Hallo allerseits,
leider habe ich mir offenbar vergangene Woche einen Trojaner eingefangen (Es erschien ein Screen, wonach ich zur Entfernung von Malware Geld bezahlen sollte). Nach einem Neustart konnte ich auf den PC wieder zugreifen, habe AntiVir laufen lassen und auch einen Schädling entdeckt und entfernen lassen. Damit dachte ich, es sei Ruhe.
Als ich aber nun einen Anruf meiner Bank bekam, dass es einen Phishing-Versuch auf meine Bankdaten gegeben habe, bin ich natürlich nervös geworden. (Online Banking ist nun gesperrt, Passwörter sind von einem sicheren Rechner alle geändert worden.)
Nach Suchläufen diverser Programme (Avast, Malwarebytes, SuperAntispyware) scheint das System eigentlich sauber zu sein. Einzig der ESET Online Scanner wird jedes Mal aufs Neue fündig: Er meldet „
a variant of Win32/Kryptik.ADPW trojan“ in verschiedenen Varianten im Ordner
AppData/Roaming (Log siehe unten). Er löscht diese Daten jedes Mal, sie werden aber offensichtlich umgehend unter verschiedenen Namen (
„Licensevalidator.exe“, „Upgradechecker.exe“, „Validator.exe“, „Upgrade.exe“) in scheinbar zufällig gewählten Unterordnern von
AppData/Roaming neu generiert. Auch im Autostart sind diese Einträge vorhanden. Lösche ich einen (mit CCCleaner), erscheint umgehend ein neuer.
Die entsprechenden Dateien sind in der Unterordnern auch tatsächlich vorhanden. Sämtliche Virenscanner abgesehen von ESET finden dort aber nichts.
ESET weist auch auf eine Variante von „
Win32/Gataka.A trojan“ in der operating memory hin, die er nicht entfernen kann. Kann das die Ursache sein?
Daher nun meine Bitte um Hilfe. Kann man da abgesehen von einer Formatierung noch etwas machen? Das Problem ist, dass ich in den nächsten zwei Wochen nicht zuhause bin und daher keine Datensicherung vornehmen kann.
Beste Grüße und vielen Dank im Voraus!
Alex
Hier das ESET log:
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=31fff41c51fc444e9728e08708d99360
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-03 12:43:32
# local_time=2012-04-03 02:43:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777191 100 0 427906 427906 0 0
# compatibility_mode=5892 16776573 100 100 27892022 170983939 0 0
# compatibility_mode=8192 67108863 100 0 1397 1397 0 0
# scanned=140257
# found=20
# cleaned=19
# scan_time=5802
C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\19cf9356-19c43f5f probably a variant of Java/TrojanDownloader.Agent.AB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Adobe\{EC787761-13EC-480D-978B-575471DE987F}\LicenseValidator.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Google Inc\{0194D3E4-D4C0-4CE8-AA89-31C902AF3176}\UpgradeChecker.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Google Inc\{2501433C-EDB7-4399-8877-F27F883D517E}\UpgradeChecker.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Identities\{100342A0-777E-4A23-A516-3806DDDAB369}\LicenseValidator.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Identities\{1AAAB39D-2043-4661-AD9B-7E65EA8DB077}\LicenseValidator.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Identities\{26A8BC7A-9985-4CF2-B720-FD60AC81AC22}\LicenseValidator.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Identities\{754D27FD-3FF4-4CF0-9CF8-2620EDEA94EB}\LicenseValidator.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Identities\{FD4DA133-E1BB-4F2E-BCAC-FAF3AFF3107A}\LicenseValidator.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Opera\{4D76FC61-5EDA-44D9-96B3-A483CBFF31AB}\Upgrade.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Opera\{80DE4091-54BD-493F-8D99-CD03F43FF8A4}\Upgrade.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Sun\{1B05AE38-A996-4FE7-8A15-1CE3289C0E97}\Validator.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Sun\{46159699-BB59-4F98-B4AB-C36D544560DA}\Validator.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\TeamViewer\{1FDAAF84-6A28-42E8-964C-EBDEF13A17E2}\UpgradeHelper.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\TeamViewer\{48FC05F0-5925-47E8-917F-B7B76858BE79}\UpgradeChecker.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\TeamViewer\{C9960182-3FB1-485D-BDE9-9A6D5CF37BBE}\UpgradeChecker.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\TeamViewer\{D6078D1D-DA99-4DBB-B712-A43F4183CA92}\UpgradeHelper.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Windows Desktop Search\{163F67E3-9DBD-4A6A-A179-2217C1F71270}\LicenseValidator.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Windows Desktop Search\{FEC4300F-7B0C-424A-89D5-644C919A653D}\LicenseValidator.exe a variant of Win32/Kryptik.ADNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Gataka.A trojan 00000000000000000000000000000000 I
