| |
| |||||||
Log-Analyse und Auswertung: Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-neinWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.05.2012, 06:27
| #16 |
 |  Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-nein der 3. log-Teil Code:
ATTFilter 07:13:47.0676 5520 IKEEXT - ok
07:13:47.0804 5520 IntcAzAudAddService (4a0f260df9a5333c07f4ab40ca9d4f4b) C:\Windows\system32\drivers\RTKVHDA.sys
07:13:47.0885 5520 IntcAzAudAddService - ok
07:13:48.0079 5520 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
07:13:48.0093 5520 intelide - ok
07:13:48.0116 5520 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
07:13:48.0145 5520 intelppm - ok
07:13:48.0184 5520 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
07:13:48.0217 5520 IPBusEnum - ok
07:13:48.0241 5520 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:13:48.0273 5520 IpFilterDriver - ok
07:13:48.0311 5520 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
07:13:48.0337 5520 iphlpsvc - ok
07:13:48.0346 5520 IpInIp - ok
07:13:48.0402 5520 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
07:13:48.0429 5520 IPMIDRV - ok
07:13:48.0458 5520 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
07:13:48.0484 5520 IPNAT - ok
07:13:48.0519 5520 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
07:13:48.0547 5520 IRENUM - ok
07:13:48.0571 5520 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
07:13:48.0585 5520 isapnp - ok
07:13:48.0627 5520 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
07:13:48.0648 5520 iScsiPrt - ok
07:13:48.0675 5520 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
07:13:48.0690 5520 iteatapi - ok
07:13:48.0714 5520 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
07:13:48.0730 5520 iteraid - ok
07:13:48.0815 5520 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
07:13:48.0831 5520 IviRegMgr - ok
07:13:48.0848 5520 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:13:48.0866 5520 kbdclass - ok
07:13:48.0900 5520 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
07:13:48.0928 5520 kbdhid - ok
07:13:48.0960 5520 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:13:48.0995 5520 KeyIso - ok
07:13:49.0033 5520 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
07:13:49.0056 5520 KSecDD - ok
07:13:49.0104 5520 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
07:13:49.0140 5520 KtmRm - ok
07:13:49.0181 5520 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
07:13:49.0202 5520 LanmanServer - ok
07:13:49.0260 5520 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
07:13:49.0293 5520 LanmanWorkstation - ok
07:13:49.0331 5520 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
07:13:49.0357 5520 lltdio - ok
07:13:49.0397 5520 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
07:13:49.0426 5520 lltdsvc - ok
07:13:49.0454 5520 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
07:13:49.0501 5520 lmhosts - ok
07:13:49.0537 5520 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
07:13:49.0556 5520 LSI_FC - ok
07:13:49.0579 5520 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
07:13:49.0592 5520 LSI_SAS - ok
07:13:49.0621 5520 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
07:13:49.0636 5520 LSI_SCSI - ok
07:13:49.0669 5520 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
07:13:49.0702 5520 luafv - ok
07:13:49.0731 5520 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
07:13:49.0747 5520 MBAMProtector - ok
07:13:49.0847 5520 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:13:49.0881 5520 MBAMService - ok
07:13:49.0920 5520 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
07:13:49.0939 5520 Mcx2Svc - ok
07:13:49.0970 5520 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
07:13:49.0986 5520 mdmxsdk - ok
07:13:50.0029 5520 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
07:13:50.0047 5520 megasas - ok
07:13:50.0098 5520 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
07:13:50.0122 5520 MegaSR - ok
07:13:50.0219 5520 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
07:13:50.0233 5520 Microsoft Office Groove Audit Service - ok
07:13:50.0284 5520 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
07:13:50.0323 5520 MMCSS - ok
07:13:50.0351 5520 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
07:13:50.0384 5520 Modem - ok
07:13:50.0445 5520 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
07:13:50.0477 5520 monitor - ok
07:13:50.0548 5520 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
07:13:50.0564 5520 mouclass - ok
07:13:50.0582 5520 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
07:13:50.0614 5520 mouhid - ok
07:13:50.0635 5520 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
