Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte


Plagegeister aller Art und deren Bekämpfung: BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 04.01.2014, 12:10   #1
uagla
 
BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Standard

BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte


Hallo,

habe eine Zweitinstallation von Windows 7 auf meiner neuen SSD gemacht. Seitdem bringt AntiVir die oben genannte Meldung.

Nachdem ich hier einige Postings gefunden habe, habe ich bereits mBar installiert und den PC gecleant. Momentan kommt keine Fehlermeldung mehr. Aber so wie ich es verstanden habe muss das noch nicht alles sein, deswegen eröffne ich ein neues Thema. Die Logfiles poste ich in der Reihenfolge wie sie erstellt wurden.

1.mbar:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.04.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Erich :: ERICH-PC [administrator]

04.01.2014 10:53:31
mbar-log-2014-01-04 (10-53-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 211952
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 1
Physical Sector #703277505 on Drive #0 (Rootkit.Alureon.E.VBR) -> Replace on reboot.

(end)
Nach einem Neustart ein zweites MAl:

2.mbar:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.04.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Erich :: ERICH-PC [administrator]

04.01.2014 11:06:05
mbar-log-2014-01-04 (11-06-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 211387
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Seitdem startet Avira AntiVir Echtzeit-Scanner nicht mehr.

Nun habe ich nach der Themeneröffnungsanleitung defogger ausgeführt.

