![]() |
trojaner OTL.txt hallo zusammen! ich habe mich hier quer durchs forum gelesen und es bis hier hin (OTL.txt) geschafft. nun brauche ich aber hilfe, weil ich keine ahnung habe wie es jetzt weitergeht und so wie ich es verstanden habe sind diese OTL.txt immer nur für den infizierten pc und nicht allgemein ich schick euch mal den text durch und würde mich wirklich sehr über hilfe freuen: OTL logfile created on: 2/16/2013 5:05:16 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Basic (Version = 6.0.6000) - Type = System Internet Explorer (Version = 7.0.6000.16473) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 894.00 Mb Total Physical Memory | 690.00 Mb Available Physical Memory | 77.00% Memory free 806.00 Mb Paging File | 717.00 Mb Available in Paging File | 89.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 68.67 Gb Total Space | 36.36 Gb Free Space | 52.95% Space Free | Partition Type: NTFS Drive D: | 5.86 Gb Total Space | 2.65 Gb Free Space | 45.28% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2007/06/19 06:31:37 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2007/03/12 03:22:00 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2007/01/10 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) SRV - [2007/01/09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - [2007/01/09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2007/01/09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2007/01/09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2006/11/08 07:42:27 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2006/11/08 07:42:27 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2006/11/02 04:46:13 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2006/11/02 04:46:12 | 000,167,424 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006/10/26 18:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc) SRV - [2006/10/13 09:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2006/09/20 12:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore) SRV - [2005/11/17 08:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2004/12/12 22:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - [2008/11/11 07:23:09 | 000,045,344 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM) DRV - [2008/11/11 07:23:01 | 000,485,920 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA) DRV - [2007/06/19 06:34:49 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2007/06/07 03:24:04 | 000,212,280 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070612.005\IDSvix86.sys -- (IDSvix86) DRV - [2007/05/15 03:00:00 | 000,852,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070618.019\NAVEX15.SYS -- (NAVEX15) DRV - [2007/05/15 03:00:00 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2007/05/15 03:00:00 | 000,106,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2007/05/15 03:00:00 | 000,077,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070618.019\NAVENG.SYS -- (NAVENG) DRV - [2007/04/23 11:47:20 | 000,219,136 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\viahduaa.sys -- (HdAudAddService) DRV - [2007/03/27 10:11:42 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2007/03/27 10:11:42 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2007/03/27 10:11:42 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007/02/05 07:53:42 | 000,842,752 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP) DRV - [2007/01/06 16:05:42 | 000,199,680 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187) DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006/10/25 07:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006/10/25 07:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006/10/24 07:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2006/10/24 07:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2006/10/06 08:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2004/12/23 10:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ULCDRHlp.sys -- (ULCDRHlp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\BUDA_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kabeldeutschland.de/portal IE - HKU\BUDA_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\BUDA_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/10 04:23:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/10 04:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BUDA\AppData\Roaming\Mozilla\Extensions [2013/02/10 04:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2011/12/21 02:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/12/21 00:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/12/21 00:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/12/21 00:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/12/21 00:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/12/21 00:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/12/21 00:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CHotkey] C:\Windows\mHotkey.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.) O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Lexmark 1200 Series] File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.) O4 - HKLM..\Run: [showwnd] C:\Windows\ShowWnd.exe () O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\BUDA_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\BUDA_ON_C..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\BUDA_ON_C..\Run: [Teikel] C:\Users\BUDA\AppData\Roaming\Uwadb\eneg.exe () O4 - HKU\BUDA_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\BUDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\BUDA_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\BUDA_ON_C Winlogon: Shell - (C:\Users\BUDA\AppData\Roaming\skype.dat) - C:\Users\BUDA\AppData\Roaming\skype.dat () O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{2368f650-3516-11dc-9054-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2368f650-3516-11dc-9054-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/02/16 10:43:03 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2013/02/14 15:17:34 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Roaming\Uwadb [2013/02/14 15:17:34 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Roaming\Opfi [2013/02/14 15:17:34 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Roaming\Bikuva [2013/02/11 11:54:35 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/02/11 11:54:33 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/02/11 