| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Firefox-Tabs öffnen sich von selbst / Hinweis auf avuzatracking-MalwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
24.06.2013, 23:54
| #1 |
 |  Firefox-Tabs öffnen sich von selbst / Hinweis auf avuzatracking-Malware Vielen Dank für deine schnellen Antworten!  Das ESET-Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7be270b2b3c34b47ae749f0b08d632b2
# engine=14139
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-24 06:26:28
# local_time=2013-06-24 08:26:28 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3592 16777213 100 93 241146 122717684 0 0
# scanned=447921
# found=3
# cleaned=0
# scan_time=33956
sh=FCC7D4F2CAE984DE3411AAD26818880F7BFA4347 ft=1 fh=f1984254e1c57232 vn="a variant of Win32/Adware.Kazaa.A application" ac=I fn="D:\USB lexar\Internet\internet\kmd.exe"
sh=D7D2AD202955A2ED231165D816012A780C5A94CF ft=1 fh=4dd414394c3c3c04 vn="Win32/Adware.Aureate application" ac=I fn="I:\***\Internet\gozilla.exe"
sh=9185D9D21CEAABB53880320E0A2702CEAD270ADD ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="K:\***\ExternePlatte\HUGIN\Backup Set 2011-10-06 220101\Backup Files 2012-04-01 145816\Backup files 4.zip"
checkup.txt: Code:
ATTFilter Results of screen317's Security Check version 0.99.64
Windows XP Service Pack 3 x86
``````````````Antivirus/Firewall Check:``````````````
Norton 360 Online
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (21.0)
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2013
Ran by *** (administrator) on 25-06-2013 00:16:50
Running from C:\Dokumente und Einstellungen\***\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Matsushita Electric Industrial Co., Ltd.) C:\WINDOWS\System32\DVDRAMSV.exe
(Garmin Ltd or its subsidiaries) C:\Programme\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
(Symantec Corporation) C:\Programme\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Skype Technologies S.A.) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Symantec Corporation) C:\Programme\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Renesas Electronics Corporation) C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Google Inc.) C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Company) C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
(Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Matsushita Electric Industrial Co., Ltd.) C:\WINDOWS\system32\RAMAsst.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]
HKLM\...\Run: [SW24] C:\WINDOWS\system32\sw24.exe [69632 2006-12-08] ()
HKLM\...\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [57344 2005-06-23] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [413696 2008-09-06] (Apple Inc.)
HKLM\...\Run: [BCSSync] "D:\Programme\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]
HKLM\...\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon [1983816 2009-10-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [NUSB3MON] "C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [296056 2012-05-25] (RealNetworks, Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM\...\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2012-07-27] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-01-05] (Google Inc.)
HKCU\...\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden [455968 2007-09-19] (Hewlett-Packard Company)
HKCU\...\Run: [GarminExpressTrayApp] "C:\Programme\Garmin\Express Tray\ExpressTray.exe" [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.)
HKCU\...\Run: [MsgCenterExe] "C:\program files\real\realplayer\update\RealOneMessageCenter.exe" -osboot [79008 2012-05-25] (RealNetworks, Inc.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
==================== Internet (Whitelisted) ====================
ProxyServer: proxy.rrze.uni-erlangen.de:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: No Name - {0124123D-61B4-456f-AF86-78C53A0790C5} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: No Name - {60BF5EE3-0105-4858-AD98-17C19F86B042} - No File
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ICQ Sparberater - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
Toolbar: HKLM - No Name - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
Toolbar: HKLM - No Name - {0124123D-61B4-456f-AF86-78C53A0790C5} - No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168716560669
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.ak.studivz.net/photouploader/ImageUploader4.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ipp - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\dsxdtpr8.default
FF SearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @garmin.com/GpsControl - C:\Programme\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Programme\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
FF Extension: No Name - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Print pages to PDF - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\dsxdtpr8.default\Extensions\printPages2Pdf@reinhold.ripper
FF Extension: Microsoft .NET Framework Assistant - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\dsxdtpr8.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
========================== Services (Whitelisted) =================
R2 DVD-RAM_Service; C:\Windows\System32\DVDRAMSV.exe [110592 2006-09-04] (Matsushita Electric Industrial Co., Ltd.)
R2 Garmin Core Update Service; C:\Programme\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S2 gupdate1ca29892ecd2e5c; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-08-30] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-08-30] (Google Inc.)
