Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.08.2005, 13:08   #1
dasschwarzephantom
 
Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner - Standard

Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner



Hallo,
ich bekämpfe schon seit Tagen verschiedene Trojaner u. Viren auf meinem System (Win 2000 mit SP4), leider relativ erfolglos. Heute stöberte ich im Windows System32 Ordner und entdeckte dort Textdateien mit dem jeweiligen Datum in denen alle Aktivitäten auf dem Rechner an diesem Tag gespeichert waren, inkl. Passwörter, Pin-Nummern usw. Zudem erscheint alle paar Minuten ein Pop-Up in dem steht "Your Computer might be at risk - your virus protection is bad..." Klicke ich da drauf, komme ich auf eine sicher gefakte Windows Hilfe Seite, aber auf englisch. Mein Virenprogramm gibt mir ausserdem beim Start des Mozilla Firefox die Meldung 2 Trojaner gefunden zu haben (Trojan Win 2 Qhost.qr und hclean32.exe); trotzdem ich diese Dateien immer löschen lasse sind sie beim nächsten Start wieder da. Ad-Aware, Spybot und Virenprogramm melden keine Aufälligkeiten mehr. Mit Hilfe von "Hijack This" habe ich auffällige Dateien schon entfernt - Pop Up und Virenwarnung bleiben aber.
Weiss jemand was ich da tun kann? Hat jemand auch so komische Protokoll-Text-Dateien im Windows Ordner? Das ist doch wohl nicht normal, oder???
Ich bitte um Hilfe!
Danke! =)

Alt 31.08.2005, 13:10   #2
HerrKautz
 
Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner - Standard

Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner



Poste bitte ein Logfile von HijackThis hier her DL und Anleitung auf http://filepony.de/download-hijackthis/

Hört sich nach Keylogger und/oder Backdoor an!

Gruss
__________________


Alt 31.08.2005, 13:13   #3
dasschwarzephantom
 
Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner - Standard

Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner



Hallo,
vielen Dank für die schnelle Antwort, hier der Logfile von grade eben:


Logfile of HijackThis v1.99.1
Scan saved at 14:13:35, on 31.08.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINNT\System32\smss.exe
H:\WINNT\system32\csrss.exe
H:\WINNT\system32\winlogon.exe
H:\WINNT\system32\services.exe
H:\WINNT\system32\lsass.exe
H:\WINNT\system32\svchost.exe
H:\WINNT\system32\spoolsv.exe
H:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
F:\GData\AVKService.exe
F:\GData\AVKWCtl.exe
H:\WINNT\System32\svchost.exe
F:\MCAFFE~1\MPFSERVICE.exe
H:\WINNT\system32\nvsvc32.exe
H:\WINNT\system32\regsvc.exe
H:\WINNT\system32\MSTask.exe
H:\WINNT\System32\WBEM\WinMgmt.exe
H:\WINNT\System32\mspmspsv.exe
H:\WINNT\system32\svchost.exe
H:\WINNT\Explorer.EXE
F:\MCAFFE~1\MpfTray.exe
H:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
F:\Programme\AOL 9.0D\aoltray.exe
F:\MCAFFE~1\MpfAgent.exe
F:\Office\Office\OUTLOOK.EXE
F:\Firefox\firefox.exe
F:\WinRAR\WinRAR.exe
H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\Rar$EX00.322\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e60/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer vom Schwarzen Phantom
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MPFExe] F:\MCAFFE~1\MpfTray.exe
O4 - HKLM\..\Run: [AOLDialer] H:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = F:\Programme\AOL 9.0D\aoltray.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/08ee5fe9...p/RdxIE601.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O23 - Service: Adobe LM Service - Adobe Systems - H:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - H:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - F:\GData\AVKService.exe
O23 - Service: G DATA AntiVirenKit Wächter (AVKWCtl) - Unknown owner - F:\GData\AVKWCtl.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - H:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - F:\MCAFFE~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - H:\WINNT\system32\nvsvc32.exe
__________________

Alt 31.08.2005, 13:17   #4
HerrKautz
 
Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner - Standard

Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner



Hi,

in dem Log sehe ich nichts auffälliges,was aber nichts bedeuten muss,mach noch einen escan genau nach Anleitung,poste dann was gefunden wird!

http://www.trojaner-board.de/showthread.php?t=17492

Gruss

Alt 31.08.2005, 13:47   #5
dasschwarzephantom
 
Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner - Standard

Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner



Hallo,
der Log von E-Scan ist wahnsinnig lang, welcher Teil davon ist denn wichtig??


Alt 31.08.2005, 13:52   #6
HerrKautz
 
Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner - Standard

Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner



Hi das ganze Log ist wichtig,wie es auch in der Anleitung steht,aber ich kann mir kaum vorstellen,dass du nach 30 Minuten schon fertig bist!

Aber poste mal das Log,auch wenn du 2 Postings oder mehr benötigen solltest!

Alt 31.08.2005, 13:54   #7
dasschwarzephantom
 
Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner - Standard

Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner



Hallo,
doch er ist fertig. Hier also Teil 1:
Wed Aug 31 14:20:36 2005 => **********************************************************
Wed Aug 31 14:20:36 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Wed Aug 31 14:20:36 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Wed Aug 31 14:20:36 2005 => **********************************************************
Wed Aug 31 14:20:36 2005 => Version 7.0.9 (H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\mwavscan.com)
Wed Aug 31 14:20:36 2005 => Log File: H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\MWAV.LOG
Wed Aug 31 14:20:36 2005 => MWAV Registered: FALSE.
Wed Aug 31 14:20:36 2005 => MWAV Mode: Only Scan files.
Wed Aug 31 14:20:37 2005 => Latest Date of files inside MWAV: 24 Aug 2005 09:17:14.
Wed Aug 31 14:20:38 2005 => AV Library Loaded...
Wed Aug 31 14:20:38 2005 => MWAV doing self scanning...
Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavss.exe
Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\Getvlist.exe
Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavss.dll
Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavssdi.dll
Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavssi.dll
Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavvlg.dll
Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\msvlclnt.dll
Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\ipc.dll
Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\main.avi
Wed Aug 31 14:20:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\virus.avi
Wed Aug 31 14:20:38 2005 => MWAV files are clean.
Wed Aug 31 14:20:46 2005 => Virus Database Date: 2005/08/24
Wed Aug 31 14:20:46 2005 => Virus Database Count: 145335

