: Sandbox: W32/Downloader; [ General information ] * File might be compressed. * Creating several executable files on hard-drive. * File length: 8561 bytes. [ Changes to filesystem ] * Creates file sdfff. * Creates file C:\WINDOWS\SYSTEM32\tt.exe. * Creates file fdsf. * Creates file C:\WINDOWS\SYSTEM32\t.exe. * Creates file zxczxc. * Creates file C:\WINDOWS\SYSTEM32\ttt.exe. * Creates file cdegfr. * Creates file C:\WINDOWS\SYSTEM32\tttt.exe. * Creates file wdcevf. * Creates file C:\WINDOWS\SYSTEM32\ttttt.exe. * Creates file C:\WINDOWS\SYSTEM32\tttttt.exe. [ Changes to registry ] * Creates key "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System". * Sets value "DisableTaskMgr"="1" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System". [ Network services ] * Opens URL: http://www.perlink.biz/09/1001.exe. * Opens URL: http://www.beehappyy.biz/software/softto.exe. * Opens URL: http://195.225.177.38/newtnt/inst77035.exe. * Opens URL: http://195.225.177.38/mind/haaa.exe. * Opens URL: http://195.225.177.38/mind/sswqa.exe. * Opens URL: http://195.225.177.38/mind/002211.exe. [ Security issues ] * Starting downloaded file - potential security problem. gefunden die anderen genannten finde ich leider nicht. Hab aber noch folgendes in dedr windows/system32 gefunden: sdkjj32.exe Status: INFIZIERT/MALWARE (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.) Entdeckte Packprogramme: PE_PATCH.SUE, PE-CRYPT.SUE, UPX AntiVir Trojan/Agent.abs.2 gefunden ArcaVir Trojan.Agent.Bi gefunden Avast Keine Viren gefunden AVG Antivirus Keine Viren gefunden BitDefender Keine Viren gefunden ClamAV Keine Viren gefunden Dr.Web BackDoor.Netag gefunden F-Prot Antivirus Keine Viren gefunden Fortinet Keine Viren gefunden Kaspersky Anti-Virus Trojan.Win32.Agent.bi gefunden NOD32 Win32/TrojanDownloader.Agent.BQ gefunden Norman Virus Control Keine Viren gefunden UNA Keine Viren gefunden VBA32 Keine Viren gefunden Danke und Gruß Robert |
Poste ein Silent-Runners-Logfile. Lade dir die Datei datFind.bat herunter und poste die 4 Logs (1 Monat sollte genügen). |
Also: SilentRunners: "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "iIWiper" = "C:\Programme\iISystem Wiper\SystemWiper.exe m" ["iISoftware"] "ProfiDialer" = (empty string) "SpybotSD TeaTimer" = "C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Computer und Hilfe\Spybot - Search & Destroy\s&d\TeaTimer.exe" ["Safer Networking Limited"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "InstantAccess" = "C:\Programme\ScannerU\TBRIDGE\BIN\InstantAccess.EXE /h" [null data] "RegisterDropHandler" = "C:\Programme\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE" [empty string] "PCTVOICE" = "pctspk.exe" [empty string] "AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"] "Adobe Photo Downloader" = ""C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"] "ControlPanel" = "C:\WINDOWS\system32\per.exe internat.dll,LoadKeyboardProfile" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {4F5FD300-8951-6232-0D6D-80B285FE1802}\(Default) = "Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\d3ez.dll" [null data] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\DOKUME~1\xxx\EIGENE~1\COMPUT~1\SPYBOT~1\s&d\SDHelper.dll" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Startup items in "xxx" & "All Users" startup folders: -------------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Action