Vundo.Gen und ConHook.Gen Problem
Hallo miteinander,
auch mich hat es leider erwischt und ich brauche eure Hilfe um das Problem zu beheben. Der Anleitung von "nochdigger" bin ich bereits gefolgt.
Hier die Ergebnisse...
Hijackthis sagt folgendes Code:
Logfile of HijackThis v1.99.1
Scan saved at 15:06:56, on 07.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\dllhost.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programme\SPYWAREfighter\spfprc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Dokumente und Einstellungen\Andi\Eigene Dateien\H7.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bluetooth/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E2DD785C79472F3CC7 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: {8a061900-50a3-2b6a-9514-97c9198ccc47} - {74ccc891-9c79-4159-a6b2-3a05009160a8} - C:\WINDOWS\system32\jytokicn.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8BF3DB0D-9AF9-427E-996A-28518BB5EBC8} - C:\WINDOWS\system32\mllmj.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CCC473F1-37DB-4F84-BB5D-35EF30F9A042} - C:\WINDOWS\system32\jgaw400d.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [99f95fb0] rundll32.exe "C:\WINDOWS\system32\eqofnfka.dll",sitypnow
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programme\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programme\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?a0bb676c4b9b46209080c5ab7cb23b90
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?a0bb676c4b9b46209080c5ab7cb23b90
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programme\SPYWAREfighter\spfprc.exe
Filelist brachte folgende Ergebnisse Code:
Verzeichnis von C:\
07.10.2007 14:55 194.120 ComboFix.txt
07.10.2007 14:55 415.087 ComboFix-quarantined-files.txt
07.10.2007 14:51 937.603.072 hiberfil.sys
07.10.2007 14:51 1.409.286.144 pagefile.sys
07.10.2007 14:49 244 sqmnoopt00.sqm
07.10.2007 14:49 268 sqmdata00.sqm
07.10.2007 14:20 988 VundoFix.txt
07.10.2007 13:47 244 sqmnoopt19.sqm
07.10.2007 13:47 268 sqmdata19.sqm
07.10.2007 13:29 244 sqmnoopt18.sqm
07.10.2007 13:29 268 sqmdata18.sqm
07.10.2007 12:41 268 sqmdata17.sqm
07.10.2007 12:41 244 sqmnoopt17.sqm
07.10.2007 02:41 268 sqmdata16.sqm
07.10.2007 02:41 244 sqmnoopt16.sqm
06.10.2007 00:39 268 sqmdata15.sqm
06.10.2007 00:39 244 sqmnoopt15.sqm
06.10.2007 00:05 244 sqmnoopt14.sqm
06.10.2007 00:05 268 sqmdata14.sqm
04.10.2007 22:26 268 sqmdata13.sqm
04.10.2007 22:26 244 sqmnoopt13.sqm
30.09.2007 22:51 244 sqmnoopt12.sqm
30.09.2007 22:51 268 sqmdata12.sqm
30.09.2007 18:18 244 sqmnoopt11.sqm
30.09.2007 18:18 268 sqmdata11.sqm
30.09.2007 01:33 244 sqmnoopt10.sqm
30.09.2007 01:33 268 sqmdata10.sqm
29.09.2007 00:40 268 sqmdata09.sqm
29.09.2007 00:40 244 sqmnoopt09.sqm