Alt 31.08.2005, 13:55   #8
dasschwarzephantom
 
Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner - Standard

Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner



und Teil2:

Wed Aug 31 14:22:10 2005 => **********************************************************
Wed Aug 31 14:22:10 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Wed Aug 31 14:22:10 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Wed Aug 31 14:22:10 2005 =>
Wed Aug 31 14:22:10 2005 => Support: support@mwti.net
Wed Aug 31 14:22:10 2005 => Web: http://www.mwti.net
Wed Aug 31 14:22:10 2005 => **********************************************************
Wed Aug 31 14:22:10 2005 => Version 7.0.9 (H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\mwavscan.com)
Wed Aug 31 14:22:10 2005 => Log File: H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\MWAV.LOG
Wed Aug 31 14:22:10 2005 => User Account: Das Schwarze Phantom
Wed Aug 31 14:22:10 2005 => Windows Root Folder: H:\WINNT
Wed Aug 31 14:22:10 2005 => Windows Sys32 Folder: H:\WINNT\system32
Wed Aug 31 14:22:10 2005 => OS: Windows NT
Wed Aug 31 14:22:10 2005 => Latest Date of files inside MWAV: 24 Aug 2005 09:17:14.

Wed Aug 31 14:22:10 2005 => Options Selected by User:
Wed Aug 31 14:22:10 2005 => Memory Check: Enabled
Wed Aug 31 14:22:10 2005 => Registry Check: Enabled
Wed Aug 31 14:22:10 2005 => StartUp Folder Check: Enabled
Wed Aug 31 14:22:10 2005 => System Folder Check: Enabled
Wed Aug 31 14:22:10 2005 => System Area Check: Disabled
Wed Aug 31 14:22:10 2005 => Services Check: Enabled
Wed Aug 31 14:22:10 2005 => Drive Check: Disabled
Wed Aug 31 14:22:10 2005 => All Drive Check :Enabled
Wed Aug 31 14:22:10 2005 => Folder Check: Enabled
Wed Aug 31 14:22:10 2005 => Folder Selected = H:\WINNT

