![]() |
|
Log-Analyse und Auswertung: Trojaner bit 2048 sowie Verlangsamung des ComputersWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Trojaner bit 2048 sowie Verlangsamung des Computers Guten Tag Zusammen, ich hatte vorgestern eine Freundin zu Besuch, deren Smartphone vergangenes Wochenende gestohlen wurde. Nun war sie früh morgens an meinem Notebook und hat eine Fake-Telekom-email bekommen, in der Stand, dass sie 126 € zu zahlen habe. Scheinbar leicht verschlafen hat sie den Anhang geöffnet (eine .exe-Datei ![]() 5min danach hat sich ein Bildschirm bei mir geöffnet, der ein Windows-Update für 100€ verkaufen wollte... daraufhin habe ich mich informiert und ich habe herausgefunden, dass es sich um einen Trojaner handelt... Beim nächsten Starten des Notebooks hat alles noch gut funktionier, nur dass sie Dateien alle "locked" waren und das Dateiformat sich geänder hatte. Die Dateien hiessen dann zum Beispiel "locked - NamederDatei.vsop" (vsop habe ich mir grad ausgedacht, es waren meistens 4-stellige Buchstabenketten, die immer unterschiedlich waren). Mit der Zeit wurde der PC immer langsamer und ich bin auf euer Forum gestoßen. Habe nun die entsprechenden Schritte durchgeführt und Malewartbytes die Trojaner "oberflächlich" gelöscht und durch den Decrypt-Helper 0.5 die wichtigen Dateien wieder hergestellt. Dies war allerdings nur noch im abgesicherten Modus möglich. Wenn ich den PC normal starten möchte erscheint nach dem "Willkommen" ein schwarzer Bildschirm auf dem ich die Maus bewegen kann. Ich befinde mich z.Z. im "Abgesicherten Modus mit Netzwerkerkennung". Das Scannen des PCs hat anstatt 3min (wie geschrieben) ca. 20 min gebraucht... er ist als wirklich langsam... Es wäre sehr nett, wenn mir jemand von euch helfen könnte und wir gemeinsam meinen (6Monate alten) PC wieder zum Laufen bringen ![]() Nun folgen 1x defogger_disable, DDS-Log und Attach-Log defogger_disable: defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:12 on 01/05/2012 (Marius) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- DDS-Log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 8.0.7600.16385 Run by Marius at 15:14:13 on 2012-05-01 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3764.2894 [GMT 2:00] . . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Marius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Marius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360911h406l0498z1k5t67j1k591 uStart Page = hxxp://search.babylon.com/?affID=112037&babsrc=HP_ss&mntrId=2c1cedee00000000000018f46a0c79b5 mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360911h406l0498z1k5t67j1k591 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360911h406l0498z1k5t67j1k591 uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: 2YourFace Addon: {1185823f-f22f-4027-80e5-4f68acd5de5e} - C:\Program Files (x86)\2YourFace\bho.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: eType Toolbar Helper: {7d9463cd-bbd8-42f4-ab72-d7b1191d9f3d} - C:\Program Files (x86)\eType Toolbar\Toolbar32.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll TB: eType Toolbar: {bde58274-7a2a-4682-8c47-a379dd9e36cb} - C:\Program Files (x86)\eType Toolbar\Toolbar32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File uRun: [Google Update] "C:\Users\Marius\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [Facebook Update] "C:\Users\Marius\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [eType] C:\Users\Marius\AppData\Roaming\eType\eType.exe mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [eTypeToolbarHelper] "C:\Program Files (x86)\eType Toolbar\ToolbarHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mRunOnce: [ Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\Users\Marius\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Marius\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: An OneNote s&enden - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{E9BF632C-5288-4EF0-A478-D81513FEB55D} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{E9BF632C-5288-4EF0-A478-D81513FEB55D}\64259445A51224F6870235C40275C414E4 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{E9BF632C-5288-4EF0-A478-D81513FEB55D}\64259445A51224F6870264F6E60275C414E40273131323 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{E9BF632C-5288-4EF0-A478-D81513FEB55D}\75C414E4D2030303430354440354449393 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{E9BF632C-5288-4EF0-A478-D81513FEB55D}\B46434 : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{E9BF632C-5288-4EF0-A478-D81513FEB55D}\C45657078616E616 : DhcpNameServer = 141.39.208.200 