07:13:50.0649 5520 MountMgr - ok
07:13:50.0684 5520 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
07:13:50.0699 5520 mpio - ok
07:13:50.0737 5520 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
07:13:50.0759 5520 mpsdrv - ok
07:13:50.0817 5520 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
07:13:50.0851 5520 MpsSvc - ok
07:13:50.0893 5520 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
07:13:50.0906 5520 Mraid35x - ok
07:13:50.0951 5520 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
07:13:50.0967 5520 MRxDAV - ok
07:13:51.0005 5520 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:13:51.0034 5520 mrxsmb - ok
07:13:51.0084 5520 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:13:51.0100 5520 mrxsmb10 - ok
07:13:51.0115 5520 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:13:51.0130 5520 mrxsmb20 - ok
07:13:51.0158 5520 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
07:13:51.0171 5520 msahci - ok
07:13:51.0321 5520 MSCSPTISRV (a99d2c7e30ad63ef920a894131caf5f7) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
07:13:51.0345 5520 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
07:13:51.0345 5520 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
07:13:51.0392 5520 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
07:13:51.0414 5520 msdsm - ok
07:13:51.0447 5520 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
07:13:51.0493 5520 MSDTC - ok
07:13:51.0514 5520 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
07:13:51.0578 5520 Msfs - ok
07:13:51.0615 5520 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
07:13:51.0636 5520 msisadrv - ok
07:13:51.0765 5520 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
07:13:51.0832 5520 MSiSCSI - ok
07:13:51.0857 5520 msiserver - ok
07:13:51.0902 5520 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
07:13:51.0938 5520 MSKSSRV - ok
07:13:51.0953 5520 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
07:13:51.0979 5520 MSPCLOCK - ok
07:13:51.0995 5520 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
07:13:52.0020 5520 MSPQM - ok
07:13:52.0098 5520 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
07:13:52.0113 5520 MsRPC - ok
07:13:52.0144 5520 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
07:13:52.0165 5520 mssmbios - ok
07:13:52.0214 5520 MSSQL$MSSMLBIZ - ok
07:13:52.0283 5520 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
07:13:52.0300 5520 MSSQLServerADHelper - ok
07:13:52.0330 5520 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
07:13:52.0392 5520 MSTEE - ok
07:13:52.0445 5520 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
07:13:52.0482 5520 Mup - ok
07:13:52.0530 5520 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
07:13:52.0574 5520 napagent - ok
07:13:52.0608 5520 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
07:13:52.0633 5520 NativeWifiP - ok
07:13:52.0679 5520 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
07:13:52.0718 5520 NDIS - ok
07:13:52.0753 5520 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
07:13:52.0772 5520 NdisTapi - ok
07:13:52.0785 5520 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
07:13:52.0810 5520 Ndisuio - ok
07:13:52.0876 5520 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
07:13:52.0903 5520 NdisWan - ok
07:13:52.0923 5520 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
07:13:52.0947 5520 NDProxy - ok
07:13:52.0966 5520 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
07:13:52.0997 5520 NetBIOS - ok
07:13:53.0085 5520 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
07:13:53.0114 5520 netbt - ok
07:13:53.0149 5520 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:13:53.0163 5520 Netlogon - ok
07:13:53.0253 5520 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
07:13:53.0284 5520 Netman - ok
07:13:53.0320 5520 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
07:13:53.0350 5520 netprofm - ok
07:13:53.0461 5520 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:13:53.0493 5520 NetTcpPortSharing - ok
07:13:53.0799 5520 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
07:13:54.0079 5520 NETw5v32 - ok
07:13:54.0216 5520 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
07:13:54.0245 5520 nfrd960 - ok
07:13:54.0301 5520 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
07:13:54.0373 5520 NlaSvc - ok
07:13:54.0414 5520 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys
07:13:54.0477 5520 nmwcd - ok
07:13:54.0512 5520 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys
07:13:54.0537 5520 nmwcdc - ok
07:13:54.0583 5520 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\Windows\system32\drivers\nmwcdnsu.sys