Wed Aug 31 14:22:10 2005 => ***** Scanning Memory Files *****
Wed Aug 31 14:22:10 2005 => Scanning File H:\WINNT\System32\smss.exe
Wed Aug 31 14:22:10 2005 => Scanning File H:\WINNT\system32\ntdll.dll
Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\System32\sfcfiles.dll
Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\SYSTEM32\CSRSS.EXE
Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\CSRSRV.dll
Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\basesrv.dll
Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\winsrv.dll
Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\USER32.DLL
Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\KERNEL32.DLL
Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\GDI32.DLL
Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\ADVAPI32.dll
Wed Aug 31 14:22:11 2005 => Scanning File H:\WINNT\system32\RPCRT4.DLL
Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\SHELL32.dll
Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\SHLWAPI.DLL
Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\msvcrt.dll
Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\COMCTL32.DLL
Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\WININET.dll
Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\CRYPT32.dll
Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\MSASN1.DLL
Wed Aug 31 14:22:12 2005 => Scanning File H:\WINNT\system32\OLEAUT32.dll
Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\ole32.dll
Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\psapi.dll
Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\SYSTEM32\WINLOGON.EXE
Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\USERENV.DLL
Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\NDDEAPI.DLL
Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\SFC.DLL
Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\SECUR32.DLL
Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\PROFMAP.DLL
Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\NETAPI32.dll
Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\NETRAP.DLL
Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\SAMLIB.DLL
Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\WS2_32.DLL
Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\WS2HELP.DLL
Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\WLDAP32.DLL
Wed Aug 31 14:22:13 2005 => Scanning File H:\WINNT\system32\DNSAPI.DLL
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\WSOCK32.DLL
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\msgina.dll
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\WINSTA.DLL
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\WINMM.dll
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\setupapi.dll
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\wdmaud.drv
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\wintrust.dll
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\IMAGEHLP.dll
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\mscat32.dll
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\rsaenh.dll
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\VERSION.dll
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\LZ32.DLL
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\cscdll.dll
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\WlNotify.dll
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\CERTCLI.DLL
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\ATL.DLL
Wed Aug 31 14:22:14 2005 => Scanning File H:\WINNT\system32\WINSCARD.DLL
Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\WINSPOOL.DRV
Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\MPR.DLL
Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\msv1_0.dll
Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\wzcdlg.dll
Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\WZCSAPI.DLL
Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\cscui.dll
Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\CLBCATQ.DLL
Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\msacm32.drv
Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\MSACM32.dll
Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\services.exe
Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\UMPNPMGR.DLL
Wed Aug 31 14:22:15 2005 => Scanning File H:\WINNT\system32\SCESRV.DLL
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\NTDSAPI.DLL
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\eventlog.dll
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\dhcpcsvc.dll
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\ICMP.DLL
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\IPHLPAPI.DLL
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\MPRAPI.DLL
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\ACTIVEDS.DLL
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\ADSLDPC.DLL
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\RTUTILS.DLL
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\RASAPI32.DLL
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\RASMAN.DLL
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\TAPI32.DLL
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\dnsrslvr.dll
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\lmhsvc.dll
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\dmserver.dll
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\CFGMGR32.DLL
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\Srvsvc.dll
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\wkssvc.dll
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\CRYPTDLL.DLL
Wed Aug 31 14:22:16 2005 => Scanning File H:\WINNT\system32\cryptsvc.dll
Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\psbase.dll
Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\ESENT.dll
Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\seclogon.dll
Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\trkwks.dll
Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\browser.dll
Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\wmicore.dll
Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\msafd.dll
Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\System32\wshtcpip.dll
Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\appmgmts.dll
Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\MSI.DLL
Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\lsass.exe
Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\LSASRV.dll
Wed Aug 31 14:22:17 2005 => Scanning File H:\WINNT\system32\SAMSRV.DLL
Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\msprivs.dll
Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\kerberos.dll
Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\netlogon.dll
Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\schannel.dll
Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\rsabase.dll
Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\scecli.dll
Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\svchost.exe
Wed Aug 31 14:22:18 2005 => Scanning File h:\winnt\system32\rpcss.dll
Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\mswsock.dll
Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\System32\rnr20.dll
Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\System32\winrnr.dll
Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\rasadhlp.dll
Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\spoolsv.exe
Wed Aug 31 14:22:18 2005 => Scanning File H:\WINNT\system32\SPOOLSS.DLL
Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\localspl.dll
Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\cnbjmon.dll
Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\pjlmon.dll
Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\tcpmon.dll
Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\usbmon.dll
Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\spool\PRTPROCS\W32X86\lexdpp.dll
Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\win32spl.dll
Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\inetpp.dll
Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL
Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\mscms.dll
Wed Aug 31 14:22:19 2005 => Scanning File H:\WINNT\system32\icm32.dll
Wed Aug 31 14:22:19 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\AOLAcsd.exe
Wed Aug 31 14:22:20 2005 => Scanning File H:\WINNT\system32\MSVCR71.dll
Wed Aug 31 14:22:20 2005 => Scanning File H:\WINNT\system32\MSVCP71.dll
Wed Aug 31 14:22:20 2005 => Scanning File H:\WINNT\system32\wtsapi32.dll
Wed Aug 31 14:22:20 2005 => Scanning File H:\WINNT\system32\UTILDLL.dll
Wed Aug 31 14:22:20 2005 => Scanning File H:\WINNT\system32\REGAPI.dll
Wed Aug 31 14:22:20 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\MultiOS.dll
Wed Aug 31 14:22:20 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\UNINET~1.DLL
Wed Aug 31 14:22:20 2005 => Scanning File H:\WINNT\system32\AOLDial.dll
Wed Aug 31 14:22:21 2005 => Scanning File F:\GData\AVKService.exe
Wed Aug 31 14:22:21 2005 => Scanning File F:\GData\AVKWCtl.exe
Wed Aug 31 14:22:21 2005 => Scanning File F:\GData\IcptStub.dll
Wed Aug 31 14:22:21 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\GDATA~1\AVKSCA~1\AVKScan.dll
Wed Aug 31 14:22:21 2005 => Scanning File H:\WINNT\system32\comdlg32.dll
Wed Aug 31 14:22:21 2005 => Scanning File F:\GData\AskUser.dll
Wed Aug 31 14:22:22 2005 => Scanning File F:\GData\SplitExplorer.dll
Wed Aug 31 14:22:22 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\GDATA~1\AVKSCA~1\Base\AVPBASE.DLL