Als nächstes FSRT.txt.:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2014
Ran by Erich (administrator) on ERICH-PC on 04-01-2014 11:57:29
Running from F:\Desktop\Reinigung
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files\CE\CovenantEyesCommService.exe
(CovenantEyes) C:\Program Files\CE\CovenantEyesProxy.exe
() C:\Windows\System32\authServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\CE\CovenantEyes.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\CE\CovenantEyesHelper.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Microsoft Corporation) C:\Users\Erich\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Dropbox, Inc.) C:\Users\Erich\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Covenant Eyes] - C:\Program Files\CE\CovenantEyes.exe [7065104 2013-12-05] ()
HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKCU\...\Run: [SkyDrive] - C:\Users\Erich\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2014-01-03] (Microsoft Corporation)
MountPoints2: {3eb36303-7461-11e3-bfd7-806e6f6e6963} - G:\setup.exe
Startup: C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Erich\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF8319B656F08CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO: Covenant Eyes for Internet Explorer - {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x86\ceie-0.7.0.dll (Covenant Eyes)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Winsock: Catalog9 01 C:\Windows\system32\CovenantEyesProxy.dll [322584] (CovenantEyes)
Winsock: Catalog9 02 C:\Windows\system32\CovenantEyesProxy.dll [322584] (CovenantEyes)
Winsock: Catalog9 03 C:\Windows\system32\CovenantEyesProxy.dll [322584] (CovenantEyes)
Winsock: Catalog9 04 C:\Windows\system32\CovenantEyesProxy.dll [322584] (CovenantEyes)
Winsock: Catalog9 23 C:\Windows\system32\CovenantEyesProxy.dll [322584] (CovenantEyes)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Erich\AppData\Roaming\Mozilla\Firefox\Profiles\dbkbwl9k.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Erich\AppData\Roaming\Mozilla\Firefox\Profiles\dbkbwl9k.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi
FF Extension: Adblock Plus - C:\Users\Erich\AppData\Roaming\Mozilla\Firefox\Profiles\dbkbwl9k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [firefox-integrated-extension@covenanteyes.com] - C:\Program Files\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com
FF Extension: Covenant Eyes for Firefox - C:\Program Files\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 Auth Service; C:\Windows\system32\authServer.exe [3204104 2013-12-05] ()
R2 CovenantEyesCommService; C:\Program Files\CE\CovenantEyesCommService.exe [4510240 2013-12-05] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [3654168 2013-10-04] (CovenantEyes)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 cewd32; C:\Windows\system32\Drivers\cewd32.sys [26624 2013-10-04] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-04 11:26 - 2014-01-04 11:26 - 00000000 _____ C:\Users\Erich\defogger_reenable
2014-01-04 10:53 - 2014-01-04 11:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-04 10:53 - 2014-01-04 11:06 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-04 10:53 - 2014-01-04 10:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-04 10:51 - 2014-01-04 10:51 - 00000000 ____D C:\FRST
2014-01-04 10:50 - 2014-01-04 11:20 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-04 10:31 - 2014-01-04 10:32 - 00002562 _____ C:\Windows\diagwrn.xml
2014-01-04 10:31 - 2014-01-04 10:32 - 00001908 _____ C:\Windows\diagerr.xml
2014-01-03 14:30 - 2014-01-03 15:01 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Swiss Academic Software
2014-01-03 14:19 - 2014-01-03 14:19 - 00000040 _____ C:\Autoconfig.ini
2014-01-03 14:19 - 2014-01-03 14:19 - 00000000 ____D C:\ProgramData\Samsung
2014-01-03 14:18 - 2014-01-03 14:18 - 00000000 ____D C:\Program Files\Samsung
2014-01-03 14:18 - 2013-06-01 06:13 - 01571160 ____N C:\Windows\TotalUninstaller.exe
2014-01-03 14:18 - 2013-05-10 10:48 - 00162136 _____ C:\Windows\system32\spe__ci.exe
2014-01-03 14:18 - 2012-11-17 09:29 - 00000363 _____ C:\Windows\system32\spe__l.smt
2014-01-03 14:18 - 2011-04-11 06:26 - 00024064 _____ () C:\Windows\system32\spe__l.dll
2014-01-03 14:18 - 2010-10-20 09:49 - 00065536 _____ (SS) C:\Windows\system32\spe__ci.dll
2014-01-03 14:16 - 2014-01-03 14:16 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2014-01-03 14:15 - 2014-01-03 14:15 - 00000000 ____D C:\Program Files\Citavi 4
2014-01-03 14:11 - 2014-01-03 14:11 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2014-01-03 14:11 - 2009-09-17 09:12 - 00303104 _____ (CANON INC.) C:\Windows\system32\CNC640L.dll
2014-01-03 14:11 - 2009-04-03 16:00 - 01310720 _____ (CANON INC.) C:\Windows\system32\CNC640C.dll
2014-01-03 14:11 - 2009-04-03 15:59 - 00110592 _____ (CANON INC.) C:\Windows\system32\CNC640I.dll
2014-01-03 14:11 - 2009-04-03 15:57 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC640U.dll
2014-01-03 14:11 - 2008-12-25 16:23 - 00013312 _____ C:\Windows\system32\CNC173FD.TBL
2014-01-03 14:11 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\system32\CNHMCA.dll
2014-01-03 14:10 - 2014-01-03 14:10 - 00000000 ____D C:\Windows\system32\STRING
2014-01-03 14:10 - 2012-06-14 17:18 - 00366592 _____ (CANON INC.) C:\Windows\system32\CNMNPPM.DLL
2014-01-03 14:10 - 2012-06-14 17:18 - 00035840 _____ (CANON INC.) C:\Windows\system32\CNMNPUI.DLL
2014-01-03 13:18 - 2014-01-04 11:55 - 00000000 ___RD C:\Users\Erich\Dropbox
2014-01-03 13:15 - 2014-01-03 13:15 - 00000000 ____D C:\Windows\system32\Lang
2014-01-03 13:15 - 2014-01-03 13:15 - 00000000 ____D C:\Program Files\Intel
2014-01-03 13:15 - 2009-09-23 11:50 - 00398336 _____ (Intel(R) Corporation) C:\Windows\system32\TVWizudlg.exe
2014-01-03 13:15 - 2009-09-23 11:49 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll
2014-01-03 13:15 - 2009-09-23 11:47 - 00121232 _____ C:\Windows\system32\IScrNB.bmp
2014-01-03 13:14 - 2014-01-03 13:14 - 00000000 ____D C:\ProgramData\CovenantEyes