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-21] (Google)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation)
R2 LightScribeService; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [79136 2007-09-25] (Hewlett-Packard Company)
R2 LVPrcSrv; C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe [154136 2009-10-07] (Logitech Inc.)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programme\Microsoft Office\Office14\GROOVE.EXE [30785672 2012-09-20] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-05-18] (Mozilla Foundation)
R2 N360; C:\Programme\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S3 NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [382248 2007-10-15] (Nero AG)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)
R2 Skype C2C Service; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [161384 2013-02-28] (Skype Technologies)
R2 wlidsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE [1529728 2009-08-18] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
S4 YahooAUService; C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392 2008-11-09] (Yahoo! Inc.)
R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================
R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [3972736 2006-06-22] (Realtek Semiconductor Corp.)
R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [43520 2006-07-01] (Advanced Micro Devices)
R3 AmdLLD; C:\Windows\System32\DRIVERS\AmdLLD.sys [34304 2007-06-29] (AMD, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108480 2010-09-14] (SlySoft, Inc.)
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [6646784 2012-07-28] (ATI Technologies Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [165376 2007-02-22] ()
S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [44544 2009-08-24] (AzureWave Technologies, Inc.)
R1 BHDrvx86; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130620.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R3 Eacfilt; C:\Windows\System32\DRIVERS\eacfilt.sys [26137 2006-04-27] (Nortel Networks)
R1 eeCtrl; C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-04-05] (Symantec Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30888 2010-11-30] (Elaborate Bytes AG)
S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13192 2011-07-29] ()
R3 EraserUtilRebootDrv; C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-04-05] (Symantec Corporation)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [8456 2011-07-29] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
R3 IDSxpx86; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130621.001\IDSxpx86.sys [373728 2013-02-14] (Symantec Corporation)
S3 IPSECEXT; C:\Windows\System32\DRIVERS\ipsecw2k.sys [155152 2006-04-27] (Nortel Networks NA, Inc.)
R3 IPSECSHM; C:\Windows\System32\DRIVERS\ipsecw2k.sys [155152 2006-04-27] (Nortel Networks NA, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2007-02-22] ()
S3 Ltn_stk7070P; C:\Windows\System32\DRIVERS\Ltn_stk7070P.sys [466048 2007-06-14] (LITEON)
S3 Ltn_stkrc; C:\Windows\System32\DRIVERS\Ltn_stkrc.sys [13440 2007-06-13] (LITEON)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.)
R1 meiudf; C:\Windows\System32\Drivers\meiudf.sys [117744 2006-12-01] (Matsushita Electric Industrial Co.,Ltd.)
S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 MSI_MSIBIOS_010507; C:\PROGRA~2\MSI\MSIWDev\msibios32_100507.sys [25912 2010-05-10] (Your Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
R3 NAVENG; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130624.001\NAVENG.SYS [93272 2013-06-22] (Symantec Corporation)
R3 NAVEX15; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130624.001\NAVEX15.SYS [1611992 2013-06-22] (Symantec Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NTIOLib_1_0_8; C:\PROGRA~2\MSI\MSIWDev\NTIOLib.sys [7680 2011-01-27] (MSI)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [69504 2011-06-10] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [161664 2011-06-10] (Renesas Electronics Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [33536 2005-04-05] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [12928 2005-04-05] (NVIDIA Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [7136 2005-05-27] (Logitech Inc.)
S3 PID_08A0; C:\Windows\System32\DRIVERS\LV302AV.SYS [913280 2005-05-27] (Logitech Inc.)
R0 psecbdr; C:\Windows\System32\Drivers\psecbdr.sys [17024 2006-09-06] (Panasonic Shikoku Electronics Co., Ltd.)