Wed Aug 31 14:22:22 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\GDATA~1\AVKSCA~1\Base\avp_iont.dll
Wed Aug 31 14:22:22 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\GDATA~1\AVKSCA~1\bdf\bdcore.dll
Wed Aug 31 14:22:22 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\GDATA~1\AVKSCA~1\bdf\libfn.dll
Wed Aug 31 14:22:22 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\GDATA~1\AVKSCA~1\bdf\avxdisk.dll
Wed Aug 31 14:22:22 2005 => Scanning File h:\winnt\system32\es.dll
Wed Aug 31 14:22:22 2005 => Scanning File h:\winnt\system32\TxfAux.Dll
Wed Aug 31 14:22:22 2005 => Scanning File h:\winnt\system32\ntmssvc.dll
Wed Aug 31 14:22:22 2005 => Scanning File h:\winnt\system32\sens.dll
Wed Aug 31 14:22:22 2005 => Scanning File H:\WINNT\System32\NTMSDBA.dll
Wed Aug 31 14:22:23 2005 => Scanning File h:\winnt\system32\tapisrv.dll
Wed Aug 31 14:22:23 2005 => Scanning File h:\winnt\system32\rasmans.dll
Wed Aug 31 14:22:23 2005 => Scanning File h:\winnt\system32\netcfgx.dll
Wed Aug 31 14:22:23 2005 => Scanning File h:\winnt\system32\RASDLG.dll
Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\rastapi.dll
Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\unimdm.tsp
Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\uniplat.dll
Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\NTMARTA.DLL
Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\kmddsp.tsp
Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\ndptsp.tsp
Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\ipconf.tsp
Wed Aug 31 14:22:23 2005 => Scanning File H:\WINNT\System32\h323.tsp
Wed Aug 31 14:22:24 2005 => Scanning File H:\WINNT\System32\rasppp.dll
Wed Aug 31 14:22:24 2005 => Scanning File H:\WINNT\System32\ntlsapi.dll
Wed Aug 31 14:22:24 2005 => Scanning File H:\WINNT\System32\comsvcs.dll
Wed Aug 31 14:22:24 2005 => Scanning File H:\WINNT\System32\MSDTCPRX.dll
Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\System32\MTXCLU.DLL
Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\System32\CLUSAPI.DLL
Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\System32\RESUTILS.DLL
Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\System32\raschap.dll
Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\System32\rastls.dll
Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\System32\CRYPTUI.dll
Wed Aug 31 14:22:25 2005 => Scanning File h:\winnt\system32\netman.dll
Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\system32\NETSHELL.dll
Wed Aug 31 14:22:25 2005 => Scanning File H:\WINNT\System32\WMI.dll
Wed Aug 31 14:22:25 2005 => Scanning File F:\MCAFFE~1\MPFSERVICE.exe
Wed Aug 31 14:22:25 2005 => Scanning File F:\MCAFFE~1\Localized.DLL
Wed Aug 31 14:22:26 2005 => Scanning File H:\WINNT\system32\nvsvc32.exe
Wed Aug 31 14:22:26 2005 => Scanning File H:\WINNT\system32\regsvc.exe
Wed Aug 31 14:22:26 2005 => Scanning File H:\WINNT\system32\MSTask.exe
Wed Aug 31 14:22:26 2005 => Scanning File H:\WINNT\system32\MSIDLE.DLL
Wed Aug 31 14:22:26 2005 => Scanning File H:\WINNT\System32\WBEM\WinMgmt.exe
Wed Aug 31 14:22:26 2005 => Scanning File H:\WINNT\System32\WBEM\wbemcomn.dll
Wed Aug 31 14:22:27 2005 => Scanning File H:\WINNT\System32\wbem\wbemcore.dll
Wed Aug 31 14:22:27 2005 => Scanning File H:\WINNT\System32\wbem\fastprox.dll
Wed Aug 31 14:22:27 2005 => Scanning File H:\WINNT\System32\wbem\wbemess.dll
Wed Aug 31 14:22:28 2005 => Scanning File H:\WINNT\System32\wbem\wbemsvc.dll
Wed Aug 31 14:22:28 2005 => Scanning File H:\WINNT\System32\wbem\wmiprov.dll
Wed Aug 31 14:22:28 2005 => Scanning File H:\WINNT\System32\mspmspsv.exe
Wed Aug 31 14:22:28 2005 => Scanning File h:\winnt\system32\wuauserv.dll
Wed Aug 31 14:22:28 2005 => Scanning File H:\WINNT\system32\wuaueng.dll
Wed Aug 31 14:22:28 2005 => Scanning File H:\WINNT\system32\ADVPACK.dll
Wed Aug 31 14:22:28 2005 => Scanning File H:\WINNT\system32\winhttp.dll
Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\Explorer.EXE
Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\system32\shim.dll
Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\AppPatch\AcLayers.DLL
Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\system32\SHDOCVW.DLL
Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\system32\URLMON.DLL
Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\system32\mlang.dll
Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\System32\mshtml.dll
Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\system32\sensapi.dll
Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\system32\mydocs.dll
Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\system32\ntshrui.dll
Wed Aug 31 14:22:29 2005 => Scanning File H:\WINNT\System32\shdoclc.dll
Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\system32\MSLS31.DLL
Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\system32\IMM32.DLL
Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\ntlanman.dll
Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\NETUI0.DLL
Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\NETUI1.DLL
Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\webcheck.dll
Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\system32\stobject.dll
Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\system32\BATMETER.DLL
Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\system32\POWRPROF.DLL
Wed Aug 31 14:22:30 2005 => Scanning File F:\WinRAR\rarext.dll
Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\browselc.dll
Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\system32\LINKINFO.DLL
Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\docprop2.dll
Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\MSVFW32.DLL
Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\System32\AVIFIL32.DLL
Wed Aug 31 14:22:30 2005 => Scanning File H:\WINNT\system32\faxshell.dll
Wed Aug 31 14:22:30 2005 => Scanning File H:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.DLL
Wed Aug 31 14:22:31 2005 => Scanning File H:\WINNT\system32\PRINTUI.DLL
Wed Aug 31 14:22:31 2005 => Scanning File H:\WINNT\System32\jscript.dll
Wed Aug 31 14:22:31 2005 => Scanning File H:\WINNT\system32\imgutil.dll
Wed Aug 31 14:22:31 2005 => Scanning File H:\WINNT\system32\USP10.DLL
Wed Aug 31 14:22:31 2005 => Scanning File H:\WINNT\system32\dsquery.dll
Wed Aug 31 14:22:31 2005 => Scanning File H:\WINNT\system32\dsuiext.dll
Wed Aug 31 14:22:31 2005 => Scanning File H:\WINNT\system32\query.dll
Wed Aug 31 14:22:32 2005 => Scanning File F:\SPYBOT~1\SDHelper.dll
Wed Aug 31 14:22:32 2005 => Scanning File H:\WINNT\system32\olepro32.dll
Wed Aug 31 14:22:32 2005 => Scanning File H:\WINNT\system32\msadp32.acm
Wed Aug 31 14:22:32 2005 => Scanning File H:\WINNT\System32\thumbvw.dll
Wed Aug 31 14:22:32 2005 => Scanning File H:\WINNT\System32\webvw.dll
Wed Aug 31 14:22:32 2005 => Scanning File H:\WINNT\System32\mshtmled.dll
Wed Aug 31 14:22:32 2005 => Scanning File F:\GData\ShellExt.dll
Wed Aug 31 14:22:32 2005 => Scanning File F:\MCAFFE~1\MpfTray.exe
Wed Aug 31 14:22:33 2005 => Scanning File H:\WINNT\system32\RICHED32.DLL
Wed Aug 31 14:22:33 2005 => Scanning File H:\WINNT\system32\RICHED20.dll
Wed Aug 31 14:22:33 2005 => Scanning File H:\WINNT\system32\MPFAPI.dll
Wed Aug 31 14:22:33 2005 => Scanning File H:\WINNT\system32\SHFOLDER.dll
Wed Aug 31 14:22:33 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\AOLDial.exe
Wed Aug 31 14:22:33 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\xpat.dll
Wed Aug 31 14:22:33 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\DE\DIALER~1.DLL
Wed Aug 31 14:22:33 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\DE\ACSUI.DLL
Wed Aug 31 14:22:34 2005 => Scanning File H:\WINNT\system32\MSIMG32.dll
Wed Aug 31 14:22:34 2005 => Scanning File H:\WINNT\System32\wbem\wbemprox.dll
Wed Aug 31 14:22:34 2005 => Scanning File F:\PROGRA~1\AOL9~1.0D\aoltray.exe
Wed Aug 31 14:22:34 2005 => Scanning File F:\MCAFFE~1\MpfAgent.exe
Wed Aug 31 14:22:34 2005 => Scanning File F:\Office\Office\OUTLOOK.EXE
Wed Aug 31 14:22:34 2005 => Scanning File F:\Office\Office\OUTLLIB.dll
Wed Aug 31 14:22:34 2005 => Scanning File F:\Office\Office\MSO9.DLL
Wed Aug 31 14:22:34 2005 => Scanning File F:\Office\Office\1031\outllibr.dll
Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\System\MAPI\1031\nt\omint.dll
Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\GDATA~1\AVKMail\AVKExchd.dll
Wed Aug 31 14:22:35 2005 => Scanning File F:\Office\Office\OUTLRPC.dll
Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\System\MAPI\1031\nt\PSTPRX32.DLL
Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\System\MAPI\1031\nt\OMIPSTNT.DLL
Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\System\MAPI\1031\nt\MAPI32.dll
Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\System\MAPI\1031\NT\ExSec32.dll
Wed Aug 31 14:22:35 2005 => Scanning File H:\WINNT\System32\msoeacct.dll
Wed Aug 31 14:22:35 2005 => Scanning File H:\WINNT\System32\MSOERT2.dll
Wed Aug 31 14:22:35 2005 => Scanning File H:\WINNT\System32\acctres.dll
Wed Aug 31 14:22:35 2005 => Scanning File H:\WINNT\System32\inetcomm.dll
Wed Aug 31 14:22:35 2005 => Scanning File H:\WINNT\System32\inetres.dll
Wed Aug 31 14:22:35 2005 => Scanning File H:\WINNT\system32\PSTOREC.DLL
Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\System\wab32.dll
Wed Aug 31 14:22:35 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\System\wab32res.dll
Wed Aug 31 14:22:35 2005 => Scanning File H:\WINNT\System32\OUTLWAB.DLL