2014-01-03 12:51 - 2014-01-03 12:51 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-03 12:50 - 2014-01-04 11:55 - 00000000 ___RD C:\Users\Erich\SkyDrive
2014-01-03 12:50 - 2014-01-03 12:50 - 00002180 _____ C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00002082 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00002082 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2014-01-03 12:50 - 2014-01-03 12:50 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2014-01-03 12:49 - 2014-01-04 11:55 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Dropbox
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\ProgramData\CanonBJ
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\Program Files\CanonBJ
2014-01-03 12:47 - 2010-04-24 05:00 - 00272384 _____ (CANON INC.) C:\Windows\system32\CNMLMA2.DLL
2014-01-03 12:47 - 2009-03-18 09:09 - 00178176 _____ (CANON INC.) C:\Windows\system32\CNMIUA2.DLL
2014-01-03 12:46 - 2014-01-03 14:11 - 00000000 ____D C:\Program Files\Canon
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Avira
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\ProgramData\APN
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2014-01-03 12:31 - 2014-01-03 12:31 - 00000000 ____D C:\ProgramData\Avira
2014-01-03 12:31 - 2014-01-03 12:31 - 00000000 ____D C:\Program Files\Avira
2014-01-03 12:31 - 2013-12-09 11:37 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-01-03 12:31 - 2013-12-09 11:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-01-03 12:31 - 2013-12-09 11:37 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-01-03 12:31 - 2013-12-09 11:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-01-03 12:31 - 2013-12-09 11:37 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-01-03 12:19 - 2014-01-03 12:19 - 00000000 ____D C:\ProgramData\ALM
2014-01-03 12:19 - 2008-04-07 05:38 - 00022872 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Macromedia
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2014-01-03 12:14 - 2014-01-03 13:15 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Adobe
2014-01-03 12:14 - 2014-01-03 12:32 - 00000000 ____D C:\Program Files\Adobe
2014-01-03 12:14 - 2014-01-03 12:19 - 00000000 ____D C:\ProgramData\Adobe
2014-01-03 12:13 - 2014-01-03 12:13 - 00000000 ____D C:\Windows\system32\Macromed
2014-01-03 12:13 - 2014-01-03 12:13 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2014-01-03 12:08 - 2014-01-03 15:11 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-03 12:05 - 2014-01-03 12:05 - 00000000 ____D C:\Program Files\capella-software
2014-01-03 11:51 - 2014-01-03 12:04 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Mozilla
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-03 11:46 - 2014-01-03 14:13 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Windows\PCHEALTH
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft Works
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-03 11:46 - 2013-11-26 12:25 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-03 11:40 - 2014-01-04 11:54 - 00005848 _____ C:\Windows\system32\CovenantEyesProxy.ini
2014-01-03 11:40 - 2014-01-04 11:54 - 00003096 _____ C:\Windows\system32\CovenantEyesProxyOff.ini
2014-01-03 11:40 - 2014-01-03 13:14 - 00000000 ____D C:\Program Files\CE
2014-01-03 11:40 - 2014-01-03 11:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-03 11:40 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-03 11:40 - 2014-01-03 11:40 - 00009626 _____ C:\ceInstall.log
2014-01-03 11:40 - 2014-01-03 11:40 - 00000794 __RSH C:\ProgramData\ntuser.pol
2014-01-03 11:40 - 2014-01-03 11:40 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-03 11:40 - 2013-12-05 10:32 - 03204104 _____ C:\Windows\system32\authServer.exe
2014-01-03 11:40 - 2013-10-04 13:19 - 00322584 _____ (CovenantEyes) C:\Windows\system32\CovenantEyesProxy.dll
2014-01-03 11:40 - 2013-10-04 13:19 - 00026624 _____ C:\Windows\system32\Drivers\cewd32.sys
2014-01-03 11:39 - 2014-01-03 11:39 - 00000000 __RHD C:\MSOCache
2014-01-03 11:39 - 2014-01-03 11:39 - 00000000 ____D C:\Windows\system32\x64
2014-01-03 11:39 - 2009-09-23 19:30 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe
2014-01-03 11:38 - 2012-02-17 06:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-01-03 11:38 - 2012-02-17 05:14 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-01-03 11:38 - 2012-02-17 05:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-01-03 11:34 - 2014-01-03 11:34 - 00001413 _____ C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-03 11:34 - 2012-06-02 23:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-01-03 11:34 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-01-03 11:34 - 2012-06-02 23:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-01-03 11:34 - 2012-06-02 23:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-01-03 11:34 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-01-03 11:34 - 2012-06-02 23:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-01-03 11:34 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-01-03 11:34 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-01-03 11:34 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-01-03 11:33 - 2014-01-04 11:26 - 00000000 ____D C:\Users\Erich
2014-01-03 11:33 - 2014-01-03 11:33 - 00000020 ___SH C:\Users\Erich\ntuser.ini
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Netzwerkumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Druckumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\ProgramData\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\ProgramData\Dokumente
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 __SHD C:\Recovery
2014-01-03 11:33 - 2009-07-14 05:42 - 00000000 ___RD C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-03 11:33 - 2009-07-14 05:37 - 00000000 ___RD C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-03 11:31 - 2014-01-04 11:32 - 02070071 _____ C:\Windows\WindowsUpdate.log
2014-01-03 11:25 - 2014-01-03 11:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-03 11:24 - 2014-01-03 11:33 - 00000000 ____D C:\Windows\Panther
2014-01-03 11:24 - 2014-01-03 11:26 - 00001355 _____ C:\Windows\TSSysprep.log