07:13:54.0611 5520 nmwcdnsu - ok
07:13:54.0636 5520 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\Windows\system32\drivers\nmwcdnsuc.sys
07:13:54.0661 5520 nmwcdnsuc - ok
07:13:54.0704 5520 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
07:13:54.0724 5520 Npfs - ok
07:13:54.0754 5520 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
07:13:54.0782 5520 nsi - ok
07:13:54.0810 5520 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
07:13:54.0835 5520 nsiproxy - ok
07:13:54.0932 5520 NSUService (fd141d19f1392920a6a517316910d770) C:\Program Files\Sony\Network Utility\NSUService.exe
07:13:54.0940 5520 NSUService ( UnsignedFile.Multi.Generic ) - warning
07:13:54.0940 5520 NSUService - detected UnsignedFile.Multi.Generic (1)
07:13:55.0021 5520 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
07:13:55.0061 5520 Ntfs - ok
07:13:55.0104 5520 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
07:13:55.0148 5520 ntrigdigi - ok
07:13:55.0172 5520 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
07:13:55.0198 5520 Null - ok
07:13:55.0230 5520 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
07:13:55.0243 5520 nvraid - ok
07:13:55.0268 5520 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
07:13:55.0280 5520 nvstor - ok
07:13:55.0314 5520 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
07:13:55.0329 5520 nv_agp - ok
07:13:55.0335 5520 NwlnkFlt - ok
07:13:55.0343 5520 NwlnkFwd - ok
07:13:55.0563 5520 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:13:55.0589 5520 odserv - ok
07:13:55.0642 5520 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
07:13:55.0668 5520 ohci1394 - ok
07:13:55.0696 5520 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:13:55.0710 5520 ose - ok
07:13:55.0784 5520 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:13:55.0862 5520 p2pimsvc - ok
07:13:55.0880 5520 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:13:55.0942 5520 p2psvc - ok
07:13:56.0026 5520 PACSPTISVR (41c33fb4fd929fed732a00d2daef5be0) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
07:13:56.0036 5520 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
07:13:56.0036 5520 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
07:13:56.0094 5520 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
07:13:56.0215 5520 Parport - ok
07:13:56.0248 5520 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
07:13:56.0262 5520 partmgr - ok
07:13:56.0285 5520 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
07:13:56.0329 5520 Parvdm - ok
07:13:56.0366 5520 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
07:13:56.0381 5520 PcaSvc - ok
07:13:56.0433 5520 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
07:13:56.0455 5520 pccsmcfd - ok
07:13:56.0512 5520 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
07:13:56.0529 5520 pci - ok
07:13:56.0566 5520 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
07:13:56.0580 5520 pciide - ok
07:13:56.0614 5520 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
07:13:56.0627 5520 pcmcia - ok
07:13:56.0694 5520 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
07:13:56.0780 5520 PEAUTH - ok
07:13:56.0907 5520 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
07:13:56.0987 5520 pla - ok
07:13:57.0111 5520 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
07:13:57.0142 5520 PlugPlay - ok
07:13:57.0194 5520 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:13:57.0226 5520 PNRPAutoReg - ok
07:13:57.0236 5520 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:13:57.0276 5520 PNRPsvc - ok
07:13:57.0318 5520 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
07:13:57.0362 5520 PolicyAgent - ok
07:13:57.0424 5520 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
07:13:57.0466 5520 PptpMiniport - ok
07:13:57.0484 5520 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
07:13:57.0523 5520 Processor - ok
07:13:57.0578 5520 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
07:13:57.0601 5520 ProfSvc - ok
07:13:57.0648 5520 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:13:57.0662 5520 ProtectedStorage - ok
07:13:57.0759 5520 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
07:13:57.0809 5520 PSched - ok
07:13:57.0863 5520 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
07:13:57.0887 5520 PxHelp20 - ok
07:13:57.0978 5520 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
07:13:58.0028 5520 ql2300 - ok
07:13:58.0059 5520 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
07:13:58.0071 5520 ql40xx - ok
07:13:58.0121 5520 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
07:13:58.0138 5520 QWAVE - ok
07:13:58.0154 5520 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