Alt 31.08.2005, 13:56   #9
dasschwarzephantom
 
Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner - Standard

Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner



Teil 3...

Wed Aug 31 14:22:35 2005 => Scanning File F:\Office\Office\RTFHTML.dll
Wed Aug 31 14:22:35 2005 => Scanning File F:\Office\Office\OUTLMIME.DLL
Wed Aug 31 14:22:35 2005 => Scanning File F:\Firefox\firefox.exe
Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\js3250.dll
Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\nspr4.dll
Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\xpcom.dll
Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\plc4.dll
Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\plds4.dll
Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\smime3.dll
Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\nss3.dll
Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\softokn3.dll
Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\ssl3.dll
Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\xpcom_compat.dll
Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\plugins\npnul32.dll
Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\components\jar50.dll
Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\nssckbi.dll
Wed Aug 31 14:22:36 2005 => Scanning File F:\Firefox\plugins\NPSWF32.dll
Wed Aug 31 14:22:36 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\Rar$EX00.322\HijackThis.exe
Wed Aug 31 14:22:37 2005 => Scanning File H:\WINNT\system32\MSVBVM60.DLL
Wed Aug 31 14:22:37 2005 => Scanning File H:\WINNT\system32\asycfilt.dll
Wed Aug 31 14:22:37 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\mwavscan.com
Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\psapi.dll
Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\msvlclnt.dll
Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavssdi.dll
Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavssd.dll
Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavssi.dll
Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\ipc.dll
Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\RICHED32.DLL
Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\system32\VDMDBG.DLL
Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavss.exe
Wed Aug 31 14:22:38 2005 => Scanning File H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\kavss.dll

Wed Aug 31 14:22:38 2005 => ***** Scanning Registry Files *****

Wed Aug 31 14:22:38 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\system32\NETSHELL.dll
Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\System32\webcheck.dll
Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\system32\stobject.dll

Wed Aug 31 14:22:38 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Wed Aug 31 14:22:38 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension

Wed Aug 31 14:22:38 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

Wed Aug 31 14:22:38 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Wed Aug 31 14:22:38 2005 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = H:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
Wed Aug 31 14:22:38 2005 => Scanning File H:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.DLL
Wed Aug 31 14:22:38 2005 => {53707962-6F74-2D53-2644-206D7942484F} = F:\SPYBOT~1\SDHelper.dll
Wed Aug 31 14:22:38 2005 => Scanning File F:\SPYBOT~1\SDHelper.dll

Wed Aug 31 14:22:38 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler
Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\System32\browseui.dll

Wed Aug 31 14:22:38 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\system32\mmsys.cpl
Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\system32\icmui.dll
Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\system32\rshx32.dll
Wed Aug 31 14:22:38 2005 => Scanning File H:\WINNT\system32\docprop.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\ntshrui.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\plustab.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\deskadp.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\deskmon.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\dssec.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\shscrap.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\diskcopy.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\ntlanui2.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\System32\icmui.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\icmui.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\printui.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\dskquoui.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\syncui.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\System32\hticons.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\fontext.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\icmui.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\rshx32.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\ntshrui.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\deskperf.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\System32\wshext.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\cryptext.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\cryptext.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\system32\NETSHELL.dll
Wed Aug 31 14:22:39 2005 => Scanning File H:\WINNT\System32\mstask.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\mstask.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\mstask.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shell32.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\shdocvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\sendmail.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\sendmail.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\occache.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\webcheck.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\thumbvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\thumbvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\thumbvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\thumbvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\thumbvw.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\appwiz.cpl
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\appwiz.cpl
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\System32\appwiz.cpl
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\dsfolder.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\dsfolder.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\dsquery.dll
Wed Aug 31 14:22:40 2005 => Scanning File H:\WINNT\system32\dsquery.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\dsquery.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\dsuiext.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\dsuiext.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\mydocs.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\mydocs.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\mydocs.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\mydocs.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\cscui.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\cscui.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\cscui.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\mmcshext.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\cabview.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\nvshell.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\nvshell.dll
Wed Aug 31 14:22:41 2005 => Scanning File F:\Office\Office\OLKFSTUB.DLL
Wed Aug 31 14:22:41 2005 => Scanning File F:\WinRAR\rarext.dll
Wed Aug 31 14:22:41 2005 => Scanning File F:\Programme\rpshell.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\browseui.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\shdocvw.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\PROGRA~1\OUTLOO~1\wabfind.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\cdfview.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\cdfview.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\cdfview.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\cdfview.dll
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\System32\cdfview.dll

