| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Textdateien mit gespeicherten Aktivitäten im Win/System32 OrdnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.08.2005, 13:08
| #1 |
| |  Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner Hallo, ich bekämpfe schon seit Tagen verschiedene Trojaner u. Viren auf meinem System (Win 2000 mit SP4), leider relativ erfolglos. Heute stöberte ich im Windows System32 Ordner und entdeckte dort Textdateien mit dem jeweiligen Datum in denen alle Aktivitäten auf dem Rechner an diesem Tag gespeichert waren, inkl. Passwörter, Pin-Nummern usw. Zudem erscheint alle paar Minuten ein Pop-Up in dem steht "Your Computer might be at risk - your virus protection is bad..." Klicke ich da drauf, komme ich auf eine sicher gefakte Windows Hilfe Seite, aber auf englisch. Mein Virenprogramm gibt mir ausserdem beim Start des Mozilla Firefox die Meldung 2 Trojaner gefunden zu haben (Trojan Win 2 Qhost.qr und hclean32.exe); trotzdem ich diese Dateien immer löschen lasse sind sie beim nächsten Start wieder da. Ad-Aware, Spybot und Virenprogramm melden keine Aufälligkeiten mehr. Mit Hilfe von "Hijack This" habe ich auffällige Dateien schon entfernt - Pop Up und Virenwarnung bleiben aber. Weiss jemand was ich da tun kann? Hat jemand auch so komische Protokoll-Text-Dateien im Windows Ordner? Das ist doch wohl nicht normal, oder??? Ich bitte um Hilfe! Danke! =) |
|
31.08.2005, 13:10
| #2 |
  | Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner Poste bitte ein Logfile von HijackThis hier her DL und Anleitung auf http://filepony.de/download-hijackthis/
__________________Hört sich nach Keylogger und/oder Backdoor an! Gruss |
|
31.08.2005, 13:13
| #3 |
| | Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner Hallo,
__________________vielen Dank für die schnelle Antwort, hier der Logfile von grade eben: Logfile of HijackThis v1.99.1 Scan saved at 14:13:35, on 31.08.2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: H:\WINNT\System32\smss.exe H:\WINNT\system32\csrss.exe H:\WINNT\system32\winlogon.exe H:\WINNT\system32\services.exe H:\WINNT\system32\lsass.exe H:\WINNT\system32\svchost.exe H:\WINNT\system32\spoolsv.exe H:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe F:\GData\AVKService.exe F:\GData\AVKWCtl.exe H:\WINNT\System32\svchost.exe F:\MCAFFE~1\MPFSERVICE.exe H:\WINNT\system32\nvsvc32.exe H:\WINNT\system32\regsvc.exe H:\WINNT\system32\MSTask.exe H:\WINNT\System32\WBEM\WinMgmt.exe H:\WINNT\System32\mspmspsv.exe H:\WINNT\system32\svchost.exe H:\WINNT\Explorer.EXE F:\MCAFFE~1\MpfTray.exe H:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe F:\Programme\AOL 9.0D\aoltray.exe F:\MCAFFE~1\MpfAgent.exe F:\Office\Office\OUTLOOK.EXE F:\Firefox\firefox.exe F:\WinRAR\WinRAR.exe H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\Rar$EX00.322\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e60/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer vom Schwarzen Phantom O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SDHelper.dll O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [MPFExe] F:\MCAFFE~1\MpfTray.exe O4 - HKLM\..\Run: [AOLDialer] H:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = F:\Programme\AOL 9.0D\aoltray.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\AIM\aim.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/ O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/08ee5fe9...p/RdxIE601.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab O23 - Service: Adobe LM Service - Adobe Systems - H:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - H:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AVK Service (AVKService) - Unknown owner - F:\GData\AVKService.exe O23 - Service: G DATA AntiVirenKit Wächter (AVKWCtl) - Unknown owner - F:\GData\AVKWCtl.exe O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - H:\WINNT\System32\dmadmin.exe O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - F:\MCAFFE~1\MPFSERVICE.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - H:\WINNT\system32\nvsvc32.exe |
|
31.08.2005, 13:17
| #4 |
| | Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner Hi, in dem Log sehe ich nichts auffälliges,was aber nichts bedeuten muss,mach noch einen escan genau nach Anleitung,poste dann was gefunden wird! http://www.trojaner-board.de/showthread.php?t=17492 Gruss |
|
31.08.2005, 13:47
| #5 |
| | Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner Hallo, der Log von E-Scan ist wahnsinnig lang, welcher Teil davon ist denn wichtig?? |
|
31.08.2005, 13:52
| #6 |
| | Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner Hi das ganze Log ist wichtig,wie es auch in der Anleitung steht,aber ich kann mir kaum vorstellen,dass du nach 30 Minuten schon fertig bist! Aber poste mal das Log,auch wenn du 2 Postings oder mehr benötigen solltest! |
|
31.08.2005, 13:54
| #7 |
| | Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner Hallo, doch er ist fertig. Hier also Teil 1: Wed Aug 31 14:20:36 2005 => ********************************************************** Wed Aug 31 14:20:36 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility. Wed Aug 31 14:20:36 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc. Wed Aug 31 14:20:36 2005 => ********************************************************** Wed Aug 31 14:20:36 2005 => Version 7.0.9 (H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\mwavscan.com) Wed Aug 31 14:20:36 2005 => Log File: H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\MWAV.LOG Wed Aug 31 14:20:36 2005 => MWAV Registered: FALSE. Wed Aug 31 14:20:36 2005 => MWAV Mode: Only Scan files. Wed Aug 31 14:20:37 2005 => Latest Date of files inside MWAV: 24 Aug 2005 09:17:14. Wed Aug 31 14:20:38 2005 => AV Library Loaded... Wed Aug 31 14:20:38 2005 => MWAV doing self scanning... Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavss.exe Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\Getvlist.exe Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavss.dll Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavssdi.dll Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavssi.dll Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavvlg.dll Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\msvlclnt.dll Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\ipc.dll Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\main.avi Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\virus.avi Wed Aug 31 14:20:38 2005 => MWAV files are clean. Wed Aug 31 14:20:46 2005 => Virus Database Date: 2005/08/24 Wed Aug 31 14:20:46 2005 => Virus Database Count: 145335 |
|
31.08.2005, 13:55
| #8 |
| | Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner und Teil2: Wed Aug 31 14:22:10 2005 => ********************************************************** Wed Aug 31 14:22:10 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility. Wed Aug 31 14:22:10 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc. Wed Aug 31 14:22:10 2005 => Wed Aug 31 14:22:10 2005 => Support: support@mwti.net Wed Aug 31 14:22:10 2005 => Web: http://www.mwti.net Wed Aug 31 14:22:10 2005 => ********************************************************** Wed Aug 31 14:22:10 2005 => Version 7.0.9 (H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\mwavscan.com) Wed Aug 31 14:22:10 2005 => Log File: H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\MWAV.LOG Wed Aug 31 14:22:10 2005 => User Account: Das Schwarze Phantom Wed Aug 31 14:22:10 2005 => Windows Root Folder: H:\WINNT Wed Aug 31 14:22:10 2005 => Windows Sys32 Folder: H:\WINNT\system32 Wed Aug 31 14:22:10 2005 => OS: Windows NT Wed Aug 31 14:22:10 2005 => Latest Date of files inside MWAV: 24 Aug 2005 09:17:14. Wed Aug 31 14:22:10 2005 => Options Selected by User: Wed Aug 31 14:22:10 2005 => Memory Check: Enabled Wed Aug 31 14:22:10 2005 => Registry Check: Enabled Wed Aug 31 14:22:10 2005 => StartUp Folder Check: Enabled Wed Aug 31 14:22:10 2005 => System Folder Check: Enabled Wed Aug 31 14:22:10 2005 => System Area Check: Disabled Wed Aug 31 14:22:10 2005 => Services Check: Enabled Wed Aug 31 14:22:10 2005 => Drive Check: Disabled Wed Aug 31 14:22:10 2005 => All Drive Check :Enabled Wed Aug 31 14:22:10 2005 => Folder Check: Enabled Wed Aug 31 14:22:10 2005 => Folder Selected = H:\WINNT Wed Aug 31 14:22:10 2005 => ***** Scanning Memory Files ***** Wed Aug 31 14:22:10 2005 => Scanning File H:\WINNT\System32\smss.exe Wed Aug 31 14:22:10 2005 => Scanning File H:\WINNT\system32\ntdll.dll Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\System32\sfcfiles.dll Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\SYSTEM32\CSRSS.EXE Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\CSRSRV.dll Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\basesrv.dll Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\winsrv.dll Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\USER32.DLL Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\KERNEL32.DLL Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\GDI32.DLL Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\ADVAPI32.dll Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\RPCRT4.DLL Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\SHELL32.dll Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\SHLWAPI.DLL Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\msvcrt.dll Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\COMCTL32.DLL Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\WININET.dll Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\CRYPT32.dll Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\MSASN1.DLL Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\OLEAUT32.dll Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\ole32.dll Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\psapi.dll Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\SYSTEM32\WINLOGON.EXE Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\USERENV.DLL Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\NDDEAPI.DLL Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\SFC.DLL Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\SECUR32.DLL Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\PROFMAP.DLL Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\NETAPI32.dll Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\NETRAP.DLL Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\SAMLIB.DLL Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\WS2_32.DLL Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\WS2HELP.DLL Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\WLDAP32.DLL Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\DNSAPI.DLL Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\WSOCK32.DLL Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\msgina.dll Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\WINSTA.DLL Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\WINMM.dll Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\setupapi.dll Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\wdmaud.drv Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\wintrust.dll Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\IMAGEHLP.dll Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\mscat32.dll Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\rsaenh.dll Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\VERSION.dll Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\LZ32.DLL Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\cscdll.dll Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\WlNotify.dll Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\CERTCLI.DLL Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\ATL.DLL Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\WINSCARD.DLL Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\WINSPOOL.DRV Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\MPR.DLL Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\msv1_0.dll Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\wzcdlg.dll Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\WZCSAPI.DLL Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\cscui.dll Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\CLBCATQ.DLL Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\msacm32.drv Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\MSACM32.dll Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\services.exe Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\UMPNPMGR.DLL Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\SCESRV.DLL Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\NTDSAPI.DLL Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\eventlog.dll Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\dhcpcsvc.dll Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\ICMP.DLL Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\IPHLPAPI.DLL Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\MPRAPI.DLL Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\ACTIVEDS.DLL Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\ADSLDPC.DLL Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\RTUTILS.DLL Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\RASAPI32.DLL Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\RASMAN.DLL Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\TAPI32.DLL Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\dnsrslvr.dll Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\lmhsvc.dll Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\dmserver.dll Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\CFGMGR32.DLL Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\Srvsvc.dll Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\wkssvc.dll Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\CRYPTDLL.DLL Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\cryptsvc.dll Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\psbase.dll Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\ESENT.dll Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\seclogon.dll Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\trkwks.dll Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\browser.dll Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\wmicore.dll Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\msafd.dll Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\System32\wshtcpip.dll Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\appmgmts.dll Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\MSI.DLL Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\lsass.exe Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\LSASRV.dll Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\SAMSRV.DLL Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\msprivs.dll Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\kerberos.dll Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\netlogon.dll Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\schannel.dll Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\rsabase.dll Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\scecli.dll Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\svchost.exe Wed Aug 31 14:22:18 2005 => Scanning File h:\winnt\system32\rpcss.dll Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\mswsock.dll Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\System32\rnr20.dll Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\System32\winrnr.dll Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\rasadhlp.dll Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\spoolsv.exe Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\SPOOLSS.DLL Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\localspl.dll Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\cnbjmon.dll Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\pjlmon.dll Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\tcpmon.dll Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\usbmon.dll Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\spool\PRTPROCS\W32X86\lexdpp.dll Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\win32spl.dll Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\inetpp.dll Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRV.DLL Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\mscms.dll Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\icm32.dll Wed Aug 31 14:22:19 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\AOLAcsd.exe Wed Aug 31 14:22:20 2005 => Scanning File H:\WINNT\system32\MSVCR71.dll Wed Aug 31 14:22:20 2005 => Scanning File H:\WINNT\system32\MSVCP71.dll Wed Aug 31 14:22:20 2005 => Scanning File H:\WINNT\system32\wtsapi32.dll Wed Aug 31 14:22:20 2005 => Scanning File H:\WINNT\system32\UTILDLL.dll Wed Aug 31 14:22:20 2005 => Scanning File H:\WINNT\system32\REGAPI.dll Wed Aug 31 14:22:20 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\MultiOS.dll Wed Aug 31 14:22:20 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\UNINET~1.DLL Wed Aug 31 14:22:20 2005 => Scanning File H:\WINNT\system32\AOLDial.dll Wed Aug 31 14:22:21 2005 => Scanning File F:\GData\AVKService.exe Wed Aug 31 14:22:21 2005 => Scanning File F:\GData\AVKWCtl.exe Wed Aug 31 14:22:21 2005 => Scanning File F:\GData\IcptStub.dll Wed Aug 31 14:22:21 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\GDATA~1\AVKSCA~1\AVKScan.dll Wed Aug 31 14:22:21 2005 => Scanning File H:\WINNT\system32\comdlg32.dll Wed Aug 31 14:22:21 2005 => Scanning File F:\GData\AskUser.dll Wed Aug 31 14:22:22 2005 => Scanning File F:\GData\SplitExplorer.dll Wed Aug 31 14:22:22 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\GDATA~1\AVKSCA~1\Base\AVPBASE.DLL Wed Aug 31 14:22:22 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\GDATA~1\AVKSCA~1\Base\avp_iont.dll Wed Aug 31 14:22:22 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\GDATA~1\AVKSCA~1\bdf\bdcore.dll Wed Aug 31 14:22:22 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\GDATA~1\AVKSCA~1\bdf\libfn.dll Wed Aug 31 14:22:22 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\GDATA~1\AVKSCA~1\bdf\avxdisk.dll Wed Aug 31 14:22:22 2005 => Scanning File h:\winnt\system32\es.dll Wed Aug 31 14:22:22 2005 => Scanning File h:\winnt\system32\TxfAux.Dll Wed Aug 31 14:22:22 2005 => Scanning File h:\winnt\system32\ntmssvc.dll Wed Aug 31 14:22:22 2005 => Scanning File h:\winnt\system32\sens.dll Wed Aug 31 14:22:22 2005 => Scanning File H:\WINNT\System32\NTMSDBA.dll Wed Aug 31 14:22:23 2005 => Scanning File h:\winnt\system32\tapisrv.dll Wed Aug 31 14:22:23 2005 => Scanning File h:\winnt\system32\rasmans.dll Wed Aug 31 14:22:23 2005 => Scanning File h:\winnt\system32\netcfgx.dll Wed Aug 31 14:22:23 2005 => Scanning File h:\winnt\system32\RASDLG.dll Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\rastapi.dll Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\unimdm.tsp Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\uniplat.dll Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\NTMARTA.DLL Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\kmddsp.tsp Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\ndptsp.tsp Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\ipconf.tsp Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\h323.tsp Wed Aug 31 14:22:24 2005 => Scanning File H:\WINNT\System32\rasppp.dll Wed Aug 31 14:22:24 2005 => Scanning File H:\WINNT\System32\ntlsapi.dll Wed Aug 31 14:22:24 2005 => Scanning File H:\WINNT\System32\comsvcs.dll Wed Aug 31 14:22:24 2005 => Scanning File H:\WINNT\System32\MSDTCPRX.dll Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\System32\MTXCLU.DLL Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\System32\CLUSAPI.DLL Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\System32\RESUTILS.DLL Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\System32\raschap.dll Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\System32\rastls.dll Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\System32\CRYPTUI.dll Wed Aug 31 14:22:25 2005 => Scanning File h:\winnt\system32\netman.dll Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\system32\NETSHELL.dll Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\System32\WMI.dll Wed Aug 31 14:22:25 2005 => Scanning File F:\MCAFFE~1\MPFSERVICE.exe Wed Aug 31 14:22:25 2005 => Scanning File F:\MCAFFE~1\Localized.DLL Wed Aug 31 14:22:26 2005 => Scanning File H:\WINNT\system32\nvsvc32.exe Wed Aug 31 14:22:26 2005 => Scanning File H:\WINNT\system32\regsvc.exe Wed Aug 31 14:22:26 2005 => Scanning File H:\WINNT\system32\MSTask.exe Wed Aug 31 14:22:26 2005 => Scanning File H:\WINNT\system32\MSIDLE.DLL Wed Aug 31 14:22:26 2005 => Scanning File H:\WINNT\System32\WBEM\WinMgmt.exe Wed Aug 31 14:22:26 2005 => Scanning File H:\WINNT\System32\WBEM\wbemcomn.dll Wed Aug 31 14:22:27 2005 => Scanning File H:\WINNT\System32\wbem\wbemcore.dll Wed Aug 31 14:22:27 2005 => Scanning File H:\WINNT\System32\wbem\fastprox.dll Wed Aug 31 14:22:27 2005 => Scanning