==================== One Month Modified Files and Folders =======

2014-01-04 11:55 - 2014-01-03 13:18 - 00000000 ___RD C:\Users\Erich\Dropbox
2014-01-04 11:55 - 2014-01-03 12:50 - 00000000 ___RD C:\Users\Erich\SkyDrive
2014-01-04 11:55 - 2014-01-03 12:49 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Dropbox
2014-01-04 11:54 - 2014-01-03 11:40 - 00005848 _____ C:\Windows\system32\CovenantEyesProxy.ini
2014-01-04 11:54 - 2014-01-03 11:40 - 00003096 _____ C:\Windows\system32\CovenantEyesProxyOff.ini
2014-01-04 11:54 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 11:54 - 2009-07-14 05:39 - 00001085 _____ C:\Windows\setupact.log
2014-01-04 11:32 - 2014-01-03 11:31 - 02070071 _____ C:\Windows\WindowsUpdate.log
2014-01-04 11:26 - 2014-01-04 11:26 - 00000000 _____ C:\Users\Erich\defogger_reenable
2014-01-04 11:26 - 2014-01-03 11:33 - 00000000 ____D C:\Users\Erich
2014-01-04 11:20 - 2014-01-04 10:50 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-04 11:14 - 2014-01-04 10:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-04 11:12 - 2009-07-14 05:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-04 11:12 - 2009-07-14 05:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-04 11:10 - 2010-11-20 22:01 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-04 11:06 - 2014-01-04 10:53 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-04 10:53 - 2014-01-04 10:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-04 10:51 - 2014-01-04 10:51 - 00000000 ____D C:\FRST
2014-01-04 10:32 - 2014-01-04 10:31 - 00002562 _____ C:\Windows\diagwrn.xml
2014-01-04 10:32 - 2014-01-04 10:31 - 00001908 _____ C:\Windows\diagerr.xml
2014-01-04 10:31 - 2009-07-14 05:39 - 00000000 _____ C:\Windows\setuperr.log
2014-01-03 23:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2014-01-03 23:38 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-03 15:11 - 2014-01-03 12:08 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-03 15:04 - 2010-11-20 22:48 - 00108404 _____ C:\Windows\PFRO.log
2014-01-03 15:01 - 2014-01-03 14:30 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Swiss Academic Software
2014-01-03 14:19 - 2014-01-03 14:19 - 00000040 _____ C:\Autoconfig.ini
2014-01-03 14:19 - 2014-01-03 14:19 - 00000000 ____D C:\ProgramData\Samsung
2014-01-03 14:18 - 2014-01-03 14:18 - 00000000 ____D C:\Program Files\Samsung
2014-01-03 14:16 - 2014-01-03 14:16 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2014-01-03 14:15 - 2014-01-03 14:15 - 00000000 ____D C:\Program Files\Citavi 4
2014-01-03 14:13 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-03 14:11 - 2014-01-03 14:11 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2014-01-03 14:11 - 2014-01-03 12:46 - 00000000 ____D C:\Program Files\Canon
2014-01-03 14:11 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\twain_32
2014-01-03 14:11 - 2009-07-14 03:37 - 00000000 __RSD C:\Windows\Media
2014-01-03 14:10 - 2014-01-03 14:10 - 00000000 ____D C:\Windows\system32\STRING
2014-01-03 13:15 - 2014-01-03 13:15 - 00000000 ____D C:\Windows\system32\Lang
2014-01-03 13:15 - 2014-01-03 13:15 - 00000000 ____D C:\Program Files\Intel
2014-01-03 13:15 - 2014-01-03 12:14 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Adobe
2014-01-03 13:14 - 2014-01-03 13:14 - 00000000 ____D C:\ProgramData\CovenantEyes
2014-01-03 13:14 - 2014-01-03 11:40 - 00000000 ____D C:\Program Files\CE
2014-01-03 13:14 - 2009-07-14 05:33 - 02278184 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-03 13:14 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2014-01-03 12:51 - 2014-01-03 12:51 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-03 12:50 - 2014-01-03 12:50 - 00002180 _____ C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00002082 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00002082 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2014-01-03 12:50 - 2014-01-03 12:50 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\ProgramData\CanonBJ
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\Program Files\CanonBJ
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Avira
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\ProgramData\APN
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2014-01-03 12:32 - 2014-01-03 12:14 - 00000000 ____D C:\Program Files\Adobe
2014-01-03 12:31 - 2014-01-03 12:31 - 00000000 ____D C:\ProgramData\Avira
2014-01-03 12:31 - 2014-01-03 12:31 - 00000000 ____D C:\Program Files\Avira
2014-01-03 12:30 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-03 12:19 - 2014-01-03 12:19 - 00000000 ____D C:\ProgramData\ALM
2014-01-03 12:19 - 2014-01-03 12:14 - 00000000 ____D C:\ProgramData\Adobe
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Macromedia
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2014-01-03 12:13 - 2014-01-03 12:13 - 00000000 ____D C:\Windows\system32\Macromed