07:13:58.0169 5520 QWAVEdrv - ok
07:13:58.0227 5520 RapiMgr (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
07:13:58.0255 5520 RapiMgr - ok
07:13:58.0268 5520 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
07:13:58.0294 5520 RasAcd - ok
07:13:58.0316 5520 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
07:13:58.0343 5520 RasAuto - ok
07:13:58.0370 5520 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:13:58.0396 5520 Rasl2tp - ok
07:13:58.0450 5520 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
07:13:58.0475 5520 RasMan - ok
07:13:58.0516 5520 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
07:13:58.0552 5520 RasPppoe - ok
07:13:58.0566 5520 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
07:13:58.0580 5520 RasSstp - ok
07:13:58.0634 5520 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
07:13:58.0658 5520 rdbss - ok
07:13:58.0691 5520 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:13:58.0717 5520 RDPCDD - ok
07:13:58.0760 5520 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
07:13:58.0788 5520 rdpdr - ok
07:13:58.0799 5520 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
07:13:58.0825 5520 RDPENCDD - ok
07:13:58.0874 5520 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
07:13:58.0910 5520 RDPWD - ok
07:13:58.0941 5520 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
07:13:58.0952 5520 regi - ok
07:13:59.0044 5520 RegSrvc (b33c88df3588acf250b87a004526c31a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
07:13:59.0064 5520 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
07:13:59.0064 5520 RegSrvc - detected UnsignedFile.Multi.Generic (1)
07:13:59.0120 5520 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
07:13:59.0159 5520 RemoteAccess - ok
07:13:59.0198 5520 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
07:13:59.0235 5520 RemoteRegistry - ok
07:13:59.0273 5520 rimsptsk (d0c2a0ce1091e08efb7ccba6cea4c3f9) C:\Windows\system32\DRIVERS\rimsptsk.sys
07:13:59.0301 5520 rimsptsk - ok
07:13:59.0335 5520 risdptsk (c22e4e27ccdf9aa5fe8143104f28cde3) C:\Windows\system32\DRIVERS\risdptsk.sys
07:13:59.0353 5520 risdptsk - ok
07:13:59.0388 5520 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
07:13:59.0400 5520 RpcLocator - ok
07:13:59.0451 5520 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
07:13:59.0481 5520 RpcSs - ok
07:13:59.0516 5520 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
07:13:59.0541 5520 rspndr - ok
07:13:59.0584 5520 RtkAudioService (65330e78c17db8a99a7ff1ba3c8824b6) C:\Windows\RtkAudioService.exe
07:13:59.0596 5520 RtkAudioService - ok
07:13:59.0637 5520 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:13:59.0651 5520 SamSs - ok
07:13:59.0674 5520 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
07:13:59.0686 5520 sbp2port - ok
07:13:59.0725 5520 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
07:13:59.0748 5520 SCardSvr - ok
07:13:59.0811 5520 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
07:13:59.0868 5520 Schedule - ok
07:13:59.0902 5520 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
07:13:59.0922 5520 SCPolicySvc - ok
07:13:59.0966 5520 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
07:13:59.0992 5520 sdbus - ok
07:14:00.0061 5520 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
07:14:00.0089 5520 SDRSVC - ok
07:14:00.0129 5520 SE2Ebus (97ec6c60112ebd40c07fe295a38ab1ea) C:\Windows\system32\DRIVERS\SE2Ebus.sys
07:14:00.0164 5520 SE2Ebus - ok
07:14:00.0183 5520 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:14:00.0227 5520 secdrv - ok
07:14:00.0240 5520 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
07:14:00.0268 5520 seclogon - ok
07:14:00.0284 5520 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
07:14:00.0312 5520 SENS - ok
07:14:00.0334 5520 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
07:14:00.0387 5520 Serenum - ok
07:14:00.0443 5520 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
07:14:00.0488 5520 Serial - ok
07:14:00.0520 5520 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
07:14:00.0545 5520 sermouse - ok
07:14:00.0737 5520 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
07:14:00.0773 5520 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
07:14:00.0774 5520 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
07:14:00.0834 5520 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
07:14:00.0903 5520 SessionEnv - ok
07:14:00.0951 5520 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
07:14:00.0992 5520 SFEP - ok
07:14:01.0026 5520 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
07:14:01.0073 5520 sffdisk - ok
07:14:01.0107 5520 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