25.09.2007 20:01 244 sqmnoopt08.sqm
25.09.2007 20:01 268 sqmdata08.sqm
25.09.2007 19:59 268 sqmdata07.sqm
25.09.2007 19:59 244 sqmnoopt07.sqm
21.09.2007 21:50 244 sqmnoopt06.sqm
21.09.2007 21:50 268 sqmdata06.sqm
18.09.2007 22:36 244 sqmnoopt05.sqm
18.09.2007 22:36 268 sqmdata05.sqm
17.09.2007 21:58 268 sqmdata04.sqm
17.09.2007 21:58 244 sqmnoopt04.sqm
16.09.2007 17:19 244 sqmnoopt03.sqm
16.09.2007 17:19 268 sqmdata03.sqm
15.09.2007 14:39 244 sqmnoopt02.sqm
15.09.2007 14:39 268 sqmdata02.sqm
15.07.2007 14:17 268 sqmdata01.sqm
15.07.2007 14:17 244 sqmnoopt01.sqm
Verzeichnis von C:\WINDOWS\system32
07.10.2007 14:52 1.158 wpa.dbl
06.10.2007 00:38 693.781 akfnfoqe.ini
06.10.2007 00:37 16.832 amcompat.tlb
06.10.2007 00:37 23.392 nscompat.tlb
05.10.2007 23:36 693.661 mwbefrlk.ini
05.10.2007 21:41 693.592 pacaprri.ini
05.10.2007 10:07 279.552 swreg.exe
06.09.2007 04:50 17.474.680 MRT.exe
Verzeichnis von C:\WINDOWS\Prefetch
07.10.2007 14:59 21.328 VERCLSID.EXE-28F52AD2.pf
07.10.2007 14:57 64.084 WLLOGINPROXY.EXE-037D8997.pf
07.10.2007 14:57 116.874 IEXPLORE.EXE-360BBB5C.pf
07.10.2007 14:56 9.910 NIRCMD.EXE-3789D3CC.pf
07.10.2007 14:56 17.740 REGEDIT.EXE-2AE3423E.pf
07.10.2007 14:55 46.664 NOTEPAD.EXE-2F2D61E1.pf
07.10.2007 14:55 48.952 CATCHME.CFEXE-20352551.pf
07.10.2007 14:55 23.904 CMD.EXE-034B0549.pf
07.10.2007 14:55 13.764 FINDSTR.EXE-1A4FC238.pf
07.10.2007 14:55 10.274 NIRCMD.CFEXE-00BC64DF.pf
07.10.2007 14:55 13.836 SORT.EXE-19728AC5.pf
07.10.2007 14:55 9.992 SED.CFEXE-019B7AC0.pf
07.10.2007 14:55 8.196 TREE.COM-0AC249C3.pf
07.10.2007 14:55 42.638 DUMPHIVE.CFEXE-04BE9822.pf
07.10.2007 14:54 44.026 ERUNT.CFEXE-03BA0C46.pf
07.10.2007 14:54 4.142 GREP.CFEXE-25FF7687.pf
07.10.2007 14:54 43.106 CSCRIPT.EXE-0A13A05C.pf
07.10.2007 14:54 12.920 SWREG.CFEXE-19E71DFD.pf
07.10.2007 14:54 94.394 CLI.EXE-124F2D43.pf
07.10.2007 14:54 9.360 SCNODVIS.EXE-3A8F9D10.pf
07.10.2007 14:53 15.588 NMINDEXINGSERVICE.EXE-28305D0E.pf
07.10.2007 14:53 46.976 NMBGMONITOR.EXE-02E00695.pf
07.10.2007 14:53 11.744 FIND.EXE-0EEAD1A7.pf
07.10.2007 14:53 87.742 WUAUCLT.EXE-1360D60A.pf
07.10.2007 14:53 40.038 SPFPRC.EXE-13BB0C84.pf
07.10.2007 14:53 11.578 FINDSTR.EXE-02049345.pf
07.10.2007 14:53 55.938 IMAPI.EXE-201490BB.pf
07.10.2007 14:53 31.712 WMIPRVSE.EXE-0D449B4F.pf
07.10.2007 14:53 31.362 CTFMON.EXE-05E57A5E.pf
07.10.2007 14:53 38.204 DLLHOST.EXE-474D72E6.pf
07.10.2007 14:53 26.728 ICQLITE.EXE-01822910.pf
07.10.2007 14:53 13.790 REGSVR32.EXE-396DEA2C.pf
07.10.2007 14:53 18.872 SPFTRAY.EXE-1D1376E2.pf
07.10.2007 14:53 10.234 WINAMPA.EXE-36B14974.pf
07.10.2007 14:53 20.586 ERAGENT.EXE-0C495853.pf
07.10.2007 14:53 7.752 CLISTART.EXE-363DAE93.pf
07.10.2007 14:53 13.020 RUNDLL32.EXE-647C3BA5.pf
07.10.2007 14:53 2.930 VFIND.CFEXE-25A8AB4B.pf