S3 QCMerced; C:\Windows\System32\DRIVERS\LVCM.sys [1317152 2005-05-27] ()
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDI.SYS [396760 2013-04-25] (Symantec Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S1 AmdPPM; system32\DRIVERS\AmdPPM.sys [x]
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S3 BOCDRIVE; \??\C:\Programme\Comodo\CBOClean\BOCDRIVE.sys [x]
S3 catchme; \??\D:\Temp\catchme.sys [x]
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
S3 cpuz130; \??\D:\Temp\cpuz130\cpuz_x32.sys [x]
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S3 FLASHSYS; \??\C:\Programme\MSI\Live Update 4\LU4\FLASHSYS.sys [x]
S3 GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS [x]
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S3 Memctl; \??\C:\Programme\U-ABIT\FlashMenu\Memctl.sys [x]
S4 mraid35x; No ImagePath
S3 MSICDSetup; \??\G:\CDriver.sys [x]
S1 ntiomin; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
S3 WINFLASH; \??\C:\Programme\U-ABIT\FlashMenu\WinFlash.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-22 19:57 - 2013-06-22 19:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2808679$
2013-06-22 19:56 - 2013-06-22 19:57 - 00010834 ___AC C:\Windows\KB2808679.log
2013-06-22 02:46 - 2013-06-22 02:46 - 00000976 ___AC C:\AdwCleaner[S2].txt
2013-06-21 02:31 - 2013-06-21 02:31 - 00021193 ___AC C:\ComboFix.txt
2013-06-21 02:13 - 2013-06-21 02:13 - 00000000 RASHDC C:\cmdcons
2013-06-21 02:13 - 2013-06-19 14:41 - 00000224 ___AC C:\Boot.bak
2013-06-21 02:13 - 2004-08-03 23:00 - 00262448 RASHC C:\cmldr
2013-06-21 02:10 - 2013-06-21 02:31 - 00000000 __ADC C:\Qoobox
2013-06-21 02:10 - 2011-06-26 08:45 - 00256000 ___AC C:\Windows\PEV.exe
2013-06-21 02:10 - 2010-11-07 19:20 - 00208896 ___AC C:\Windows\MBR.exe
2013-06-21 02:10 - 2009-04-20 06:56 - 00060416 ___AC (NirSoft) C:\Windows\NIRCMD.exe
2013-06-21 02:10 - 2000-08-31 02:00 - 00518144 ___AC (SteelWerX) C:\Windows\SWREG.exe
2013-06-21 02:10 - 2000-08-31 02:00 - 00406528 ___AC (SteelWerX) C:\Windows\SWSC.exe
2013-06-21 02:10 - 2000-08-31 02:00 - 00212480 ___AC (SteelWerX) C:\Windows\SWXCACLS.exe
2013-06-21 02:10 - 2000-08-31 02:00 - 00098816 ___AC C:\Windows\sed.exe
2013-06-21 02:10 - 2000-08-31 02:00 - 00080412 ___AC C:\Windows\grep.exe
2013-06-21 02:10 - 2000-08-31 02:00 - 00068096 ___AC C:\Windows\zip.exe
2013-06-21 02:09 - 2013-06-21 02:29 - 00000000 ___DC C:\Windows\erdnt
2013-06-20 15:33 - 2013-06-20 15:33 - 00000000 ___DC C:\FRST
2013-06-20 15:15 - 2013-06-22 02:58 - 00000000 ___DC C:\JRT
2013-06-20 15:15 - 2013-06-20 15:15 - 00000000 ___DC C:\Windows\ERUNT
2013-06-20 15:00 - 2013-06-20 15:00 - 00022949 ___AC C:\AdwCleaner[S1].txt
2013-06-19 14:31 - 2013-06-19 14:31 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-19 14:27 - 2013-06-19 14:27 - 00000000 ___AC C:\Windows\setuperr.log
2013-06-19 14:26 - 2013-06-19 14:27 - 00011889 ___AC C:\Windows\KB2838727-IE8.log
2013-06-19 14:11 - 2013-06-19 14:32 - 00015387 ___AC C:\Windows\KB2839229.log
2013-06-19 14:08 - 2013-06-19 14:08 - 00004895 ___AC C:\Windows\System32\jupdate-1.7.0_25-b16.log
2013-06-19 14:08 - 2013-06-12 21:48 - 00094632 ___AC (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-19 14:08 - 2013-06-12 21:43 - 00263592 ___AC (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-19 14:08 - 2013-06-12 21:43 - 00175016 ___AC (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-19 14:08 - 2013-06-12 21:43 - 00175016 ___AC (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-19 14:08 - 2013-06-12 21:35 - 00144896 ___AC (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2013-06-13 20:12 - 2013-06-13 20:12 - 09089416 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
==================== One Month Modified Files and Folders ========
2013-06-25 00:17 - 2009-08-30 17:54 - 00001090 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-25 00:12 - 2012-04-18 18:22 - 00000884 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-24 23:57 - 2007-01-13 20:47 - 00000210 ___AC C:\Windows\wiadebug.log