07:14:01.0145 5520 sffp_mmc - ok
07:14:01.0160 5520 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
07:14:01.0187 5520 sffp_sd - ok
07:14:01.0222 5520 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
07:14:01.0248 5520 sfloppy - ok
07:14:01.0301 5520 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
07:14:01.0337 5520 SharedAccess - ok
07:14:01.0386 5520 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
07:14:01.0434 5520 ShellHWDetection - ok
07:14:01.0473 5520 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
07:14:01.0489 5520 sisagp - ok
07:14:01.0508 5520 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
07:14:01.0527 5520 SiSRaid2 - ok
07:14:01.0556 5520 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
07:14:01.0579 5520 SiSRaid4 - ok
07:14:01.0812 5520 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
07:14:02.0003 5520 slsvc - ok
07:14:02.0157 5520 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
07:14:02.0179 5520 SLUINotify - ok
07:14:02.0232 5520 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
07:14:02.0252 5520 Smb - ok
07:14:02.0294 5520 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
07:14:02.0308 5520 SNMPTRAP - ok
07:14:02.0406 5520 SOHCImp (dc826affa608f50c385bca4c71ef1bdd) C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
07:14:02.0416 5520 SOHCImp - ok
07:14:02.0460 5520 SOHDms (1ec739f65c51fa1c7ac4502464a3c3a8) C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
07:14:02.0482 5520 SOHDms - ok
07:14:02.0505 5520 SOHDs (ec8fab4ac684445d6032aa5c6e77ca2e) C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
07:14:02.0516 5520 SOHDs - ok
07:14:02.0610 5520 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
07:14:02.0624 5520 Sony PC Companion - ok
07:14:02.0664 5520 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
07:14:02.0680 5520 spldr - ok
07:14:02.0747 5520 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
07:14:02.0800 5520 Spooler - ok
07:14:02.0886 5520 SPTISRV (f63102f289ae2039940b22e9b2a8e0bd) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
07:14:02.0894 5520 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
07:14:02.0894 5520 SPTISRV - detected UnsignedFile.Multi.Generic (1)
07:14:02.0984 5520 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
07:14:03.0005 5520 SQLBrowser - ok
07:14:03.0068 5520 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
07:14:03.0081 5520 SQLWriter - ok
07:14:03.0136 5520 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
07:14:03.0162 5520 srv - ok
07:14:03.0196 5520 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
07:14:03.0227 5520 srv2 - ok
07:14:03.0250 5520 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
07:14:03.0264 5520 srvnet - ok
07:14:03.0302 5520 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
07:14:03.0332 5520 SSDPSRV - ok
07:14:03.0357 5520 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
07:14:03.0368 5520 ssmdrv - ok
07:14:03.0389 5520 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
07:14:03.0406 5520 SstpSvc - ok
07:14:03.0457 5520 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
07:14:03.0484 5520 stisvc - ok
07:14:03.0508 5520 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
07:14:03.0521 5520 swenum - ok
07:14:03.0583 5520 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
07:14:03.0617 5520 swprv - ok
07:14:03.0640 5520 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
07:14:03.0656 5520 Symc8xx - ok
07:14:03.0675 5520 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
07:14:03.0691 5520 Sym_hi - ok
07:14:03.0711 5520 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
07:14:03.0728 5520 Sym_u3 - ok
07:14:03.0773 5520 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
07:14:03.0787 5520 SynTP - ok
07:14:03.0838 5520 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
07:14:03.0915 5520 SysMain - ok
07:14:03.0961 5520 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
07:14:03.0979 5520 TabletInputService - ok
07:14:04.0026 5520 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
07:14:04.0052 5520 TapiSrv - ok
07:14:04.0073 5520 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
07:14:04.0130 5520 TBS - ok
07:14:04.0213 5520 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
07:14:04.0249 5520 Tcpip - ok
07:14:04.0267 5520 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
07:14:04.0304 5520 Tcpip6 - ok
07:14:04.0350 5520 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
07:14:04.0382 5520 tcpipreg - ok
07:14:04.0414 5520 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
07:14:04.0440 5520 TDPIPE - ok