Manager 32" -> shortcut to: "C:\Programme\ScannerU\AM32.exe" [null data] "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "BTTray" -> shortcut to: "C:\Programme\Bluetooth Software\BTTray.exe" ["Broadcom Corporation"] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 22 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {CCA281CA-C863-46EF-9331-5C8D4460577F}\ "ButtonText" = "@btrez.dll,-4015" "MenuText" = "@btrez.dll,-4017" "Script" = "C:\Programme\Bluetooth Software\btsendto_ie.htm" [null data] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ INFECTION WARNING! The running services cannot be counted. Presence of a spyware service is suspected. The script has been forced to exit. ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 67 seconds, including 14 seconds for message boxes) DANN datfind: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 7460-779C Verzeichnis von C:\DOKUME~1\xxx\LOKALE~1\Temp 29.12.2005 16:22 340 TMP25D.bat 1 Datei(en) 340 Bytes 0 Verzeichnis(se), 11.294.949.376 Bytes frei mehr ist leider nicht... |
doch klar, datfind die 2.: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 7460-779C Verzeichnis von C:\WINDOWS 29.12.2005 19:18 3.938 ModemLog_Bluetooth-Modem.txt 29.12.2005 19:18 4.706 ModemLog_HSP56 MR.txt 29.12.2005 13:56 72.562 setupapi.log 29.12.2005 10:27 23.060 stub22.ini 29.12.2005 10:27 23.219 stub21.ini 29.12.2005 10:16 133.791 sysku32.dll 29.12.2005 10:14 23.685 stub20.ini 29.12.2005 10:14 0 0.log 29.12.2005 10:14 1.920.347 WindowsUpdate.log 29.12.2005 09:09 22.835 stub19.ini 29.12.2005 09:09 22.118 stub18.ini 29.12.2005 09:01 23.395 stub17.ini 29.12.2005 09:01 23.622 stub16.ini 29.12.2005 04:40 24.565 stub27.ini 29.12.2005 04:39 23.818 stub26.ini 29.12.2005 04:35 23.904 stub25.ini 29.12.2005 04:33 23.580 stub24.ini 29.12.2005 04:33 24.085 stub23.ini 29.12.2005 03:17 23.264 stub15.ini 29.12.2005 03:03 23.847 stub14.ini 29.12.2005 03:02 23.745 stub13.ini 29.12.2005 03:02 23.567 stub12.ini 29.12.2005 02:56 23.501 stub11.ini 29.12.2005 02:04 23.416 stub10.ini 29.12.2005 02:04 23.496 stub9.ini 29.12.2005 01:50 23.318 stub8.ini 29.12.2005 01:47 26.290 SchedLgU.Txt 29.12.2005 01:45 23.344 stub7.ini 29.12.2005 01:33 23.500 stub5.ini 29.12.2005 01:33 23.246 stub4.ini 29.12.2005 01:23 23.166 stub3.ini 29.12.2005 01:22 22.711 stub2.ini 29.12.2005 01:20 22.854 stub1.ini 26.12.2005 22:31 1.199 logs1.ini 25.12.2005 08:03 50 wiaservc.log 24.12.2005 07:23 25.642 KB891781.log 24.12.2005 03:35 197.761 szjom.txt 23.12.2005 17:48 34.818 wmprfDEU.prx 23.12.2005 17:48 159 wiadebug.log 23.12.2005 13:01 560 eReg.dat 23.12.2005 03:22 65.954 Pr„riewind.bmp 23.12.2005 03:22 4.161 ODBCINST.INI 22.12.2005 18:11 11.152 wmsetup.log 22.12.2005 18:11 13.391 msgsocm.log 22.12.2005 00:10 23.619 stub6.ini 20.12.2005 13:54 318 wmsetup10.log 20.12.2005 13:51 316.640 WMSysPr9.prx 15.12.2005 20:20 38.010 iis6.log 15.12.2005 20:20 57.967 ntdtcsetup.log 15.12.2005 20:20 95.291 comsetup.log 15.12.2005 20:20 1.393 imsins.log 15.12.2005 20:20 14.625 ocmsn.log 15.12.2005 20:20 103.519 tsoc.log 15.12.2005 20:20 9.443 KB910437.log 15.12.2005 20:20 145.521 ocgen.log 15.12.2005 20:20 272.143 FaxSetup.log 15.12.2005 20:20 16.028 updspapi.log 15.12.2005 20:20 16.589 KB905915.log 12.12.2005 03:31 17.336 Angler.bmp 09.12.2005 20:21 3.066 dasetup.log 06.12.2005 21:50 2.048 bootstat.dat 06.12.2005 21:29 7.035 KB893803v2.log 06.12.2005 21:29 25.600 KB888113.log 06.12.2005 21:29 28.421 KB896422.log 02.12.2005 18:09 0 logs2.ini 19.11.2005 16:24 1.026.580 setupapi.log.0.old 15.11.2005 18:27 748 ODBC.INI 15.11.2005 18:25 573 win.ini 10.11.2005 21:38 12.362 KB896424.log |