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=31fff41c51fc444e9728e08708d99360
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-03 04:18:33
# local_time=2012-04-03 06:18:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777191 100 0 436507 436507 0 0
# compatibility_mode=5892 16776573 100 100 27900623 170996140 0 0
# compatibility_mode=8192 67108863 100 0 9998 9998 0 0
# scanned=139496
# found=7
# cleaned=6
# scan_time=6518
C:\Users\Alex\AppData\Roaming\Google Inc\{862AED70-4347-46C0-AED2-3C7ECC6ED589}\UpgradeChecker.exe a variant of Win32/Kryptik.ADPW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Identities\{47D3F481-2E59-41CE-ABEE-663FB00B06C9}\LicenseValidator.exe a variant of Win32/Kryptik.ADPW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Opera\{55BA2FAA-513D-4177-8B5E-75FBC26B0498}\Upgrade.exe a variant of Win32/Kryptik.ADPW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Skype\{AD31538F-CC3F-459D-96A9-8D27699FAD5C}\LicenseValidator.exe a variant of Win32/Kryptik.ADPW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Sun\{6CEBBEF3-C3B1-4302-BA17-4A24ADB31D69}\Validator.exe a variant of Win32/Kryptik.ADPW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Windows Desktop Search\{7B0AA734-79BD-49CA-931C-BD70DC730703}\LicenseValidator.exe a variant of Win32/Kryptik.ADPW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Gataka.A trojan 00000000000000000000000000000000 I
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=31fff41c51fc444e9728e08708d99360
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-03 06:24:13
# local_time=2012-04-03 08:24:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777191 100 0 444951 444951 0 0
# compatibility_mode=5892 16776573 100 100 27909067 171004584 0 0
# compatibility_mode=8192 67108863 100 0 18442 18442 0 0
# scanned=139450
# found=3
# cleaned=2
# scan_time=5617
C:\TDSSKiller_Quarantine\03.04.2012_18.33.43\rtkt0000\svc0000\tsk0000.dta Win32/Agent.SUC.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\TeamViewer\{508812D6-0359-42E3-AB4C-1E4532A93B5B}\Validator.exe a variant of Win32/Kryptik.ADPW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Gataka.A trojan 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=31fff41c51fc444e9728e08708d99360
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-03 08:12:33
# local_time=2012-04-03 10:12:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777191 100 0 451072 451072 0 0
# compatibility_mode=5892 16776573 100 100 27915188 171010705 0 0
# compatibility_mode=8192 67108863 100 0 24563 24563 0 0
# scanned=127642
# found=7
# cleaned=6
# scan_time=5975
C:\Users\Alex\AppData\Roaming\Google Inc\{02031E6E-AD91-4D47-BA70-322491C07CBA}\UpgradeChecker.exe a variant of Win32/Kryptik.ADPW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Identities\{9B0BAE00-C0B5-412F-8B9A-D3D26332B593}\LicenseValidator.exe a variant of Win32/Kryptik.ADPW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Opera\{3A518B6F-BD8C-41B3-B052-51A66AAC961C}\Upgrade.exe a variant of Win32/Kryptik.ADPW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Sun\{8DB6EBA3-6833-4411-A2B5-5AE4CB71E75E}\Validator.exe a variant of Win32/Kryptik.ADPW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\TeamViewer\{624E8EA1-E3E7-432A-A951-6E583A3B9EF5}\UpgradeChecker.exe a variant of Win32/Kryptik.ADPW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Roaming\Windows Desktop Search\{2DE58D2D-F234-4DD7-AB2D-AE889FDD80D3}\LicenseValidator.exe a variant of Win32/Kryptik.ADPW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Gataka.A trojan 00000000000000000000000000000000 I
|
Und hier das DDS log:
Zitat:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.16386 BrowserJavaVersion: 1.6.0_29
Run by Alex at 11:10:00 on 2012-04-04
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.894.305 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [UpgradeHelper] c:\users\alex\appdata\roaming\teamviewer\{ead6700e-d060-4144-9702-1511db260cbe}\UpgradeHelper.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
dRunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DD68B3F4-4673-4B27-BECB-4F5DD8D03FEE} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: ccc-core-static - msiexec /fums {1B91DBAF-C919-6A57-18E2-C7D7EF4FF08C} /qb
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\loqoo4iv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\alex\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-11-20 38400]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-11-17 31360]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-3 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-3 337880]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-29 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-3-29 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-3-29 110032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-3 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-4-3 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-3 44768]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-29 74640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-03 19:19:24 -------- d-----w- c:\users\alex\appdata\roaming\SUPERAntiSpyware.com
2012-04-03 19:16:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-03 19:16:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-03 16:37:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 15:20:53 -------- d-----w- c:\users\alex\appdata\roaming\TeamViewer
2012-04-03 14:00:48 -------- d-----w- c:\users\alex\appdata\local\Google
2012-04-03 14:00:32 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-03 14:00:29 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-03 13:59:29 41184 ----a-w- c:\windows\avastSS.scr
2012-04-03 13:58:17 -------- d-----w- c:\programdata\AVAST Software
2012-04-03 13:58:17 -------- d-----w- c:\program files\AVAST Software
2012-04-03 10:43:34 -------- d-----w- c:\program files\ESET
2012-04-03 09:42:59 -------- d-----w- c:\program files\MSConfig CleanUp
2012-04-03 09:38:52 -------- d-----w- c:\users\alex\appdata\roaming\Windows Desktop Search
2012-04-03 09:38:23 -------- d-----w- c:\users\alex\appdata\roaming\Google Inc
2012-04-02 14:21:47 -------- d-----w- c:\users\alex\appdata\roaming\Malwarebytes
2012-04-02 14:21:15 -------- d-----w- c:\programdata\Malwarebytes
2012-04-02 14:21:13 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 14:21:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-02 13:36:27 -------- d-----w- c:\users\alex\appdata\local\adawarebp
2012-04-02 13:36:18 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-02 13:36:11 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-02 13:35:03 -------- d-----w- c:\program files\adawaretb
2012-03-29 12:17:59 -------- d-----w- c:\users\alex\appdata\roaming\Avira
2012-03-29 12:15:12 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-29 12:15:12 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-29 12:15:05 -------- d-----w- c:\programdata\Avira
2012-03-29 12:15:05 -------- d-----w- c:\program files\Avira
2012-03-28 16:13:14 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-28 16:13:14 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-03-28 16:13:14 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-03-28 16:13:13 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-03-28 16:13:13 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-03-19 18:19:27 -------- d-----w- c:\users\alex\appdata\local\Temp
2012-03-18 20:36:09 -------- d-----w- c:\users\alex\appdata\roaming\11001
2012-03-18 20:35:58 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 20:35:58 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-17 05:45:15 -------- d-----w- c:\users\alex\appdata\roaming\UAs
2012-03-17 05:34:33 -------- d-----w- c:\users\alex\appdata\roaming\10017
2012-03-14 18:51:07 -------- d-----w- c:\users\alex\appdata\roaming\10016
2012-03-14 18:51:03 136 ----a-w- c:\users\alex\appdata\roaming\srvblck2.tmp
2012-03-14 18:50:56 -------- d-----w- c:\users\alex\appdata\roaming\xmldm
2012-03-14 18:50:53 -------- d-----w- c:\users\alex\appdata\roaming\kock
2012-03-09 20:51:05 -------- d-----w- c:\programdata\Caphyon
2012-03-09 20:50:59 -------- d-----w- c:\program files\No23 Recorder
.
==================== Find3M ====================
.
2012-04-03 16:39:45 492648 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-04-03 10:51:39 149616822 ----a-w- c:\windows\DUMP4313.tmp
.
============= FINISH: 11:11:04,05 ===============
|
Weitere Logfiles (Attach.txt / GMER) im Anhang.
04.04.2012, 11:04
Baum-Darstellung