07.10.2007 14:53 20.086 LMANAGER.EXE-2E01CB1F.pf
07.10.2007 14:53 8.392 NEROCHECK.EXE-0711BC9F.pf
07.10.2007 14:53 1.056.740 NTOSBOOT-B00DFAAD.pf
07.10.2007 14:49 106.392 LOGONUI.EXE-312BE1BF.pf
07.10.2007 14:49 60.146 REGT.CFEXE-30684912.pf
07.10.2007 14:49 7.680 NTRIGHTS.CFEXE-11A02267.pf
07.10.2007 14:47 11.564 ATTRIB.EXE-15ACDFFE.pf
07.10.2007 14:47 29.484 TASKMGR.EXE-06144C13.pf
07.10.2007 14:31 19.294 SWSC.CFEXE-0736E034.pf
07.10.2007 14:31 12.004 HANDLE.CFEXE-060063D0.pf
07.10.2007 14:30 2.792 VFIND.EXE-38C577AD.pf
07.10.2007 14:30 5.532 MTEE.CFEXE-283D2AF9.pf
07.10.2007 14:28 29.342 SETPATH.CFEXE-14595AEE.pf
07.10.2007 14:28 36.302 GUARDGUI.EXE-1EC82CEA.pf
07.10.2007 14:27 6.560 CHCP.COM-17EDBDC9.pf
07.10.2007 14:27 9.730 SWREG.EXE-26F9D764.pf
07.10.2007 14:27 53.582 COMBOFIX.EXE-202D352F.pf
07.10.2007 14:27 14.708 NIRCMD.EXE-2306D810.pf
07.10.2007 14:23 80.470 ACER.EMPOWERING.FRAMEWORK.LAU-0089481F.pf
07.10.2007 14:23 17.690 UNSECAPP.EXE-16EB9856.pf
07.10.2007 14:23 39.552 NMINDEXSTORESVR.EXE-28939A55.pf
07.10.2007 14:23 39.300 READER_SL.EXE-2A604B5A.pf
07.10.2007 14:20 9.258 VUNDOFIXSVC.EXE-29341334.pf
07.10.2007 14:20 11.912 SHUTDOWN.EXE-00AD91B0.pf
07.10.2007 14:19 24.834 VUNDOFIX.EXE-061D991C.pf
07.10.2007 14:11 26.222 VUNDOFIX[1].EXE-0698301E.pf
07.10.2007 14:10 38.482 H7.EXE-36234BBF.pf
07.10.2007 13:57 18.324 RUNDLL32.EXE-6E8D4657.pf
07.10.2007 13:57 20.914 WMIAPSRV.EXE-02740A4B.pf
07.10.2007 13:57 15.996 ALG.EXE-275708CF.pf
07.10.2007 13:46 31.868 RUNDLL32.EXE-4532DDE6.pf
07.10.2007 13:43 79.722 AVSCAN.EXE-1702C14B.pf
07.10.2007 13:41 58.082 AVCENTER.EXE-12E38D18.pf
07.10.2007 13:38 50.410 MSIEXEC.EXE-330626DC.pf
07.10.2007 13:38 40.742 SETUPXV[1].EXE-2DFC4CDF.pf
07.10.2007 13:17 76.124 WPGLDFSH.SCR-1D645552.pf
07.10.2007 13:07 51.592 RUNDLL32.EXE-514D72C0.pf
07.10.2007 12:21 54.628 SPYWAREFIGHTER.EXE-05F95A74.pf
07.10.2007 02:43 12.324 SPUPDSVC.EXE-07BA1E73.pf
07.10.2007 02:43 28.310 UPDATE.EXE-35A0FDE8.pf
07.10.2007 02:42 30.518 UPDATE.EXE-33C870DA.pf
07.10.2007 02:42 35.706 UNREGMP2.EXE-0CFB0619.pf
07.10.2007 02:42 37.126 UPDATE.EXE-2AB04303.pf
06.10.2007 23:06 382.676 Layout.ini
06.10.2007 21:24 60.726 HELPSVC.EXE-1C192440.pf
06.10.2007 20:00 28.236 HBTV.EXE-0D707610.pf
06.10.2007 19:18 92.580 UPDATE.EXE-16715754.pf
06.10.2007 19:18 17.800 PREUPD.EXE-0B43CCF7.pf
06.10.2007 19:12 25.064 HBTSRV.EXE-160963DA.pf
06.10.2007 18:31 60.624 DWWIN.EXE-2C373FB7.pf
06.10.2007 18:27 71.094 MSNMSGR.EXE-0B0F9290.pf
06.10.2007 00:40 59.510 AVGNT.EXE-34DB0DF2.pf
05.10.2007 22:38 80.182 WINAMP.EXE-065B55C4.pf
05.10.2007 19:18 103.132 MAGIXVIEWER.EXE-27BB967C.pf
05.10.2007 18:23 60.210 DEFRAG.EXE-2858C7E2.pf
94 Datei(en) 4.639.944 Bytes
0 Verzeichnis(se), 34.676.932.608 Bytes frei