07:14:04.0467 5520 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
07:14:04.0492 5520 TDTCP - ok
07:14:04.0528 5520 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
07:14:04.0549 5520 tdx - ok
07:14:04.0587 5520 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
07:14:04.0603 5520 TermDD - ok
07:14:04.0656 5520 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
07:14:04.0687 5520 TermService - ok
07:14:04.0741 5520 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
07:14:04.0760 5520 Themes - ok
07:14:04.0827 5520 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
07:14:04.0859 5520 THREADORDER - ok
07:14:04.0900 5520 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
07:14:04.0933 5520 TrkWks - ok
07:14:04.0988 5520 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
07:14:05.0009 5520 TrustedInstaller - ok
07:14:05.0055 5520 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:14:05.0080 5520 tssecsrv - ok
07:14:05.0103 5520 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
07:14:05.0116 5520 tunmp - ok
07:14:05.0139 5520 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
07:14:05.0154 5520 tunnel - ok
07:14:05.0172 5520 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
07:14:05.0187 5520 uagp35 - ok
07:14:05.0219 5520 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
07:14:05.0243 5520 udfs - ok
07:14:05.0289 5520 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
07:14:05.0316 5520 UI0Detect - ok
07:14:05.0326 5520 UIUSys - ok
07:14:05.0358 5520 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
07:14:05.0372 5520 uliagpkx - ok
07:14:05.0427 5520 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
07:14:05.0443 5520 uliahci - ok
07:14:05.0471 5520 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
07:14:05.0484 5520 UlSata - ok
07:14:05.0524 5520 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
07:14:05.0537 5520 ulsata2 - ok
07:14:05.0586 5520 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
07:14:05.0612 5520 umbus - ok
07:14:05.0653 5520 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
07:14:05.0685 5520 upnphost - ok
07:14:05.0717 5520 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
07:14:05.0743 5520 upperdev - ok
07:14:05.0780 5520 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
07:14:05.0801 5520 usbccgp - ok
07:14:05.0844 5520 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
07:14:05.0892 5520 usbcir - ok
07:14:05.0917 5520 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
07:14:05.0938 5520 usbehci - ok
07:14:05.0978 5520 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
07:14:06.0002 5520 usbhub - ok
07:14:06.0031 5520 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
07:14:06.0076 5520 usbohci - ok
07:14:06.0131 5520 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
07:14:06.0200 5520 usbprint - ok
07:14:06.0232 5520 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
07:14:06.0252 5520 usbser - ok
07:14:06.0301 5520 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
07:14:06.0327 5520 UsbserFilt - ok
07:14:06.0367 5520 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:14:06.0400 5520 USBSTOR - ok
07:14:06.0435 5520 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
07:14:06.0455 5520 usbuhci - ok
07:14:06.0500 5520 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
07:14:06.0528 5520 usbvideo - ok
07:14:06.0567 5520 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
07:14:06.0592 5520 usb_rndisx - ok
07:14:06.0639 5520 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
07:14:06.0697 5520 UxSms - ok
07:14:06.0951 5520 VAIO Entertainment TV Device Arbitration Service (2a640dc735cb0112ac1dcd1e1549b27e) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
07:14:06.0990 5520 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
07:14:06.0991 5520 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
07:14:07.0067 5520 VAIO Event Service (693a3fdd279c345105fff9dde277849b) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
07:14:07.0079 5520 VAIO Event Service - ok
07:14:07.0120 5520 VAIO Power Management (43cec9bf5a4f2917982ad01d92e0f44d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
07:14:07.0140 5520 VAIO Power Management - ok
07:14:07.0255 5520 VCFw (cbcbe2233d21e9b278f95f5cb28bc8ae) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
07:14:07.0287 5520 VCFw ( UnsignedFile.Multi.Generic ) - warning
07:14:07.0287 5520 VCFw - detected UnsignedFile.Multi.Generic (1)
07:14:07.0373 5520 VcmIAlzMgr (27888f132d2ee0b72b28093a5f5f20eb) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
07:14:07.0400 5520 VcmIAlzMgr - ok
07:14:07.0493 5520 VcmXmlIfHelper (ee9abfc2f8f2dcdc624b6a9d5cf3b19d) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