Zitat:
Zu finden unter: C:\system32.txt C:\systemtemp.txt C:\system.txt C:\sys.txt |
sorry, bin kenne mich nicht so gut aus, hier sind 1-4, jeweils nur bis Okt/05 DER ERSTE: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 7460-779C Verzeichnis von C:\WINDOWS\system32 29.12.2005 10:27 23.060 stub22.ini 29.12.2005 10:27 23.219 stub21.ini 29.12.2005 10:15 24.420 stub39.ini 29.12.2005 10:14 23.685 stub20.ini 29.12.2005 10:14 24.711 stub38.ini 29.12.2005 10:14 17.145 nvapps.xml 29.12.2005 09:09 22.835 stub19.ini 29.12.2005 09:09 22.118 stub18.ini 29.12.2005 09:01 23.395 stub17.ini 29.12.2005 09:01 23.622 stub16.ini 29.12.2005 08:11 24.442 stub37.ini 29.12.2005 08:07 22.854 stub1.ini 29.12.2005 08:02 24.735 stub36.ini 29.12.2005 08:00 24.305 stub35.ini 29.12.2005 07:57 24.912 stub34.ini 29.12.2005 07:55 24.391 stub33.ini 29.12.2005 07:52 24.500 stub32.ini 29.12.2005 07:37 24.410 stub31.ini 29.12.2005 07:37 24.809 stub30.ini 29.12.2005 07:36 24.364 stub29.ini 29.12.2005 07:27 24.101 stub28.ini 29.12.2005 04:40 24.565 stub27.ini 29.12.2005 04:39 23.818 stub26.ini 29.12.2005 04:35 23.904 stub25.ini 29.12.2005 04:33 23.580 stub24.ini 29.12.2005 04:33 24.085 stub23.ini 29.12.2005 03:17 23.264 stub15.ini 29.12.2005 03:03 23.847 stub14.ini 29.12.2005 03:02 23.745 stub13.ini 29.12.2005 03:02 23.567 stub12.ini 29.12.2005 02:56 23.501 stub11.ini 29.12.2005 02:04 23.416 stub10.ini 29.12.2005 02:04 23.496 stub9.ini 29.12.2005 01:50 23.318 stub8.ini 29.12.2005 01:45 23.344 stub7.ini 29.12.2005 01:36 23.619 stub6.ini 29.12.2005 01:33 23.500 stub5.ini 29.12.2005 01:33 23.246 stub4.ini 29.12.2005 01:23 23.166 stub3.ini 29.12.2005 01:22 22.711 stub2.ini 28.12.2005 19:30 133.791 d3ez.dll 28.12.2005 19:29 8.561 per.exe 26.12.2005 07:53 1.199 logs1.ini 25.12.2005 20:08 11.895 systr32.exe 25.12.2005 14:02 13.646 wpa.dbl 24.12.2005 23:36 11.895 sdkjj32.exe 20.12.2005 13:53 16.832 amcompat.tlb 20.12.2005 13:53 23.392 nscompat.tlb 18.12.2005 16:38 11.895 ipxk.exe 16.12.2005 16:29 11.895 msoj32.exe 14.12.2005 08:25 197.761 ptnyj.log 10.12.2005 23:07 11.895 winrl32.exe 09.12.2005 01:21 2.723.680 MRT.exe 06.12.2005 08:43 197.761 drtod.txt 02.12.2005 23:55 0 logs2.ini 01.12.2005 04:31 1.492.480 shdocvw.dll 24.11.2005 00:58 3.013.632 mshtml.dll 24.11.2005 00:58 1.022.464 browseui.dll 15.11.2005 21:25 124.520 FNTCACHE.DAT 05.11.2005 04:16 606.208 urlmon.dll 05.11.2005 04:16 1.056.256 danim.dll 30.10.2005 13:40 40.664 perfc009.dat 30.10.2005 13:40 312.946 perfh009.dat 30.10.2005 13:40 318.106 perfh007.dat 30.10.2005 13:40 49.028 perfc007.dat 30.10.2005 13:40 728.442 PerfStringBackup.INI DER ZWEITE Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 7460-779C Verzeichnis von C:\DOKUME~1\Robert\LOKALE~1\Temp 29.12.2005 16:22 340 TMP25D.bat 1 Datei(en) 340 Bytes 0 Verzeichnis(se), 11.295.326.208 Bytes frei DER DRITTE Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 7460-779C Verzeichnis von C:\WINDOWS 29.12.2005 19:18 3.938 ModemLog_Bluetooth-Modem.txt 29.12.2005 19:18 4.706 ModemLog_HSP56 MR.txt 29.12.2005 13:56 72.562 setupapi.log 29.12.2005 