2013-06-24 21:12 - 2007-01-13 21:07 - 02031028 ___AC C:\Windows\WindowsUpdate.log
2013-06-24 21:10 - 2011-06-01 15:16 - 00524288 ___AC C:\Windows\System32\config\ACEEvent.evt
2013-06-24 21:08 - 2007-01-14 01:41 - 00000040 ___AC C:\biosinfo
2013-06-24 21:08 - 2004-08-04 14:00 - 00012598 ___AC C:\Windows\System32\wpa.dbl
2013-06-24 21:07 - 2007-01-13 20:47 - 00000050 ___AC C:\Windows\wiaservc.log
2013-06-24 21:06 - 2011-06-23 08:18 - 00000284 ___AC C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1035525444-839522115-1003.job
2013-06-24 21:06 - 2009-08-30 17:54 - 00001086 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-24 21:06 - 2007-01-13 21:17 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2013-06-24 13:58 - 2010-11-24 18:19 - 00131072 ____A C:\Windows\System32\config\OAlerts.evt
2013-06-24 13:58 - 2007-01-13 21:17 - 00032616 ____A C:\Windows\SchedLgU.Txt
2013-06-24 02:38 - 2011-06-23 08:18 - 00000292 ___AC C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1035525444-839522115-1003.job
2013-06-23 22:57 - 2007-01-13 20:45 - 00000000 __RDC C:\Programme
2013-06-22 19:57 - 2013-06-22 19:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2808679$
2013-06-22 19:57 - 2013-06-22 19:56 - 00010834 ___AC C:\Windows\KB2808679.log
2013-06-22 19:57 - 2011-06-15 22:12 - 00744808 ___AC C:\Windows\iis6.log
2013-06-22 19:57 - 2011-06-15 22:12 - 00686343 ___AC C:\Windows\FaxSetup.log
2013-06-22 19:57 - 2011-06-15 22:12 - 00328116 ___AC C:\Windows\ocgen.log
2013-06-22 19:57 - 2011-06-15 22:12 - 00313137 ___AC C:\Windows\tsoc.log
2013-06-22 19:57 - 2011-06-15 22:12 - 00229112 ___AC C:\Windows\comsetup.log
2013-06-22 19:57 - 2011-06-15 22:12 - 00210600 ___AC C:\Windows\msmqinst.log
2013-06-22 19:57 - 2011-06-15 22:12 - 00147884 ___AC C:\Windows\updspapi.log
2013-06-22 19:57 - 2011-06-15 22:12 - 00138485 ___AC C:\Windows\ntdtcsetup.log
2013-06-22 19:57 - 2011-06-15 22:12 - 00120213 ___AC C:\Windows\netfxocm.log
2013-06-22 19:57 - 2011-06-15 22:12 - 00047175 ___AC C:\Windows\MedCtrOC.log
2013-06-22 19:57 - 2011-06-15 22:12 - 00037962 ___AC C:\Windows\ocmsn.log
2013-06-22 19:57 - 2011-06-15 22:12 - 00034521 ___AC C:\Windows\tabletoc.log
2013-06-22 19:57 - 2011-06-15 22:12 - 00034299 ___AC C:\Windows\msgsocm.log
2013-06-22 19:57 - 2011-06-15 22:12 - 00001374 ___AC C:\Windows\imsins.log
2013-06-22 02:58 - 2013-06-20 15:15 - 00000000 ___DC C:\JRT
2013-06-22 02:46 - 2013-06-22 02:46 - 00000976 ___AC C:\AdwCleaner[S2].txt
2013-06-21 02:31 - 2013-06-21 02:31 - 00021193 ___AC C:\ComboFix.txt
2013-06-21 02:31 - 2013-06-21 02:10 - 00000000 __ADC C:\Qoobox
2013-06-21 02:29 - 2013-06-21 02:09 - 00000000 ___DC C:\Windows\erdnt
2013-06-21 02:28 - 2004-08-04 14:00 - 00000227 ___AC C:\Windows\system.ini
2013-06-21 02:13 - 2013-06-21 02:13 - 00000000 RASHDC C:\cmdcons
2013-06-21 02:13 - 2007-01-13 20:35 - 00000340 RASHC C:\boot.ini
2013-06-20 22:13 - 2013-05-18 13:33 - 00426377 ___AC C:\Windows\setupapi.log
2013-06-20 15:33 - 2013-06-20 15:33 - 00000000 ___DC C:\FRST
2013-06-20 15:15 - 2013-06-20 15:15 - 00000000 ___DC C:\Windows\ERUNT
2013-06-20 15:00 - 2013-06-20 15:00 - 00022949 ___AC C:\AdwCleaner[S1].txt
2013-06-19 14:41 - 2013-06-21 02:13 - 00000224 ___AC C:\Boot.bak
2013-06-19 14:41 - 2004-08-04 14:00 - 00000777 ___AC C:\Windows\win.ini
2013-06-19 14:40 - 2010-05-22 14:00 - 00000000 ___DC C:\Windows\System32\Drivers\N360
2013-06-19 14:32 - 2013-06-19 14:11 - 00015387 ___AC C:\Windows\KB2839229.log
2013-06-19 14:32 - 2011-06-15 22:12 - 00001374 ___AC C:\Windows\imsins.BAK
2013-06-19 14:31 - 2013-06-19 14:31 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-19 14:28 - 2007-01-13 22:59 - 73381792 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-19 14:27 - 2013-06-19 14:27 - 00000000 ___AC C:\Windows\setuperr.log
2013-06-19 14:27 - 2013-06-19 14:26 - 00011889 ___AC C:\Windows\KB2838727-IE8.log
2013-06-19 14:27 - 2009-05-02 12:26 - 00000000 ___DC C:\Windows\ie8updates
2013-06-19 14:08 - 2013-06-19 14:08 - 00004895 ___AC C:\Windows\System32\jupdate-1.7.0_25-b16.log