11:43:43 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2013/02/11 11:36:01 | 000,374,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll [2013/02/11 11:34:19 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2013/02/11 11:34:19 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2013/02/11 11:31:02 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013/02/11 11:31:02 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013/02/11 11:29:19 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2013/02/11 11:27:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2013/02/11 11:26:22 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2013/02/11 11:24:55 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll [2013/02/11 11:23:30 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll [2013/02/11 11:23:29 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll [2013/02/11 11:23:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll [2013/02/11 11:23:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll [2013/02/11 11:15:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2013/02/11 11:13:43 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll [2013/02/11 11:12:30 | 000,109,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys [2013/02/11 11:12:30 | 000,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys [2013/02/11 11:11:12 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013/02/11 11:09:18 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll [2013/02/11 11:09:18 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll [2013/02/11 11:09:18 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2013/02/11 11:09:17 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2013/02/11 10:10:14 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2013/02/11 10:10:08 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2013/02/11 10:10:07 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2013/02/11 09:44:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2013/02/11 09:44:43 | 004,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2013/02/11 09:44:43 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2013/02/11 09:43:34 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2013/02/11 09:43:34 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2013/02/11 09:43:33 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe [2013/02/11 09:43:33 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe [2013/02/11 09:43:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll [2013/02/11 09:43:30 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2013/02/11 09:43:28 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2013/02/11 09:43:27 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2013/02/11 09:41:57 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll [2013/02/11 09:40:13 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll [2013/02/11 09:37:08 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll [2013/02/11 09:37:08 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll [2013/02/11 09:36:07 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2013/02/11 09:35:13 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2013/02/11 09:33:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll [2013/02/11 09:32:34 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2013/02/11 09:32:32 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll [2013/02/11 09:32:32 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2013/02/11 09:32:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2013/02/11 09:32:31 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2013/02/11 09:30:49 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2013/02/11 09:29:27 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2013/02/11 09:29:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2013/02/11 09:29:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2013/02/11 09:29:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2013/02/11 09:29:08 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2013/02/10 14:22:26 | 000,232,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013/02/10 04:23:27 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Roaming\Mozilla [2013/02/10 04:23:27 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Local\Mozilla [2013/02/10 04:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/02/10 03:50:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3192C226-BD81-479F-822D-6CF72EE1AB45} [2013/02/10 03:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Kabel Deutschland [2013/02/10 03:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kabel Deutschland [2013/02/10 03:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\mquadr.at [2013/02/10 03:47:55 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Local\PackageAware [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/16 10:51:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/16 10:50:13 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/16 10:50:13 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/16 10:49:55 | 937,541,632 | -HS- | M] () -- C:\hiberfil.sys [2013/02/16 10:43:31 | 000,000,004 | ---- | M] () -- C:\Users\BUDA\AppData\Roaming\skype.ini [2013/02/16 09:20:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5CDEEC43-AD70-4717-8A64-53F46756EE77}.job [2013/02/14 16:27:44 | 022,396,928 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl [2013/02/14 16:27:43 | 000,049,152 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf [2013/02/14 16:27:43 | 000,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx [2013/02/14 15:34:13 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/02/14 15:34:12 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/02/14 15:34:12 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/02/14 15:34:12 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/02/14 15:02:28 | 000,001,768 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk [2013/02/14 15:02:21 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [2013/02/14 15:02:20 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades [2013/02/14 14:56:38 | 000,394,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/02/11 11:54:36 | 003,502,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/02/11 11:54:34 | 003,468,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/02/11 11:43:43 