10:27 23.060 stub22.ini 29.12.2005 10:27 23.219 stub21.ini 29.12.2005 10:16 133.791 sysku32.dll 29.12.2005 10:14 23.685 stub20.ini 29.12.2005 10:14 0 0.log 29.12.2005 10:14 1.920.347 WindowsUpdate.log 29.12.2005 09:09 22.835 stub19.ini 29.12.2005 09:09 22.118 stub18.ini 29.12.2005 09:01 23.395 stub17.ini 29.12.2005 09:01 23.622 stub16.ini 29.12.2005 04:40 24.565 stub27.ini 29.12.2005 04:39 23.818 stub26.ini 29.12.2005 04:35 23.904 stub25.ini 29.12.2005 04:33 23.580 stub24.ini 29.12.2005 04:33 24.085 stub23.ini 29.12.2005 03:17 23.264 stub15.ini 29.12.2005 03:03 23.847 stub14.ini 29.12.2005 03:02 23.745 stub13.ini 29.12.2005 03:02 23.567 stub12.ini 29.12.2005 02:56 23.501 stub11.ini 29.12.2005 02:04 23.416 stub10.ini 29.12.2005 02:04 23.496 stub9.ini 29.12.2005 01:50 23.318 stub8.ini 29.12.2005 01:47 26.290 SchedLgU.Txt 29.12.2005 01:45 23.344 stub7.ini 29.12.2005 01:33 23.500 stub5.ini 29.12.2005 01:33 23.246 stub4.ini 29.12.2005 01:23 23.166 stub3.ini 29.12.2005 01:22 22.711 stub2.ini 29.12.2005 01:20 22.854 stub1.ini 26.12.2005 22:31 1.199 logs1.ini 25.12.2005 08:03 50 wiaservc.log 24.12.2005 07:23 25.642 KB891781.log 24.12.2005 03:35 197.761 szjom.txt 23.12.2005 17:48 34.818 wmprfDEU.prx 23.12.2005 17:48 159 wiadebug.log 23.12.2005 13:01 560 eReg.dat 23.12.2005 03:22 65.954 Pr„riewind.bmp 23.12.2005 03:22 4.161 ODBCINST.INI 22.12.2005 18:11 11.152 wmsetup.log 22.12.2005 18:11 13.391 msgsocm.log 22.12.2005 00:10 23.619 stub6.ini 20.12.2005 13:54 318 wmsetup10.log 20.12.2005 13:51 316.640 WMSysPr9.prx 15.12.2005 20:20 38.010 iis6.log 15.12.2005 20:20 57.967 ntdtcsetup.log 15.12.2005 20:20 95.291 comsetup.log 15.12.2005 20:20 1.393 imsins.log 15.12.2005 20:20 14.625 ocmsn.log 15.12.2005 20:20 103.519 tsoc.log 15.12.2005 20:20 9.443 KB910437.log 15.12.2005 20:20 145.521 ocgen.log 15.12.2005 20:20 272.143 FaxSetup.log 15.12.2005 20:20 16.028 updspapi.log 15.12.2005 20:20 16.589 KB905915.log 12.12.2005 03:31 17.336 Angler.bmp 09.12.2005 20:21 3.066 dasetup.log 06.12.2005 21:50 2.048 bootstat.dat 06.12.2005 21:29 7.035 KB893803v2.log 06.12.2005 21:29 25.600 KB888113.log 06.12.2005 21:29 28.421 KB896422.log 02.12.2005 18:09 0 logs2.ini 19.11.2005 16:24 1.026.580 setupapi.log.0.old 15.11.2005 18:27 748 ODBC.INI 15.11.2005 18:25 573 win.ini DER VIERTE Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 7460-779C Verzeichnis von C:\ 29.12.2005 19:53 0 sys.txt 29.12.2005 19:52 7.945 system.txt 29.12.2005 19:52 292 systemtemp.txt 29.12.2005 19:52 101.917 system32.txt 29.12.2005 10:13 536.399.872 hiberfil.sys 29.12.2005 10:13 805.306.368 pagefile.sys 28.12.2005 19:29 8.561 boot.inx 21.12.2005 16:15 13.030 PDOXUSRS.NET 26.10.2005 11:33 4.722 ffastun.ffa 26.10.2005 11:33 102.400 ffastun.ffo 26.10.2005 11:33 180.224 ffastun.ffl 26.10.2005 11:33 716.800 ffastun0.ffx 25.10.2005 12:54 0 MSDOS.SYS 25.10.2005 12:54 0 IO.SYS 25.10.2005 12:54 0 CONFIG.SYS 25.10.2005 12:54 0 AUTOEXEC.BAT 25.10.2005 12:43 211 boot.ini 04.08.2004 13:00 4.952 bootfont.bin 04.08.2004 13:00 47.564 NTDETECT.COM 04.08.2004 13:00 251.184 ntldr 20 Datei(en) 1.343.146.042 Bytes 0 Verzeichnis(se), 11.295.326.208 Bytes frei |
Kurz und schmerzlos: Ich würde das System neu aufsetzen →http://www.trojaner-board.de/showpos...28&postcount=2 Grund: Zitat:
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 09:31 Uhr. |
Copyright ©2000-2025, Trojaner-Board