2013-06-19 13:39 - 2010-05-22 14:01 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-19 13:39 - 2010-05-22 14:01 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-13 20:13 - 2012-04-18 18:22 - 00692104 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-13 20:13 - 2011-06-08 18:48 - 00071048 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-13 20:12 - 2013-06-13 20:12 - 09089416 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-06-12 21:48 - 2013-06-19 14:08 - 00094632 ___AC (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-12 21:48 - 2012-09-01 20:51 - 00867240 ___AC (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-06-12 21:48 - 2010-05-22 13:19 - 00789416 ___AC (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-12 21:43 - 2013-06-19 14:08 - 00263592 ___AC (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-12 21:43 - 2013-06-19 14:08 - 00175016 ___AC (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-12 21:43 - 2013-06-19 14:08 - 00175016 ___AC (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-12 21:35 - 2013-06-19 14:08 - 00144896 ___AC (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2013-06-02 11:53 - 2011-06-15 22:12 - 00001507 ___AC C:\Windows\setupact.log
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2004-08-04 14:00] - [2008-04-14 04:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2004-08-04 14:00] - [2008-04-14 04:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2004-08-04 14:00] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2004-08-04 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2004-08-04 14:00] - [2008-04-14 04:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2004-08-04 14:00] - [2008-04-14 04:23] - 0026624 ___AC (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2004-08-04 14:00] - [2008-04-14 03:52] - 0053760 ___AC (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
Anmerkungen: 1. Das Problem besteht weiterhin: Auf hxxp://www.thetruthaboutguns.com und auf der Schwesterseite hxxp://www.thetruthaboutknives.com öffnen sich alle paar Minuten von selbst Tabs, wobei in der Adressleiste kurz eine Adresse erscheint, die "seth.avazutracking.net" enthält. Ich kann das Problem allerdings nach längerem Ausprobieren auf keiner anderen Website feststellen. Könnte es evtl. doch an den Seiten liegen? Sie sind zwar ohne Zweifel seriös, aber auch mit Werbebannern vollgestopft. Wenn ich mich auf diesen beiden Seiten bewege, erscheint links unten im Firefox auch regelmäßig die Mitteilung "Übertragen der Daten von [Werbeseite xy]", wobei im Tab oben gleichzeitig "Verbinden" steht (auch wenn ich die Seite nur offen habe und nichts aktualisiere o.ä.). Im Internet-Explorer öffnen sich übrigens keine Tabs von selbst, wenn ich auf diesen Seiten bin. Dort steht links unten dafür häufig "Fertig, es sind Fehler auf der Seite aufgetreten." 2. Unabhängig davon: ESET hat ja 3 Bedrohungen festgestellt (die auch noch nicht neutralisiert sein dürften, sofern dies überhaupt notwendig ist): Bei D:\ und I:\ handelt es sich um lokale Festplatten, wobei die Festplatte I:\ aus einem alten Rechner herausgebaut wurde. Die "Bedrohungen" scheinen mit KaZaA und Go!Zilla zu tun zu haben, zwei Programmen, die ich seit Jahren nicht mehr verwende. K:\ ist dagegen eine externe Festplatte, die meinem Bruder gehört, und die ich vor dem Scan seit Wochen nicht mehr an meinem PC angeschlossen hatte. Wie sind diese "multiple threats" einzuschätzen, die ESET anscheinend in einer Backup-Zipdatei gefunden hat, die mein Bruder erstellt hat? |
|
| Themen zu Firefox-Tabs öffnen sich von selbst / Hinweis auf avuzatracking-Malware |
| 7-zip, alert, bho, canon, downloader, einstellungen, error, firefox, flash player, format, free download, helper, logfile, lws.exe, malware, mozilla, msiinstaller, neue tabs, object, plug-in, problem, realtek, registry, robot, rundll, scan, security, senden, symantec, tabs öffnen, udp, usb, visual studio, werbung, windows internet |
Hybrid-Darstellung