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2013/02/11 11:36:01 | 000,374,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll [2013/02/11 11:34:19 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2013/02/11 11:34:19 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2013/02/11 11:31:02 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013/02/11 11:31:02 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013/02/11 11:29:19 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2013/02/11 11:27:48 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2013/02/11 11:26:22 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2013/02/11 11:24:55 | 000,356,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll [2013/02/11 11:23:30 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll [2013/02/11 11:23:29 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll [2013/02/11 11:23:29 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll [2013/02/11 11:23:29 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll [2013/02/11 11:15:07 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2013/02/11 11:13:43 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll [2013/02/11 11:12:30 | 000,109,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys [2013/02/11 11:12:30 | 000,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys [2013/02/11 11:11:12 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013/02/11 11:09:18 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll [2013/02/11 11:09:18 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll [2013/02/11 11:09:18 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2013/02/11 11:09:17 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2013/02/11 10:10:14 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2013/02/11 10:10:08 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2013/02/11 10:10:07 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2013/02/11 09:44:49 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2013/02/11 09:44:43 | 004,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2013/02/11 09:44:43 | 001,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2013/02/11 09:43:35 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2013/02/11 09:43:34 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2013/02/11 09:43:33 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe [2013/02/11 09:43:33 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe [2013/02/11 09:43:33 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll [2013/02/11 09:43:30 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2013/02/11 09:43:29 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2013/02/11 09:43:28 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2013/02/11 09:41:57 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll [2013/02/11 09:40:14 | 001,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll [2013/02/11 09:37:08 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll [2013/02/11 09:37:08 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll [2013/02/11 09:36:07 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2013/02/11 09:35:13 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2013/02/11 09:33:35 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll [2013/02/11 09:32:32 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll [2013/02/11 09:32:32 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2013/02/11 09:32:32 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2013/02/11 09:32:32 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2013/02/11 09:30:49 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2013/02/11 09:29:28 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2013/02/11 09:29:21 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2013/02/11 09:29:20 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2013/02/11 09:29:08 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2013/02/10 04:23:11 | 000,000,875 | ---- | M] () -- C:\Users\BUDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/02/10 04:23:11 | 000,000,863 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/02/10 04:23:11 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/02/10 03:49:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kabel Deutschland [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/16 10:49:55 | 937,541,632 | -HS- | C] () -- C:\hiberfil.sys [2013/02/14 15:24:12 | 000,000,004 | ---- | C] () -- C:\Users\BUDA\AppData\Roaming\skype.ini [2013/02/11 10:16:35 | 000,049,152 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf [2013/02/11 10:16:35 | 000,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx [2013/02/11 10:16:34 | 022,396,928 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl [2013/02/10 04:23:11 | 000,000,875 | ---- | C] () -- C:\Users\BUDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/02/10 04:23:11 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/02/10 04:23:11 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/12/08 12:03:20 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010/12/08 12:02:42 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010/06/08 08:19:24 | 000,692,224 | ---- | C] () -- C:\Windows\System32\libeay32.dll [2010/06/08 08:19:24 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ssleay32.dll [2009/07/19 06:17:41 | 000,552,960 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009/07/19 06:17:41 | 000,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009/07/19 06:17:41 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe [2008/09/18 09:52:50 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2008/09/18 09:05:04 | 000,087,312 | ---- | C] () -- C:\Windows\mws.exe [2008/01/22 11:04:22 | 000,000,680 | ---- | C] () -- C:\Users\BUDA\AppData\Local\d3d9caps.dat [2008/01/11 14:26:59 | 000,000,042 | ---- | C] () -- C:\Users\BUDA\AppData\default.pls [2007/12/21 09:24:01 | 000,013,574 | ---- | C] () -- C:\Users\BUDA\AppData\Roaming\wklnhst.dat [2007/11/29 13:40:06 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2007/11/29 13:40:06 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2007/11/29 13:40:06 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2007/11/29 13:40:06 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2007/11/29 13:40:06 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2007/11/29 13:40:06 