2014-01-03 12:13 - 2014-01-03 12:13 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2014-01-03 12:05 - 2014-01-03 12:05 - 00000000 ____D C:\Program Files\capella-software
2014-01-03 12:04 - 2014-01-03 11:51 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Mozilla
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-03 11:50 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\LogFiles
2014-01-03 11:47 - 2014-01-03 11:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Windows\PCHEALTH
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft Works
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-03 11:46 - 2014-01-03 11:40 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-03 11:40 - 2014-01-03 11:40 - 00009626 _____ C:\ceInstall.log
2014-01-03 11:40 - 2014-01-03 11:40 - 00000794 __RSH C:\ProgramData\ntuser.pol
2014-01-03 11:40 - 2014-01-03 11:40 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-03 11:40 - 2011-04-12 02:39 - 00000000 ____D C:\Windows\ShellNew
2014-01-03 11:40 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2014-01-03 11:40 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-03 11:40 - 2009-07-14 03:04 - 00000478 _____ C:\Windows\win.ini
2014-01-03 11:39 - 2014-01-03 11:39 - 00000000 __RHD C:\MSOCache
2014-01-03 11:39 - 2014-01-03 11:39 - 00000000 ____D C:\Windows\system32\x64
2014-01-03 11:34 - 2014-01-03 11:34 - 00001413 _____ C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-03 11:34 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\restore
2014-01-03 11:33 - 2014-01-03 11:33 - 00000020 ___SH C:\Users\Erich\ntuser.ini
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Netzwerkumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Druckumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\ProgramData\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\ProgramData\Dokumente
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 __SHD C:\Recovery
2014-01-03 11:33 - 2014-01-03 11:24 - 00000000 ____D C:\Windows\Panther
2014-01-03 11:33 - 2010-11-20 21:57 - 00000000 ____D C:\Users\Administrator
2014-01-03 11:33 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Libraries
2014-01-03 11:33 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2014-01-03 11:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\Recovery
2014-01-03 11:33 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Windows NT
2014-01-03 11:26 - 2014-01-03 11:24 - 00001355 _____ C:\Windows\TSSysprep.log
2014-01-03 11:25 - 2014-01-03 11:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-03 11:24 - 2011-04-12 02:39 - 00000000 ____D C:\Windows\CSC
2014-01-03 11:24 - 2009-07-14 05:34 - 00002790 _____ C:\Windows\DtcInstall.log
2014-01-03 11:23 - 2009-07-14 05:57 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2014-01-03 11:23 - 2009-07-14 05:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2013-12-09 11:37 - 2014-01-03 12:31 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2014-01-03 12:31 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2014-01-03 12:31 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-09 11:37 - 2014-01-03 12:31 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-09 11:37 - 2014-01-03 12:31 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-12-05 10:32 - 2014-01-03 11:40 - 03204104 _____ C:\Windows\system32\authServer.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
und die Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-01-2014
Ran by Erich at 2014-01-04 11:57:55
Running from F:\Desktop\Reinigung
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (Version: 1.2.443 - Adobe Systems Incorporated)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0 - Adobe Systems) Hidden
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Design Standard (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Design Standard (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 10 Plugin (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe SGM CS4 (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar (Version: 12.10.0.2951 - APN, LLC)
Canon Easy-PhotoPrint EX (Version: 4.1.6 - Canon Inc.)
Canon IJ Network Scan Utility (Version:  - )
Canon IJ Network Tool (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 3.0 (Version:  - )
Canon MP640 series MP Drivers (Version:  - Canon Inc.)
capella 2008 (Version: 6.00.9001 - capella-software)
Citavi 4 (Version: 4.2.0.11 - Swiss Academic Software)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Covenant Eyes (Version: 5.0.4.49 - Covenant Eyes, Inc.)
Dropbox (Version: 2.4.11 - Dropbox, Inc.)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (Version:  - Intel Corporation)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft SkyDrive (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Samsung Universal Print Driver 2 (Version: 2.50.03.00 - Samsung Electronics Co., Ltd.)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============