Alt 31.08.2005, 13:57   #10
dasschwarzephantom
 
Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner - Standard

Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner



und weiter, Teil4:

Wed Aug 31 14:22:41 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Wed Aug 31 14:22:41 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\Explorer.exe
Wed Aug 31 14:22:41 2005 => Scanning File H:\WINNT\system32\userinit.exe
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\fdeploy.dll
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\dskquota.dll
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\gptext.dll
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\scecli.dll
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\iedkcs32.dll
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\scecli.dll
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\appmgmts.dll
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\gptext.dll
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\crypt32.dll
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\cryptnet.dll
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\cscdll.dll
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\sclgntfy.dll
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\WlNotify.dll
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\wzcdlg.dll

Wed Aug 31 14:22:42 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Wed Aug 31 14:22:42 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Wed Aug 31 14:22:42 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Wed Aug 31 14:22:42 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDEBUG
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\drwtsn32.exe

Wed Aug 31 14:22:42 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\ntsd.exe

Wed Aug 31 14:22:42 2005 => Scanning HKCU\Control Panel\Desktop

Wed Aug 31 14:22:42 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Control\WOW
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\ntvdm.exe
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\ntvdm.exe

Wed Aug 31 14:22:42 2005 => Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\inf\unregmp2.exe
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\System32\shmgrate.exe
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\System32\shmgrate.exe
Wed Aug 31 14:22:42 2005 => Scanning File H:\WINNT\system32\RunDLL32.exe
Wed Aug 31 14:22:42 2005 => Scanning File H:\PROGRA~1\OUTLOO~1\setup50.exe
Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\rundll32.exe
Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\regsvr32.exe
Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\rundll32.exe
Wed Aug 31 14:22:43 2005 => Scanning File H:\PROGRA~1\OUTLOO~1\setup50.exe
Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\regsvr32.exe
Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\System32\ie4uinit.exe
Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\System32\updcrl.exe

Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Wed Aug 31 14:22:43 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Run

Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run

Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\mobsync.exe
Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\RUNDLL32.EXE
Wed Aug 31 14:22:43 2005 => Scanning File F:\MCAFFE~1\MpfTray.exe
Wed Aug 31 14:22:43 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\AOLDial.exe
Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\RunDll32.exe
Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\system32\nwiz.exe

Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Wed Aug 31 14:22:43 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

Wed Aug 31 14:22:43 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Wed Aug 31 14:22:43 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Wed Aug 31 14:22:43 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Wed Aug 31 14:22:43 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Wed Aug 31 14:22:43 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup

Wed Aug 31 14:22:43 2005 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Wed Aug 31 14:22:43 2005 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Wed Aug 31 14:22:43 2005 => Scanning File H:\PROGRA~1\INTERN~1\CONNEC~1\icwconn1.exe

Wed Aug 31 14:22:43 2005 => Scanning HKCR\txtfile\shell\open\command

Wed Aug 31 14:22:43 2005 => Scanning HKCR\comfile\shell\open\command

Wed Aug 31 14:22:43 2005 => Scanning HKCR\exefile\shell\open\command

Wed Aug 31 14:22:43 2005 => Scanning HKCR\dllfile\shell\open\command

Wed Aug 31 14:22:43 2005 => Scanning HKCR\batfile\shell\open\command

Wed Aug 31 14:22:43 2005 => Scanning HKCR\piffile\shell\open\command

Wed Aug 31 14:22:43 2005 => Scanning HKCR\scrfile\shell\open\command

Wed Aug 31 14:22:43 2005 => Scanning HKCR\scrfile\shell\config\command
Wed Aug 31 14:22:43 2005 => Replacing Registry Value

Wed Aug 31 14:22:43 2005 => Scanning HKCR\regfile\shell\open\command

Wed Aug 31 14:22:43 2005 => Scanning HKCR\htmlfile\shell\open\command
Wed Aug 31 14:22:43 2005 => Scanning File H:\PROGRA~1\INTERN~1\iexplore.exe

Wed Aug 31 14:22:43 2005 => Scanning HKCR\htafile\shell\open\command
Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\System32\mshta.exe

Wed Aug 31 14:22:43 2005 => Scanning HKCR\jsfile\shell\open\command
Wed Aug 31 14:22:43 2005 => Scanning File H:\WINNT\System32\WScript.exe

Wed Aug 31 14:22:44 2005 => Scanning HKCR\jsefile\shell\open\command
Wed Aug 31 14:22:44 2005 => Scanning File H:\WINNT\System32\WScript.exe

Wed Aug 31 14:22:44 2005 => Scanning HKCR\vbsfile\shell\open\command
Wed Aug 31 14:22:44 2005 => Scanning File H:\WINNT\System32\WScript.exe

Wed Aug 31 14:22:44 2005 => Scanning HKCR\vbefile\shell\open\command
Wed Aug 31 14:22:44 2005 => Scanning File H:\WINNT\System32\WScript.exe

Alt 31.08.2005, 13:58   #11
HerrKautz
 
Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner - Standard

Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner



Stop das ist falsch!

So musst du vorgehen:

Öffne die 'mwav.log' im Ordner 'C:\Bases_X' -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen.

Alt 31.08.2005, 13:58   #12
dasschwarzephantom
 
Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner - Standard

Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner



5...