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2007/11/29 13:40:06 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2007/11/29 13:40:06 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2007/11/29 13:40:06 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2007/11/29 13:40:06 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2007/11/29 13:40:06 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2007/11/29 13:40:06 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2007/11/29 13:40:06 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2007/11/29 13:40:06 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2007/11/29 13:40:06 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2007/11/29 13:40:06 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2007/11/29 13:40:06 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2007/11/29 13:40:06 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2007/11/29 13:40:06 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2007/11/29 13:31:10 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini [2007/10/18 02:43:30 | 000,000,441 | ---- | C] () -- C:\Windows\hwsolii.ini [2007/07/27 13:43:31 | 000,000,092 | ---- | C] () -- C:\Windows\lexstat.ini [2007/07/27 13:43:01 | 000,155,648 | ---- | C] () -- C:\Windows\System32\LEXPING.EXE [2007/07/27 13:42:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll [2007/07/27 13:42:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE [2007/07/25 16:51:56 | 000,036,864 | ---- | C] () -- C:\Users\BUDA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/06/19 03:36:32 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe [2007/06/19 03:36:31 | 000,547,840 | ---- | C] () -- C:\Windows\mHotkey.exe [2007/06/19 03:36:31 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll [2007/06/19 03:36:31 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll [2007/06/19 03:36:31 | 000,011,776 | ---- | C] () -- C:\Windows\HIDMNT.dll [2007/06/19 03:34:09 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2007/01/24 00:08:03 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006/11/02 10:38:05 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006/11/02 10:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006/11/02 10:38:05 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006/11/02 10:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 07:44:53 | 000,394,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 05:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 05:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 03:31:23 | 000,122,880 | -HS- | C] () -- C:\Users\BUDA\AppData\Roaming\skype.dat [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/11/02 02:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006/10/27 01:26:56 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll [2006/01/30 07:42:22 | 000,000,270 | ---- | C] () -- C:\Windows\System32\lxczcoin.ini [1997/12/12 21:05:06 | 000,000,008 | ---- | C] () -- C:\Windows\pkkeor.ini ========== LOP Check ========== [2013/02/14 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\Bikuva [2008/03/06 14:54:59 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\EPSON [2008/09/18 09:04:48 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\InterVideo [2008/09/18 09:14:43 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\Leadertech [2010/12/08 12:10:49 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\MAGIX [2013/02/14 15:17:44 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\Opfi [2008/02/01 11:56:44 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\Sigel [2007/12/21 09:24:27 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\Template [2013/02/14 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\Uwadb [2007/07/24 16:42:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2007/07/24 16:42:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2007/07/24 16:42:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2007/11/29 13:39:22 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON [2007/07/24 16:42:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2010/12/08 13:57:04 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX [2013/02/10 03:49:44 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at [2009/11/28 01:15:38 | 000,000,000 | ---D | M] -- C:\ProgramData\SF [2007/07/24 16:42:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2009/03/11 17:48:30 | 000,000,000 | ---D | M] -- C:\ProgramData\UDL [2007/07/24 16:42:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2013/02/10 03:50:25 | 000,000,000 | -H-D | M] -- C:\ProgramData\{3192C226-BD81-479F-822D-6CF72EE1AB45} [2007/06/19 04:07:46 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2013/02/16 10:51:00 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013/02/16 09:20:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5CDEEC43-AD70-4717-8A64-53F46756EE77}.job ========== Purity Check ========== < End of report > |
Hallo lissy200681 und :hallo: Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist. ![]()
Ich übernehme jetzt die Problembeschreibung für dich: Ein Sperrbildschirm hindert dich daran, den Rechner normal aufzustarten und du möchtest ihn gerne loswerden. Korrekt? ;) Im ersten Schritt entfernen wir diese Sperre. Versuche dann wieder normal nach Windows zu starten und die restlichen Schritte dort auszuführen: Schritt 1
Code: :OTL
Jetzt wieder normal nach Windows starten. Schritt 2 Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
Schritt 3 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
|
Hi, Hallo! Sorry das es sooo lange gedauert hat. Er funktioniert wieder. VIELEN LIEBEN DANK!! GMER GMER Logfile: Code: GMER 2.1.18952 - GMER - Rootkit Detector and Remover OTLOTL Logfile: Code: OTL logfile created on: 16.02.2013 20:26:05 - Run 1 EXTRAOTL Logfile: Code: OTL Extras logfile created on: 16.02.2013 20:26:05 - Run 1 |
Hi, Zitat:
Wir müssen weitermachen (die Tools immer auf den Desktop speichern und von dort starten!). Schritt 1 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 2 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
|
Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen. Bei dir läuft immer noch das ZeroAccess-Rootkit! |
Fehlende Rückmeldung Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten. Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen. |
Alle Zeitangaben in WEZ +1. Es ist jetzt 17:39 Uhr. |
Copyright ©2000-2025, Trojaner-Board