File H:\WINNT\System32\wbem\wbemess.dll Wed Aug 31 14:22:28 2005 => Scanning File H:\WINNT\System32\wbem\wbemsvc.dll Wed Aug 31 14:22:28 2005 => Scanning File H:\WINNT\System32\wbem\wmiprov.dll Wed Aug 31 14:22:28 2005 => Scanning File H:\WINNT\System32\mspmspsv.exe Wed Aug 31 14:22:28 2005 => Scanning File h:\winnt\system32\wuauserv.dll Wed Aug 31 14:22:28 2005 => Scanning File H:\WINNT\system32\wuaueng.dll Wed Aug 31 14:22:28 2005 => Scanning File H:\WINNT\system32\ADVPACK.dll Wed Aug 31 14:22:28 2005 => Scanning File H:\WINNT\system32\winhttp.dll Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\Explorer.EXE Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\system32\shim.dll Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\AppPatch\AcLayers.DLL Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\system32\SHDOCVW.DLL Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\system32\URLMON.DLL Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\system32\mlang.dll Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\System32\mshtml.dll Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\system32\sensapi.dll Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\system32\mydocs.dll Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\system32\ntshrui.dll Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\System32\shdoclc.dll Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\system32\MSLS31.DLL Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\system32\IMM32.DLL Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\ntlanman.dll Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\NETUI0.DLL Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\NETUI1.DLL Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\webcheck.dll Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\system32\stobject.dll Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\system32\BATMETER.DLL Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\system32\POWRPROF.DLL Wed Aug 31 14:22:30 2005 => Scanning File F:\WinRAR\rarext.dll Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\browselc.dll Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\system32\LINKINFO.DLL Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\docprop2.dll Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\MSVFW32.DLL Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\AVIFIL32.DLL Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\system32\faxshell.dll Wed Aug 31 14:22:30 2005 => Scanning File H:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.DLL Wed Aug 31 14:22:31 2005 => Scanning File H:\WINNT\system32\PRINTUI.DLL Wed Aug 31 14:22:31 2005 => Scanning File H:\WINNT\System32\jscript.dll Wed Aug 31 14:22:31 2005 => Scanning File H:\WINNT\system32\imgutil.dll Wed Aug 31 14:22:31 2005 => Scanning File H:\WINNT\system32\USP10.DLL Wed Aug 31 14:22:31 2005 => Scanning File H:\WINNT\system32\dsquery.dll Wed Aug 31 14:22:31 2005 => Scanning File H:\WINNT\system32\dsuiext.dll Wed Aug 31 14:22:31 2005 => Scanning File H:\WINNT\system32\query.dll Wed Aug 31 14:22:32 2005 => Scanning File F:\SPYBOT~1\SDHelper.dll Wed Aug 31 14:22:32 2005 => Scanning File H:\WINNT\system32\olepro32.dll Wed Aug 31 14:22:32 2005 => Scanning File H:\WINNT\system32\msadp32.acm Wed Aug 31 14:22:32 2005 => Scanning File H:\WINNT\System32\thumbvw.dll Wed Aug 31 14:22:32 2005 => Scanning File H:\WINNT\System32\webvw.dll Wed Aug 31 14:22:32 2005 => Scanning File H:\WINNT\System32\mshtmled.dll Wed Aug 31 14:22:32 2005 => Scanning File F:\GData\ShellExt.dll Wed Aug 31 14:22:32 2005 => Scanning File F:\MCAFFE~1\MpfTray.exe Wed Aug 31 14:22:33 2005 => Scanning File H:\WINNT\system32\RICHED32.DLL Wed Aug 31 14:22:33 2005 => Scanning File H:\WINNT\system32\RICHED20.dll Wed Aug 31 14:22:33 2005 => Scanning File H:\WINNT\system32\MPFAPI.dll Wed Aug 31 14:22:33 2005 => Scanning File H:\WINNT\system32\SHFOLDER.dll Wed Aug 31 14:22:33 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\AOLDial.exe Wed Aug 31 14:22:33 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\xpat.dll Wed Aug 31 14:22:33 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\DE\DIALER~1.DLL Wed Aug 31 14:22:33 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\DE\ACSUI.DLL Wed Aug 31 14:22:34 2005 => Scanning File H:\WINNT\system32\MSIMG32.dll Wed Aug 31 14:22:34 2005 => Scanning File H:\WINNT\System32\wbem\wbemprox.dll Wed Aug 31 14:22:34 2005 => Scanning File F:\PROGRA~1\AOL9~1.0D\aoltray.exe Wed Aug 31 14:22:34 2005 => Scanning File F:\MCAFFE~1\MpfAgent.exe Wed Aug 31 14:22:34 2005 => Scanning File F:\Office\Office\OUTLOOK.EXE Wed Aug 31 14:22:34 2005 => Scanning File F:\Office\Office\OUTLLIB.dll Wed Aug 31 14:22:34 2005 => Scanning File F:\Office\Office\MSO9.DLL Wed Aug 31 14:22:34 2005 => Scanning File F:\Office\Office\1031\outllibr.dll Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\System\MAPI\1031\nt\omint.dll Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\GDATA~1\AVKMail\AVKExchd.dll Wed Aug 31 14:22:35 2005 => Scanning File F:\Office\Office\OUTLRPC.dll Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\System\MAPI\1031\nt\PSTPRX32.DLL Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\System\MAPI\1031\nt\OMIPSTNT.DLL Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\System\MAPI\1031\nt\MAPI32.dll Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\System\MAPI\1031\NT\ExSec32.dll Wed Aug 31 14:22:35 2005 => Scanning File H:\WINNT\System32\msoeacct.dll Wed Aug 31 14:22:35 2005 => Scanning File H:\WINNT\System32\MSOERT2.dll Wed Aug 31 14:22:35 2005 => Scanning File H:\WINNT\System32\acctres.dll Wed Aug 31 14:22:35 2005 => Scanning File H:\WINNT\System32\inetcomm.dll Wed Aug 31 14:22:35 2005 => Scanning File H:\WINNT\System32\inetres.dll Wed Aug 31 14:22:35 2005 => Scanning File H:\WINNT\system32\PSTOREC.DLL Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\System\wab32.dll Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\System\wab32res.dll Wed Aug 31 14:22:35 2005 => Scanning File H:\WINNT\System32\OUTLWAB.DLL |
|
31.08.2005, 13:56
| #9 |
| | Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner Teil 3... Wed Aug 31 14:22:35 2005 => Scanning File F:\Office\Office\RTFHTML.dll Wed Aug 31 14:22:35 2005 => Scanning File F:\Office\Office\OUTLMIME.DLL Wed Aug 31 14:22:35 2005 => Scanning File F:\Firefox\firefox.exe Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\js3250.dll Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\nspr4.dll Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\xpcom.dll Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\plc4.dll Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\plds4.dll Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\smime3.dll Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\nss3.dll Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\softokn3.dll Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\ssl3.dll Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\xpcom_compat.dll Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\plugins\npnul32.dll Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\components\jar50.dll Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\nssckbi.dll Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\plugins\NPSWF32.dll Wed Aug 31 14:22:36 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\Rar$EX00.322\HijackThis.exe Wed Aug 31 14:22:37 2005 => Scanning File H:\WINNT\system32\MSVBVM60.DLL Wed Aug 31 14:22:37 2005 => Scanning File H:\WINNT\system32\asycfilt.dll Wed Aug 31 14:22:37 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\mwavscan.com Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\psapi.dll Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\msvlclnt.dll Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavssdi.dll Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavssd.dll Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavssi.dll Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\ipc.dll Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\RICHED32.DLL Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\system32\VDMDBG.DLL Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavss.exe Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavss.dll Wed Aug 31 14:22:38 2005 => ***** Scanning Registry Files ***** Wed Aug 31 14:22:38 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\system32\NETSHELL.dll Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\System32\webcheck.dll Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\system32\stobject.dll Wed Aug 31 14:22:38 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad Wed Aug 31 14:22:38 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension Wed Aug 31 14:22:38 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar Wed Aug 31 14:22:38 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects Wed Aug 31 14:22:38 2005 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = H:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll Wed Aug 31 14:22:38 2005 => Scanning File H:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.DLL Wed Aug 31 14:22:38 2005 => {53707962-6F74-2D53-2644-206D7942484F} = F:\SPYBOT~1\SDHelper.dll Wed Aug 31 14:22:38 2005 => Scanning File F:\SPYBOT~1\SDHelper.dll Wed Aug 31 14:22:38 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:38 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\system32\mmsys.cpl Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\system32\icmui.dll Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\system32\rshx32.dll Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\system32\docprop.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\ntshrui.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\plustab.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\deskadp.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\deskmon.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\dssec.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\shscrap.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\diskcopy.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\ntlanui2.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\System32\icmui.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\icmui.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\printui.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\dskquoui.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\syncui.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\System32\hticons.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\fontext.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\icmui.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\rshx32.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\ntshrui.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\deskperf.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\System32\wshext.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\cryptext.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\cryptext.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\NETSHELL.dll Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\System32\mstask.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\mstask.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\mstask.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shdocvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\sendmail.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\sendmail.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\occache.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\thumbvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\thumbvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\thumbvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\thumbvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\thumbvw.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\appwiz.cpl Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\appwiz.cpl Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\appwiz.cpl Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\dsfolder.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\dsfolder.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\dsquery.dll Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\dsquery.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\dsquery.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\dsuiext.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\dsuiext.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\mydocs.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\mydocs.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\mydocs.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\mydocs.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\cscui.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\cscui.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\cscui.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\mmcshext.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\cabview.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\nvshell.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\nvshell.dll Wed Aug 31 14:22:41 2005 => Scanning File F:\Office\Office\OLKFSTUB.DLL Wed Aug 31 14:22:41 2005 => Scanning File F:\WinRAR\rarext.dll Wed Aug 31 14:22:41 2005 => Scanning File F:\Programme\rpshell.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\browseui.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\shdocvw.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\PROGRA~1\OUTLOO~1\wabfind.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\cdfview.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\cdfview.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\cdfview.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\cdfview.dll Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\cdfview.dll |
|
31.08.2005, 13:57
| #10 |
| | Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner und weiter, Teil4: Wed Aug 31 14:22:41 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Wed Aug 31 14:22:41 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\Explorer.exe Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\userinit.exe Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\fdeploy.dll Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\dskquota.dll Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\gptext.dll Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\scecli.dll Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\iedkcs32.dll Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\scecli.dll Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\appmgmts.dll Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\gptext.dll Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\crypt32.dll Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\cryptnet.dll Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\cscdll.dll Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\sclgntfy.dll Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\WlNotify.dll Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\wzcdlg.dll Wed Aug 31 14:22:42 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Wed Aug 31 14:22:42 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Wed Aug 31 14:22:42 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Wed Aug 31 14:22:42 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDEBUG Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\drwtsn32.exe Wed Aug 31 14:22:42 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\ntsd.exe Wed Aug 31 14:22:42 2005 => Scanning HKCU\Control Panel\Desktop Wed Aug 31 14:22:42 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Control\WOW Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\ntvdm.exe Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\ntvdm.exe Wed Aug 31 14:22:42 2005 => Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\inf\unregmp2.exe Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\System32\shmgrate.exe Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\System32\shmgrate.exe Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\RunDLL32.exe Wed Aug 31 14:22:42 2005 => Scanning File H:\PROGRA~1\OUTLOO~1\setup50.exe Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\rundll32.exe Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\regsvr32.exe Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\rundll32.exe Wed Aug 31 14:22:43 2005 => Scanning File H:\PROGRA~1\OUTLOO~1\setup50.exe Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\regsvr32.exe Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\System32\ie4uinit.exe Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\System32\updcrl.exe Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Wed Aug 31 14:22:43 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Run Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\mobsync.exe Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\RUNDLL32.EXE Wed Aug 31 14:22:43 2005 => Scanning File F:\MCAFFE~1\MpfTray.exe Wed Aug 31 14:22:43 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\AOLDial.exe Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\RunDll32.exe Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\nwiz.exe Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce Wed Aug 31 14:22:43 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Wed Aug 31 14:22:43 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Wed Aug 31 14:22:43 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Wed Aug 31 14:22:43 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Wed Aug 31 14:22:43 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup Wed Aug 31 14:22:43 2005 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Wed Aug 31 14:22:43 2005 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Wed Aug 31 14:22:43 2005 => Scanning File H:\PROGRA~1\INTERN~1\CONNEC~1\icwconn1.exe Wed Aug 31 14:22:43 2005 => Scanning HKCR\txtfile\shell\open\command Wed Aug 31 14:22:43 2005 => Scanning HKCR\comfile\shell\open\command Wed Aug 31 14:22:43 2005 => Scanning HKCR\exefile\shell\open\command Wed Aug 31 14:22:43 2005 => Scanning HKCR\dllfile\shell\open\command Wed Aug 31 14:22:43 2005 => Scanning HKCR\batfile\shell\open\command Wed Aug 31 14:22:43 2005 => Scanning HKCR\piffile\shell\open\command Wed Aug 31 14:22:43 2005 => Scanning HKCR\scrfile\shell\open\command Wed Aug 31 14:22:43 2005 => Scanning HKCR\scrfile\shell\config\command Wed Aug 31 14:22:43 2005 => Replacing Registry Value Wed Aug 31 14:22:43 2005 => Scanning HKCR\regfile\shell\open\command Wed Aug 31 14:22:43 2005 => Scanning HKCR\htmlfile\shell\open\command Wed Aug 31 14:22:43 2005 => Scanning File H:\PROGRA~1\INTERN~1\iexplore.exe Wed Aug 31 14:22:43 2005 => Scanning HKCR\htafile\shell\open\command Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\System32\mshta.exe Wed Aug 31 14:22:43 2005 => Scanning HKCR\jsfile\shell\open\command Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\System32\WScript.exe Wed Aug 31 14:22:44 2005 => Scanning HKCR\jsefile\shell\open\command Wed Aug 31 14:22:44 2005 => Scanning File H:\WINNT\System32\WScript.exe Wed Aug 31 14:22:44 2005 => Scanning HKCR\vbsfile\shell\open\command Wed Aug 31 14:22:44 2005 => Scanning File H:\WINNT\System32\WScript.exe Wed Aug 31 14:22:44 2005 => Scanning HKCR\vbefile\shell\open\command Wed Aug 31 14:22:44 2005 => Scanning File H:\WINNT\System32\WScript.exe |
|
31.08.2005, 13:58
| #11 |
| | Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner Stop das ist falsch! So musst du vorgehen: Öffne die 'mwav.log' im Ordner 'C:\Bases_X' -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen. |
|
31.08.2005, 13:58
| #12 |
| | Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner 5... Wed Aug 31 14:22:44 2005 => Scanning HKCR\wshfile\shell\open\command Wed Aug 31 14:22:44 2005 => Scanning File H:\WINNT\System32\WScript.exe Wed Aug 31 14:22:44 2005 => Scanning HKCR\wsffile\shell\open\command Wed Aug 31 14:22:44 2005 => Scanning File H:\WINNT\System32\WScript.exe Wed Aug 31 14:22:44 2005 => ***** Scanning StartUp Folders ***** Wed Aug 31 14:22:44 2005 => ***** Scanning H:\Dokumente und Einstellungen\Das Schwarze Phantom\Startmenü\Programme\Autostart Folder ***** Wed Aug 31 14:22:44 2005 => Scanning Folder: H:\Dokumente und Einstellungen\Das Schwarze Phantom\Startmenü\Programme\Autostart\*.* Wed Aug 31 14:22:44 2005 => ***** Scanning H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop Folder ***** Wed Aug 31 14:22:44 2005 => Scanning Folder: H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\*.* Wed Aug 31 14:22:44 2005 => Scanning Folder: H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\*.* Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Di_Aug_09_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Di_Aug_16_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Di_Jul_19_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Do_Aug_11_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Do_Jul_14_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Fr_Aug_12_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Fr_Jul_15_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mi_Aug_10_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mi_Aug_17_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mi_Jul_13_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mi_Jul_20_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mo_Aug_08_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mo_Aug_15_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mo_Aug_22_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mo_Jul_18_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Sa_Jul_16_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\So_Aug_07_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\So_Aug_14_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\So_Aug_21_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\So_Jul_17_2005.txt Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\P37-730.pdf Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Praktikumsbericht.doc2.doc Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Verknüpfung mit opm.exe.lnk Wed Aug 31 14:22:44 2005 => ***** Scanning H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder ***** Wed Aug 31 14:22:44 2005 => Scanning Folder: H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.* Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk Wed Aug 31 14:22:44 2005 => ***** Scanning Service Files ***** Wed Aug 31 14:22:44 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services Wed Aug 31 14:22:44 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\ADOBES~1\Service\ADOBEL~1.EXE Wed Aug 31 14:22:44 2005 => Scanning File H:\WINNT\System32\drivers\afd.sys Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\System32\services.exe Wed Aug 31 14:22:45 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\AOLAcsd.exe Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\services.exe Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\DRIVERS\asyncmac.sys Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\DRIVERS\atapi.sys Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\DRIVERS\atmarpc.sys Wed Aug 31 14:22:45 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\ATWPKT2.SYS Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\DRIVERS\audstub.sys Wed Aug 31 14:22:45 2005 => Scanning File F:\GData\AVKService.exe Wed Aug 31 14:22:45 2005 => Scanning File F:\GData\AVKWCtl.exe Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\System32\svchost.exe Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\System32\services.exe Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\DRIVERS\CCDECODE.sys Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\DRIVERS\cdrom.sys Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\DRIVERS\cirrus.sys Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\System32\cisvc.exe Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\clipsrv.exe Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\drivers\cmuda.sys Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\system32\drivers\cwcspud.sys Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\system32\drivers\cwcspud3.sys Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\system32\drivers\cwcwdm.sys Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\System32\services.exe Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\system32\DRIVERS\disk.sys Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\System32\dmadmin.exe Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\system32\drivers\dmboot.sys Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\system32\drivers\dmio.sys Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\system32\drivers\dmload.sys Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\System32\services.exe Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\drivers\DMusic.sys Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\System32\services.exe Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\services.exe Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\System32\svchost.exe Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\faxsvc.exe Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\fdc.sys Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\fetnd5b.sys Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\flpydisk.sys Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\ftdisk.sys Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\gameenum.sys Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\SYSTEM32\INTERCEPTOR.SYS Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\msgpc.sys Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\hidusb.sys Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\SYSTEM32\DRIVERS\HOOKCENTRE.SYS Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\i8042prt.sys Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\ipfltdrv.sys Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\ipinip.sys Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\ipnat.sys Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\ipsec.sys Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\irenum.sys Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\isapnp.sys Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\kbdclass.sys Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\drivers\kmixer.sys Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\System32\services.exe Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\System32\services.exe Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\System32\services.exe Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\lsermous.sys Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\System32\services.exe Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\System32\mnmsrvc.exe Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\mouclass.sys Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\mouhid.sys Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\MPE.sys Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\Drivers\MpFirewall.sys Wed Aug 31 14:22:48 2005 => Scanning File F:\MCAFFE~1\MPFSERVICE.exe Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\mrxsmb.sys Wed Aug 31 14:22:49 2005 => ERROR!!! Invalid Entry \??\H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\msdirectx.sys in SYSTEM\CurrentControlSet\Services\msdirectx... Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\System32\msdtc.exe Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\System32\MsiExec.exe Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\drivers\MSKSSRV.sys Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\drivers\MSPCLOCK.sys Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\drivers\MSPQM.sys Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\drivers\MSTEE.sys Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\drivers\msmpu401.sys Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\DRIVERS\NABTSFEC.sys Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\DRIVERS\ndistapi.sys Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\DRIVERS\ndisuio.sys Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\DRIVERS\ndiswan.sys Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\DRIVERS\netbios.sys Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\DRIVERS\netbt.sys Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\netdde.exe Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\netdde.exe Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\drivers\netdtect.sys Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\System32\lsass.exe Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\System32\svchost.exe Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\NtApm.sys Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\System32\lsass.exe Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\System32\svchost.exe Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\nv4_mini.sys Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\nv4_mini.sys Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\nvsvc32.exe Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\nwlnkflt.sys Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\nwlnkfwd.sys Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\parallel.sys Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\parport.sys Wed Aug 31 14:22:50 2005 => Scanning File F:\SPEEDM~1\PCANDIS5.SYS Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\pci.sys Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\pciide.sys Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\services.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\lsass.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\raspptp.sys Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\services.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\ptilink.sys Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\Drivers\PxHelp20.sys Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\rasacd.sys Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\svchost.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\rasl2tp.sys Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\svchost.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\raspti.sys Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\drivers\RCA.sys Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\rdbss.sys Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\redbook.sys Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\svchost.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\regsvc.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\RMSPPPOE.SYS Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\locator.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\svchost.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\rsvp.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\RTL8029.SYS Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\lsass.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\SCardSvr.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\SCardSvr.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\MSTask.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\services.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\svchost.exe Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\serenum.sys Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\serial.sys Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\System32\svchost.exe Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\DRIVERS\slabbus.sys Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\DRIVERS\slabser.sys Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\DRIVERS\SLIP.sys Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\spoolsv.exe Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\DRIVERS\srv.sys Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\DRIVERS\StreamIP.sys Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\DRIVERS\swenum.sys Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\drivers\swmidi.sys Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\drivers\sysaudio.sys Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\smlogsvc.exe Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\System32\svchost.exe Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\DRIVERS\tcpip.sys Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\tlntsvr.exe Wed Aug 31 14:22:53 2005 => Scanning File F:\SPEEDM~1\TNPACKET.SYS Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\services.exe Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\uhcd.sys Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\update.sys Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\System32\ups.exe Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\USBARW.SYS Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\usbhub.sys Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\usbprint.sys Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\USBSTOR.SYS Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\System32\UtilMan.exe Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\System32\drivers\vga.sys Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\viaagp.sys Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\System32\drivers\viadsk.sys Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\viausb.sys Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\viamraid.sys Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\System32\services.exe Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\wanarp.sys Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\system32\DRIVERS\wanatw4.sys Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\system32\drivers\wdmaud.sys Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\System32\WBEM\WinMgmt.exe Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\System32\mspmspsv.exe Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\System32\svchost.exe Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\system32\Services.exe Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\system32\DRIVERS\WSTCODEC.SYS Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\system32\svchost.exe Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\System32\svchost.exe Wed Aug 31 14:22:54 2005 => ERROR!!! Invalid Entry H:\WINNT\zeta.exe in SYSTEM\CurrentControlSet\Services\ZESOFT... |
|
| Themen zu Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner |
| ad-aware, bitte um hilfe, computer, dateien, firefox, hijack, hijack this, klicke, löschen, mozilla, mozilla firefox, ordner, pop up, pop-up, programm, rechner, rojaner gefunden, seite, spybot, start, system, system32, textdateien, trojaner, trojaner gefunden, viren, virus, warnung, windows, windows system, your computer might be at risk |
Linear-Darstellung