==================== Loaded Modules (whitelisted) =============
GMER habe ich gestarte, aber dann ist der PC eingefroren und hat gar nicht mehr reagiert. Deswegen habe ich es erst einmal gelassen.

Wie gesagt, der Echtzeit-Scanner von Avira startet nicht mehr, deswegen kann es sein, dass deswegen die Meldung nicht mehr kommt.

Was wäre als nächstes zu tun?
Geändert von uagla (04.01.2014 um 12:53 Uhr) Grund: Fehler im Titel

 

Themen zu BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte
adblock, adobe, antivir, antivirus, avira, browser, canon, defender, desktop, excel, explorer, fehlermeldung, festplatte, firefox, flash player, installation, mozilla, neustart, photoshop, registry, security, services.exe, software, svchost.exe, system, tv wizard, windows, winlogon.exe


« tbverifier dll das modul wurde nicht gefunden | addon internet explorer 11 suchanbieter "search the web (softonic)" lässt sich nicht entfernen »


Ähnliche Themen: BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte


  1. Virus 'BOO/TDss.O' im Masterbootsektor
    Log-Analyse und Auswertung - 08.09.2014 (24)
  2. Windows 7 nach Installation einer Freeware infiziert
    Plagegeister aller Art und deren Bekämpfung - 06.07.2014 (39)
  3. Windows 7: Virus 'BOO/TDss.O' im Masterbootsektor
    Log-Analyse und Auswertung - 08.05.2014 (33)
  4. BOO/TDss.M im Masterbootsektor/HD0 entdeckt
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (3)
  5. BOO/TDss.O im Masterbootsektor
    Log-Analyse und Auswertung - 17.04.2014 (11)
  6. Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden
    Log-Analyse und Auswertung - 22.01.2014 (23)
  7. Windows 7: BOO/TDss.O in Masterbootsektor nach Formatierung
    Log-Analyse und Auswertung - 17.11.2013 (6)
  8. BOO/TDss.M in Masterbootsektor
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (22)
  9. BOO/TDss.m Masterbootsektor verseucht! versuch zu bereinigen gescheitert
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (27)
  10. vermute virus nach installation einer .exe datei aus nicht 100%sicherer Quelle.
    Log-Analyse und Auswertung - 07.12.2011 (7)
  11. BOO/TDss.M im Masterbootsektor gefunden.(Antivir) Auch nach Systemrücksetzung mit Samsung Recovery
    Plagegeister aller Art und deren Bekämpfung - 03.11.2011 (36)
  12. Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden
    Log-Analyse und Auswertung - 30.09.2011 (30)
  13. Masterbootsektor HD0 Virus BOO/TDss.D
    Plagegeister aller Art und deren Bekämpfung - 24.09.2011 (35)
  14. BOO/TDss.M im Masterbootsektor/HD0 entdeckt
    Plagegeister aller Art und deren Bekämpfung - 25.07.2011 (27)
  15. BOO/TDss.M im Masterbootsektor gefunden - wie entfernen?
    Log-Analyse und Auswertung - 20.05.2011 (26)
  16. Masterbootsektor mit BOO/TDss.M vereucht
    Plagegeister aller Art und deren Bekämpfung - 05.05.2011 (32)
  17. Probleme mit der zweiten Festplatte
    Alles rund um Windows - 23.02.2006 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte - Hallo, habe eine Zweitinstallation von Windows 7 auf meiner neuen SSD gemacht. Seitdem bringt AntiVir die oben genannte Meldung. Nachdem ich hier einige Postings gefunden habe, habe ich bereits mBar - BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte...
Archiv
Du betrachtest: BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131