| |
| |||||||
Log-Analyse und Auswertung: adawareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.12.2005, 22:08
| #2 |
 |  adaware weiter gehts..
__________________#:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1144 ThreadCreationTime : 26.12.2005 18:19:48 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1292 ThreadCreationTime : 26.12.2005 18:19:49 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [lexbces.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1388 ThreadCreationTime : 26.12.2005 18:19:49 BasePriority : Normal FileVersion : 7.4 ProductVersion : 7.4 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LexBce Service InternalName : LexBce Service LegalCopyright : (C) 1993 - 2002 Lexmark International, Inc. OriginalFilename : LexBceS.exe #:13 [lexpps.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1452 ThreadCreationTime : 26.12.2005 18:19:49 BasePriority : Normal #:14 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1508 ThreadCreationTime : 26.12.2005 18:19:49 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:15 [avgamsvr.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1704 ThreadCreationTime : 26.12.2005 18:19:57 BasePriority : Normal FileVersion : 7,1,0,365 ProductVersion : 7.1.0.365 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:16 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1752 ThreadCreationTime : 26.12.2005 18:19:59 BasePriority : Normal FileVersion : 7,1,0,349 ProductVersion : 7.1.0.349 ProductName : AVG 7.0 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:17 [avgemc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1772 ThreadCreationTime : 26.12.2005 18:19:59 BasePriority : Normal FileVersion : 7,1,0,371 ProductVersion : 7.1.0.371 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG E-Mail Scanner InternalName : avgemc LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgemc.exe #:18 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1888 ThreadCreationTime : 26.12.2005 18:20:01 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:19 [vc7secs.exe] FilePath : C:\Programme\HHVcdV7Sys\ ProcessID : 1980 ThreadCreationTime : 26.12.2005 18:20:01 BasePriority : Normal FileVersion : 7, 0, 0, 3 ProductVersion : 7, 0, 0, 0 ProductName : Virtual CD CompanyName : H+H Software GmbH FileDescription : Virtual CD - Management Service InternalName : VC7SecS LegalCopyright : Copyright © 2001 - 2004 by H+H Software GmbH OriginalFilename : VC7SecS.exe #:20 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 492 ThreadCreationTime : 26.12.2005 18:20:06 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:21 [ati2evxx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 936 ThreadCreationTime : 26.12.2005 18:20:10 BasePriority : Normal FileVersion : 6.14.10.4116 ProductVersion : 6.14.10.4116 ProductName : ATI External Event Utility for WindowsNT and Windows9X CompanyName : ATI Technologies Inc. FileDescription : ATI External Event Utility EXE Module InternalName : ATI2EVXX.EXE LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc. OriginalFilename : ATI2EVXX.EXE #:22 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1636 ThreadCreationTime : 26.12.2005 18:20:10 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:23 [lxsupmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 296 ThreadCreationTime : 26.12.2005 18:20:12 BasePriority : Normal FileVersion : 3.0.105.1 ProductVersion : 3.0.105.1 ProductName : Lexmark Supplies Monitor CompanyName : Lexmark International Inc. FileDescription : Supplies Monitor InternalName : LXSUPMON LegalCopyright : Copyright © 2002 OriginalFilename : LXSUPMON.RC #:24 [jusched.exe] FilePath : C:\Programme\Java\jre1.5.0_04\bin\ ProcessID : 472 ThreadCreationTime : 26.12.2005 18:20:13 BasePriority : Normal #:25 [avgcc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 532 ThreadCreationTime : 26.12.2005 18:20:13 BasePriority : Normal FileVersion : 7,1,0,355 ProductVersion : 7.1.0.355 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:26 [vc7play.exe] FilePath : C:\Programme\HHVcdV7Sys\ ProcessID : 548 ThreadCreationTime : 26.12.2005 18:20:13 BasePriority : Normal FileVersion : 7, 0, 0, 2 ProductVersion : 7, 0, 0, 0 ProductName : Virtual CD CompanyName : H+H Software GmbH FileDescription : Virtual CD - Player InternalName : VC7Play LegalCopyright : Copyright (C) 2001-2005 by H+H Software GmbH OriginalFilename : VC7Play.EXE #:27 [qttask.exe] FilePath : C:\Programme\QuickTime\ ProcessID : 788 ThreadCreationTime : 26.12.2005 18:20:13 BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:28 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 