193.174.46.7 TCP: Interfaces\{E9BF632C-5288-4EF0-A478-D81513FEB55D}\D4F6378696 : DhcpNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll {1185823F-F22F-4027-80E5-4F68ACD5DE5E} {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {27B4851A-3207-45A2-B947-BE8AFE6163AB} {2EECD738-5844-4a99-B4B6-146BF802613B} BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} {7D9463CD-BBD8-42f4-AB72-D7B1191D9F3D} {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} {9030D464-4C02-4ABF-8ECC-5164760863C6} {B4F3A835-0E21-4959-BA22-42B3008E02FF} {DBC80044-A445-435b-BC74-9C25C1C588A9} {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} {BDE58274-7A2A-4682-8C47-A379DD9E36CB} {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} {98889811-442D-49dd-99D7-DC866BE87DBC} TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB-X64: {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun-x64: [eTypeToolbarHelper] "C:\Program Files (x86)\eType Toolbar\ToolbarHelper.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRunOnce-x64: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mRunOnce-x64: [ Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ============= SERVICES / DRIVERS =============== . R? acsock;acsock R? AdobeARMservice;Adobe Acrobat Update Service R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service R? AMD External Events Utility;AMD External Events Utility R? amdkmdag;amdkmdag R? amdkmdap;amdkmdap R? AmUStor;AM USB Stroage Driver R? AntiVirSchedulerService;Avira AntiVir Planer R? AntiVirService;Avira AntiVir Guard R? aswFsBlk;aswFsBlk R? aswKbd;aswKbd R? aswMonFlt;aswMonFlt R? aswSnx;aswSnx R? aswSP;aswSP R? avast! Antivirus;avast! Antivirus R? avgntflt;avgntflt R? btwampfl;Bluetooth AMP USB Filter R? btwl2cap;Bluetooth L2CAP Service R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? cvhsvc;Client Virtualization Handler R? DsiWMIService;Dritek WMI Service R? ePowerSvc;Acer ePower Service R? GREGService;GREGService R? gupdate;Google Update Service (gupdate) R? gupdatem;Google Update-Dienst (gupdatem) R? hshld;Hotspot Shield Service R? HssWd;Hotspot Shield Monitoring Service R? intelkmd;intelkmd R? mwlPSDFilter;mwlPSDFilter R? mwlPSDNServ;mwlPSDNServ R? mwlPSDVDisk;mwlPSDVDisk R? MWLService;MyWinLocker Service R? NTI IScheduleSvc;NTI IScheduleSvc R? osppsvc;Office Software Protection Platform R? RS_Service;Raw Socket Service R? Sftfs;Sftfs R? sftlist;Application Virtualization Client R? Sftplay;Sftplay R? Sftredir;Sftredir R? Sftvol;Sftvol R? sftvsa;Application Virtualization Service Agent R? UNS;Intel(R) Management & Security Application User Notification Service R? Updater Service for eType Toolbar;Updater Service for eType Toolbar R? Updater Service;Updater Service R? vpnagent;Cisco AnyConnect Secure Mobility Agent R? vwifimp;Microsoft Virtual WiFi Miniport Service R? WatAdminSvc;Windows-Aktivierungstechnologieservice S? HECIx64;Intel(R) Management Engine Interface S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller S? USBAAPL64;Apple Mobile USB Driver S? vwififlt;Virtual WiFi Filter Driver . =============== Created Last 30 ================ . 2012-05-01 09:33:18 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF747217-CEB4-46FB-AF11-739DB4C394EB}\offreg.dll 2012-04-29 20:37:01 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-29 11:33:42 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF747217-CEB4-46FB-AF11-739DB4C394EB}\mpengine.dll 2012-04-29 09:58:43 -------- d-----w- C:\Users\Marius\AppData\Roaming\Malwarebytes 2012-04-29 09:58:38 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-29 09:58:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-22 13:57:41 -------- d-----w- C:\microsoft 2012-04-20 21:00:22 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-04-20 20:51:29 28504 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2012-04-20 20:45:57 -------- d-----w- C:\Program Files (x86)\hpmonitor 2012-04-20 20:44:43 -------- d-----w- C:\Program Files (x86)\2YourFace 2012-04-20 20:43:52 -------- d-----w- C:\ProgramData\Hotspot Shield 2012-04-20 20:43:31 -------- d-----w- C:\Hotspot Shield 2012-04-20 20:43:26 -------- d-----w- C:\Program Files (x86)\Hotspot Shield 2012-04-20 20:38:17 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-04-20 20:38:16 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-04-20 20:38:16 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-04-20 20:37:44 41184 ----a-w- C:\Windows\avastSS.scr 2012-04-20 20:37:34 -------- d-----w- C:\ProgramData\AVAST Software 2012-04-20 20:37:34 -------- d-----w- C:\Program Files\AVAST Software 2012-04-15 