Verzeichnis von C:\WINDOWS
07.10.2007 14:52 6.098 ModemLog_Bluetooth Fax Modem.txt
07.10.2007 14:52 6.104 ModemLog_Bluetooth DUN Modem.txt
07.10.2007 14:52 4.162 ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
07.10.2007 14:52 159 wiadebug.log
07.10.2007 14:51 0 0.log
07.10.2007 14:51 2.048 bootstat.dat
07.10.2007 14:50 1.485.633 WindowsUpdate.log
07.10.2007 14:50 32.622 SchedLgU.Txt
07.10.2007 14:50 50 wiaservc.log
07.10.2007 12:19 58.187 spupdsvc.log
07.10.2007 02:43 42.609 ocmsn.log
07.10.2007 02:43 1.374 imsins.log
07.10.2007 02:43 43.750 ehOCGen.log
07.10.2007 02:43 17.374 KB929399.log
07.10.2007 02:43 39.547 tabletoc.log
07.10.2007 02:43 867.066 iis6.log
07.10.2007 02:43 105.443 MedCtrOC.log
07.10.2007 02:43 359.011 tsoc.log
07.10.2007 02:43 159.592 ntdtcsetup.log
07.10.2007 02:43 265.533 comsetup.log
07.10.2007 02:43 790.172 FaxSetup.log
07.10.2007 02:43 373.400 ocgen.log
07.10.2007 02:43 88.785 plusoc.log
07.10.2007 02:43 149.041 netfxocm.log
07.10.2007 02:43 241.328 msmqinst.log
07.10.2007 02:43 38.878 msgsocm.log
07.10.2007 02:43 492.997 setupapi.log
07.10.2007 02:43 1.374 imsins.BAK
07.10.2007 02:43 17.099 KB939683.log
07.10.2007 02:42 32.650 wmsetup.log
07.10.2007 02:42 29.216 KB936782.log
06.10.2007 00:37 2.618 medblker.Log
06.10.2007 00:32 511 wmsetup10.log
06.10.2007 00:31 10.336 KB926239.log
06.10.2007 00:31 51.782 updspapi.log
06.10.2007 00:30 7.821 MSCompPackV1.log
06.10.2007 00:30 23.278 wmp11.log
06.10.2007 00:30 507 win.ini
06.10.2007 00:26 30.406 WMFDist11.log
06.10.2007 00:26 316.640 WMSysPr9.prx
06.10.2007 00:24 15.597 Wudf01000Inst.log
06.10.2007 00:23 14.855 KB925766.log
28.09.2007 09:06 135.168 catchme.exe
17.09.2007 21:45 69 NeroDigital.ini
Verzeichnis von C:\WINDOWS\tasks
07.10.2007 14:51 6 SA.DAT
10.08.2004 20:00 65 desktop.ini
2 Datei(en) 71 Bytes
0 Verzeichnis(se), 34.676.899.840 Bytes frei
----- Wintemp --------------------------
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 99F9-5F1F
Verzeichnis von C:\WINDOWS\temp
07.10.2007 14:52 16.384 Perflib_Perfdata_ccc.dat
07.10.2007 14:51 16.384 Perflib_Perfdata_124.dat
2 Datei(en) 32.768 Bytes
0 Verzeichnis(se), 34.676.899.840 Bytes frei
----- Temp -----------------------------
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 99F9-5F1F
Verzeichnis von C:\DOKUME~1\Andi\LOKALE~1\Temp
07.10.2007 14:59 135.230 filelist.txt
07.10.2007 14:54 16.384 ~DFB77F.tmp
07.10.2007 14:54 16.384 Perflib_Perfdata_264.dat
07.10.2007 14:53 16.384 Perflib_Perfdata_9d4.dat
07.10.2007 14:53 16.384 Perflib_Perfdata_9f8.dat
07.10.2007 14:52 16.384 Perflib_Perfdata_c64.dat
6 Datei(en) 217.150 Bytes
0 Verzeichnis(se), 34.676.899.840 Bytes frei
Das Ergebnis von Combofix kommt im Anschluss...
MFG Andrea | 