872 ThreadCreationTime : 26.12.2005 18:20:14 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:29 [nmbgmonitor.exe] FilePath : C:\Programme\Gemeinsame Dateien\Ahead\lib\ ProcessID : 1036 ThreadCreationTime : 26.12.2005 18:20:14 BasePriority : Normal #:30 [mmkbd.exe] FilePath : D:\Programme\SAMSUNG\Samsung Internet Keyboard\ ProcessID : 1604 ThreadCreationTime : 26.12.2005 18:20:15 BasePriority : Normal FileVersion : 2, 1, 0, 1 ProductVersion : 2, 5, 0, 1 ProductName : MMKbd CompanyName : SITECSOFT Co., LTD. FileDescription : MMKbd InternalName : MMKbd LegalCopyright : (C)SITECSOFT 2000 OriginalFilename : MMKbd.EXE #:31 [firefox.exe] FilePath : C:\Programme\Mozilla Firefox\ ProcessID : 2368 ThreadCreationTime : 26.12.2005 18:20:30 BasePriority : Normal #:32 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1344 ThreadCreationTime : 26.12.2005 20:51:23 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 24 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 24 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 24 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : tismar@as-eu.falkag[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:128 Value : Cookie:tismar@as-eu.falkag.net/ Expires : 24.01.2006 19:50:50 LastSync : Hits:128 UseCount : 0 Hits : 128 Tracking Cookie Object Recognized! Type : IECache Entry Data : tismar@sel.as-eu.falkag[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:74 Value : Cookie:tismar@sel.as-eu.falkag.net/ Expires : 24.01.2006 19:50:50 LastSync : Hits:74 UseCount : 0 Hits : 74 Tracking Cookie Object Recognized! Type : IECache Entry Data : tismar@tradedoubler[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:88 Value : Cookie:tismar@tradedoubler.com/ Expires : 20.12.2025 19:39:40 LastSync : Hits:88 UseCount : 0 Hits : 88 Tracking Cookie Object Recognized! Type : IECache Entry Data : tismar@as1.falkag[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:75 Value : Cookie:tismar@as1.falkag.de/ Expires : 24.01.2006 11:42:50 LastSync : Hits:75 UseCount : 0 Hits : 75 Tracking Cookie Object Recognized! Type : IECache Entry Data : tismar@partners.webmasterplan[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:49 Value : Cookie:tismar@partners.webmasterplan.com/ Expires : 16.12.2015 LastSync : Hits:49 UseCount : 0 Hits : 49 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 5 Objects found so far: 29 Deep scanning and examining files (C  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : joline@adtech[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\Joline\Cookies\joline@adtech[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : joline@as-eu.falkag[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\Joline\Cookies\joline@as-eu.falkag[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : joline@count.xhit[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\Joline\Cookies\joline@count.xhit[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : joline@partners.webmasterplan[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\Joline\Cookies\joline@partners.webmasterplan[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : joline@sel.as-eu.falkag[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\Joline\Cookies\joline@sel.as-eu.falkag[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : joline@tradedoubler[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\Joline\Cookies\joline@tradedoubler[2].txt Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 35 Deep scanning and examining files (D »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 35 Deep scanning and examining files (E »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for E:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 35 Deep scanning and examining files (H »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for H:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 35 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 2 entries scanned. New critical objects:0 Objects found so far: 35 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 35 22:03:02 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:10:34.281 Objects scanned:156249 Objects identified:11 Objects ignored:0 New critical objects:11 |
| Themen zu adaware |
| adobe, alternate, cookie, csrss.exe, detected, download, einstellungen, explorer, free, generic, generic host, generic host process, index, internet, location, logon.exe, lsa shell, lsass.exe, microsoft, opera, photoshop, quara, s-1-5-18, scan, services.exe, software, sound, svchost.exe, system, system32, win32, windows, winlogon.exe |
Baum-Darstellung