22:49:25 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-04-15 22:49:25 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-04-15 22:49:24 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-15 22:46:50 80896 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-15 22:46:50 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-15 22:46:50 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-15 22:46:50 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-15 22:46:50 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-15 22:46:50 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-04-15 22:46:50 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll . ==================== Find3M ==================== . 2012-04-20 21:00:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-26 21:45:18 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys 2012-03-14 16:23:22 65024 ----a-w- C:\Windows\System32\pdfcmon.dll 2012-02-28 06:35:54 1197568 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:33:03 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2012-02-28 05:40:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 05:38:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2012-02-28 05:17:41 482816 ----a-w- C:\Windows\System32\html.iec 2012-02-28 04:35:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 04:31:46 386048 ----a-w- C:\Windows\SysWow64\html.iec 2012-02-28 03:57:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-23 08:18:36 279656 ----a-w- C:\Windows\System32\MpSigStub.exe 2012-02-15 09:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-02-15 09:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-02-14 10:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX 2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll 2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll 2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 15:35:05,97 =============== Attach-Log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 09.09.2011 10:42:19 System Uptime: 01.05.2012 11:25:18 (4 hours ago) . Motherboard: Acer | | JM31_CP . ==== Installed Programs ====================== . 2YourFace 1.0 Acer Arcade Deluxe Acer Arcade Movie Acer Backup Manager Acer Crystal Eye webcam Acer eRecovery Management Acer GameZone Console Acer PowerSmart Manager Acer Registration Acer ScreenSaver Acer Updater Acer VCM Acrobat.com Adobe AIR Adobe Reader X (10.1.1) - Deutsch Alcor Micro USB Card Reader Amazonia Apple Application Support Apple Software Update ARIS Express ARIS Express 2.3 Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver avast! Free Antivirus Avira AntiVir Personal - Free Antivirus Babylon toolbar on IE Backup Manager Basic Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client Counter-Strike 1.6 Dairy Dash Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dream Day First Home Dropbox eSobi v2 eType Toolbar Facebook Video Calling 1.2.0.159 Farm Frenzy 2 Galapago Google Chrome Google Update Helper Granny In Paradise GTA2 Heroes of Hellas Hotspot Shield 2.53 Identity Card Intel(R) Management Engine Components Intel(R) Rapid Storage Technology Java Auto Updater Java(TM) 6 Update 30 Junk Mail filter update Launch Manager Malwarebytes Anti-Malware Version 1.61.0.1400 MediaShow Espresso Microsoft Choice Guard Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Home and Business 2010 Microsoft Office Klick-und-Los 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (German) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyWinLocker MyWinLocker Suite Norton Online Backup Pando Media Booster PDFCreator PokerStars PX Profile Update Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Shredder Skype™ 4.1 SopCast 3.5.0 Spin & Win Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Welcome Center Windows Live-Uploadtool Windows Live Anmelde-Assistent Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync Windows Live Writer Windows Media Player Firefox Plugin . ==== End Of File =========================== Vielen Dank im Voraus! |
Themen zu Trojaner bit 2048 sowie Verlangsamung des Computers |
acrobat update, anhang geöffnet, antivir, antivirus, avg, avgnt, avira, babylon toolbar, babylontoolbar, bildschirm, bit 2048, computer, defender, desktop, document, firefox, flash player, google, home, hotspot, hotspot shield, langsamer, maus, netzwerkerkennung, notification, outlook 2010, pando media booster, pc normal, phishing, plug-in, pmmupdate.exe, rundll, scan, schwarzer bildschirm, security, smartphone, software, starten, svchost.exe, symantec, system, trojaner, unterschiedlich, usb, windows 7 home |