Wed Aug 31 14:22:44 2005 => Scanning HKCR\wshfile\shell\open\command
Wed Aug 31 14:22:44 2005 => Scanning File H:\WINNT\System32\WScript.exe

Wed Aug 31 14:22:44 2005 => Scanning HKCR\wsffile\shell\open\command
Wed Aug 31 14:22:44 2005 => Scanning File H:\WINNT\System32\WScript.exe

Wed Aug 31 14:22:44 2005 => ***** Scanning StartUp Folders *****

Wed Aug 31 14:22:44 2005 => ***** Scanning H:\Dokumente und Einstellungen\Das Schwarze Phantom\Startmenü\Programme\Autostart Folder *****
Wed Aug 31 14:22:44 2005 => Scanning Folder: H:\Dokumente und Einstellungen\Das Schwarze Phantom\Startmenü\Programme\Autostart\*.*

Wed Aug 31 14:22:44 2005 => ***** Scanning H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop Folder *****
Wed Aug 31 14:22:44 2005 => Scanning Folder: H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\*.*
Wed Aug 31 14:22:44 2005 => Scanning Folder: H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\*.*
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Di_Aug_09_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Di_Aug_16_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Di_Jul_19_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Do_Aug_11_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Do_Jul_14_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Fr_Aug_12_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Fr_Jul_15_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mi_Aug_10_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mi_Aug_17_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mi_Jul_13_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mi_Jul_20_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mo_Aug_08_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mo_Aug_15_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mo_Aug_22_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Mo_Jul_18_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\Sa_Jul_16_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\So_Aug_07_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\So_Aug_14_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\So_Aug_21_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Neuer Ordner\So_Jul_17_2005.txt
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\P37-730.pdf
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Praktikumsbericht.doc2.doc
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\Das Schwarze Phantom\Desktop\Verknüpfung mit opm.exe.lnk

Wed Aug 31 14:22:44 2005 => ***** Scanning H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder *****
Wed Aug 31 14:22:44 2005 => Scanning Folder: H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.*
Wed Aug 31 14:22:44 2005 => Scanning File H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk

Wed Aug 31 14:22:44 2005 => ***** Scanning Service Files *****
Wed Aug 31 14:22:44 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Wed Aug 31 14:22:44 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\ADOBES~1\Service\ADOBEL~1.EXE
Wed Aug 31 14:22:44 2005 => Scanning File H:\WINNT\System32\drivers\afd.sys
Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\System32\services.exe
Wed Aug 31 14:22:45 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\AOLAcsd.exe
Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\services.exe
Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\DRIVERS\asyncmac.sys
Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\DRIVERS\atapi.sys
Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\DRIVERS\atmarpc.sys
Wed Aug 31 14:22:45 2005 => Scanning File H:\PROGRA~1\GEMEIN~1\AOL\ACS\ATWPKT2.SYS
Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\DRIVERS\audstub.sys
Wed Aug 31 14:22:45 2005 => Scanning File F:\GData\AVKService.exe
Wed Aug 31 14:22:45 2005 => Scanning File F:\GData\AVKWCtl.exe
Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\System32\svchost.exe
Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\System32\services.exe
Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\DRIVERS\CCDECODE.sys
Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\DRIVERS\cdrom.sys
Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\DRIVERS\cirrus.sys
Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\System32\cisvc.exe
Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\clipsrv.exe
Wed Aug 31 14:22:45 2005 => Scanning File H:\WINNT\system32\drivers\cmuda.sys
Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\system32\drivers\cwcspud.sys
Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\system32\drivers\cwcspud3.sys
Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\system32\drivers\cwcwdm.sys
Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\System32\services.exe
Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\system32\DRIVERS\disk.sys
Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\System32\dmadmin.exe
Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\system32\drivers\dmboot.sys
Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\system32\drivers\dmio.sys
Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\system32\drivers\dmload.sys
Wed Aug 31 14:22:46 2005 => Scanning File H:\WINNT\System32\services.exe
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\drivers\DMusic.sys
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\System32\services.exe
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\services.exe
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\System32\svchost.exe
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\faxsvc.exe
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\fdc.sys
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\fetnd5b.sys
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\flpydisk.sys
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\ftdisk.sys
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\gameenum.sys
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\SYSTEM32\INTERCEPTOR.SYS
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\msgpc.sys
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\hidusb.sys
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\SYSTEM32\DRIVERS\HOOKCENTRE.SYS
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\i8042prt.sys
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\ipfltdrv.sys
Wed Aug 31 14:22:47 2005 => Scanning File H:\WINNT\system32\DRIVERS\ipinip.sys
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\ipnat.sys
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\ipsec.sys
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\irenum.sys
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\isapnp.sys
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\kbdclass.sys
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\drivers\kmixer.sys
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\System32\services.exe
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\System32\services.exe
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\System32\services.exe
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\lsermous.sys
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\System32\services.exe
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\System32\mnmsrvc.exe
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\mouclass.sys
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\mouhid.sys
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\MPE.sys
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\Drivers\MpFirewall.sys
Wed Aug 31 14:22:48 2005 => Scanning File F:\MCAFFE~1\MPFSERVICE.exe
Wed Aug 31 14:22:48 2005 => Scanning File H:\WINNT\system32\DRIVERS\mrxsmb.sys
Wed Aug 31 14:22:49 2005 => ERROR!!! Invalid Entry \??\H:\DOKUME~1\DASSCH~1\LOKALE~1\Temp\msdirectx.sys in SYSTEM\CurrentControlSet\Services\msdirectx...
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\System32\msdtc.exe
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\System32\MsiExec.exe
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\drivers\MSKSSRV.sys
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\drivers\MSPCLOCK.sys
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\drivers\MSPQM.sys
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\drivers\MSTEE.sys
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\drivers\msmpu401.sys
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\DRIVERS\NABTSFEC.sys
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\DRIVERS\ndistapi.sys
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\DRIVERS\ndisuio.sys
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\DRIVERS\ndiswan.sys
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\DRIVERS\netbios.sys
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\DRIVERS\netbt.sys
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\netdde.exe
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\netdde.exe
Wed Aug 31 14:22:49 2005 => Scanning File H:\WINNT\system32\drivers\netdtect.sys
Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\System32\lsass.exe
Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\System32\svchost.exe
Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\NtApm.sys
Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\System32\lsass.exe
Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\System32\svchost.exe
Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\nv4_mini.sys
Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\nv4_mini.sys
Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\nvsvc32.exe
Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\nwlnkflt.sys
Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\nwlnkfwd.sys
Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\parallel.sys
Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\parport.sys
Wed Aug 31 14:22:50 2005 => Scanning File F:\SPEEDM~1\PCANDIS5.SYS
Wed Aug 31 14:22:50 2005 => Scanning File H:\WINNT\system32\DRIVERS\pci.sys
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\pciide.sys
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\services.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\lsass.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\raspptp.sys
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\services.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\ptilink.sys
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\Drivers\PxHelp20.sys
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\rasacd.sys
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\svchost.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\rasl2tp.sys
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\svchost.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\raspti.sys
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\drivers\RCA.sys
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\rdbss.sys
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\redbook.sys
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\svchost.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\regsvc.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\RMSPPPOE.SYS
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\locator.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\svchost.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\rsvp.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\RTL8029.SYS
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\lsass.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\SCardSvr.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\System32\SCardSvr.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\MSTask.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\services.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\svchost.exe
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\serenum.sys
Wed Aug 31 14:22:51 2005 => Scanning File H:\WINNT\system32\DRIVERS\serial.sys
Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\System32\svchost.exe
Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\DRIVERS\slabbus.sys
Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\DRIVERS\slabser.sys
Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\DRIVERS\SLIP.sys
Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\spoolsv.exe
Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\DRIVERS\srv.sys
Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\DRIVERS\StreamIP.sys
Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\DRIVERS\swenum.sys
Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\drivers\swmidi.sys
Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\drivers\sysaudio.sys
Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\smlogsvc.exe
Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\System32\svchost.exe
Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\DRIVERS\tcpip.sys
Wed Aug 31 14:22:52 2005 => Scanning File H:\WINNT\system32\tlntsvr.exe
Wed Aug 31 14:22:53 2005 => Scanning File F:\SPEEDM~1\TNPACKET.SYS
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\services.exe
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\uhcd.sys
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\update.sys
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\System32\ups.exe
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\USBARW.SYS
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\usbhub.sys
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\usbprint.sys
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\USBSTOR.SYS
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\System32\UtilMan.exe
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\System32\drivers\vga.sys
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\viaagp.sys
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\System32\drivers\viadsk.sys
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\viausb.sys
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\viamraid.sys
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\System32\services.exe
Wed Aug 31 14:22:53 2005 => Scanning File H:\WINNT\system32\DRIVERS\wanarp.sys
Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\system32\DRIVERS\wanatw4.sys
Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\system32\drivers\wdmaud.sys
Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\System32\WBEM\WinMgmt.exe
Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\System32\mspmspsv.exe
Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\System32\svchost.exe
Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\system32\Services.exe
Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\system32\DRIVERS\WSTCODEC.SYS
Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\system32\svchost.exe
Wed Aug 31 14:22:54 2005 => Scanning File H:\WINNT\System32\svchost.exe
Wed Aug 31 14:22:54 2005 => ERROR!!! Invalid Entry H:\WINNT\zeta.exe in SYSTEM\CurrentControlSet\Services\ZESOFT...

Antwort

Themen zu Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner
ad-aware, bitte um hilfe, computer, dateien, firefox, hijack, hijack this, klicke, löschen, mozilla, mozilla firefox, ordner, pop up, pop-up, programm, rechner, seite, spybot, start, system, system32, textdateien, trojaner, trojaner gefunden, viren, virus, warnung, windows, windows system, your computer might be at risk



Ähnliche Themen: Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner


  1. Avast meldet anythicago im System32 Ordner
    Plagegeister aller Art und deren Bekämpfung - 11.06.2015 (12)
  2. Automatische leere Textdateien werden automatisch heruntergeladen
    Plagegeister aller Art und deren Bekämpfung - 20.03.2015 (5)
  3. svchost.exe gefunden aber nicht im system32 Ordner
    Log-Analyse und Auswertung - 28.07.2012 (5)
  4. Antivirus findet versteckten Ordner in System32
    Log-Analyse und Auswertung - 09.01.2012 (1)
  5. Trojaner "TR/bafi.A.2 Im Windows System32 Ordner
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (1)
  6. jucheck.exe in windows/system32-ordner : Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 01.09.2010 (10)
  7. habe TROJANER im system32 ordner
    Plagegeister aller Art und deren Bekämpfung - 30.01.2010 (2)
  8. TROJANER im system32 ordner entfernen
    Plagegeister aller Art und deren Bekämpfung - 30.01.2010 (1)
  9. TROJANER im system32 ordner
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (1)
  10. WORM/SdBot.DFNQ im System32 Ordner
    Log-Analyse und Auswertung - 12.01.2010 (1)
  11. reader_s und restorer32_a in Ordner system32
    Log-Analyse und Auswertung - 21.11.2009 (31)
  12. TR/Monder.bbwm und TR/Vundo.Gen im System32 Ordner
    Plagegeister aller Art und deren Bekämpfung - 23.02.2009 (29)
  13. Trojaner im System32 und Temp Ordner
    Plagegeister aller Art und deren Bekämpfung - 05.01.2009 (1)
  14. TR/Hijack.AE.2 (nvnccsrs) im Ordner System32
    Plagegeister aller Art und deren Bekämpfung - 14.11.2008 (3)
  15. System32 Ordner ist 25 GB gross...
    Plagegeister aller Art und deren Bekämpfung - 03.10.2007 (5)
  16. ehjaehj.dll im System32 Ordner.
    Plagegeister aller Art und deren Bekämpfung - 01.08.2007 (8)
  17. Trojaner in System32 Ordner !
    Antiviren-, Firewall- und andere Schutzprogramme - 07.09.2006 (5)

Zum Thema Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner - Hallo, ich bekämpfe schon seit Tagen verschiedene Trojaner u. Viren auf meinem System (Win 2000 mit SP4), leider relativ erfolglos. Heute stöberte ich im Windows System32 Ordner und entdeckte dort - Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner...
Archiv
Du betrachtest: Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.