07:14:07.0513 5520 VcmXmlIfHelper - ok
07:14:07.0519 5520 Vcsw - ok
07:14:07.0652 5520 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
07:14:07.0704 5520 vds - ok
07:14:07.0769 5520 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
07:14:07.0839 5520 vga - ok
07:14:07.0872 5520 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
07:14:07.0927 5520 VgaSave - ok
07:14:07.0966 5520 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
07:14:07.0980 5520 viaagp - ok
07:14:08.0009 5520 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
07:14:08.0043 5520 ViaC7 - ok
07:14:08.0076 5520 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
07:14:08.0089 5520 viaide - ok
07:14:08.0130 5520 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
07:14:08.0144 5520 volmgr - ok
07:14:08.0221 5520 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
07:14:08.0241 5520 volmgrx - ok
07:14:08.0315 5520 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
07:14:08.0342 5520 volsnap - ok
07:14:08.0400 5520 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
07:14:08.0441 5520 vsmraid - ok
07:14:08.0534 5520 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
07:14:08.0604 5520 VSS - ok
07:14:08.0826 5520 VzCdbSvc (071634532066c2e29350d450c3412837) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
07:14:08.0842 5520 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
07:14:08.0842 5520 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
07:14:08.0927 5520 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
07:14:08.0974 5520 W32Time - ok
07:14:09.0033 5520 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
07:14:09.0077 5520 WacomPen - ok
07:14:09.0102 5520 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:14:09.0124 5520 Wanarp - ok
07:14:09.0132 5520 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:14:09.0155 5520 Wanarpv6 - ok
07:14:09.0308 5520 WcesComm (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
07:14:09.0514 5520 WcesComm - ok
07:14:09.0574 5520 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
07:14:09.0633 5520 wcncsvc - ok
07:14:09.0690 5520 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
07:14:09.0721 5520 WcsPlugInService - ok
07:14:09.0770 5520 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
07:14:09.0789 5520 Wd - ok
07:14:09.0879 5520 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
07:14:09.0911 5520 Wdf01000 - ok
07:14:09.0934 5520 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
07:14:09.0965 5520 WdiServiceHost - ok
07:14:09.0974 5520 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
07:14:10.0005 5520 WdiSystemHost - ok
07:14:10.0052 5520 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
07:14:10.0072 5520 WebClient - ok
07:14:10.0115 5520 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
07:14:10.0137 5520 Wecsvc - ok
07:14:10.0172 5520 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
07:14:10.0212 5520 wercplsupport - ok
07:14:10.0267 5520 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
07:14:10.0298 5520 WerSvc - ok
07:14:10.0521 5520 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
07:14:10.0539 5520 WimFltr - ok
07:14:10.0588 5520 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
07:14:10.0617 5520 winachsf - ok
07:14:10.0724 5520 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
07:14:10.0742 5520 WinDefend - ok
07:14:10.0755 5520 WinHttpAutoProxySvc - ok
07:14:10.0837 5520 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
07:14:10.0859 5520 Winmgmt - ok
07:14:10.0932 5520 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
07:14:10.0981 5520 WinRM - ok
07:14:11.0101 5520 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
07:14:11.0156 5520 Wlansvc - ok
07:14:11.0201 5520 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
07:14:11.0233 5520 WmiAcpi - ok
07:14:11.0339 5520 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
07:14:11.0378 5520 wmiApSrv - ok
07:14:11.0489 5520 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
07:14:11.0568 5520 WMPNetworkSvc - ok
07:14:11.0591 5520 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
07:14:11.0643 5520 WPCSvc - ok
07:14:11.0693 5520 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
07:14:11.0735 5520 WPDBusEnum - ok
07:14:11.0818 5520 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
07:14:11.0850 5520 WpdUsb - ok
07:14:12.0092 5520 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:14:12.0131 5520 WPFFontCache_v0400 - ok
07:14:12.0190 5520 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
07:14:12.0222 5520 ws2ifsl - ok
07:14:12.0269 5520 WsAudio_DeviceS(1) (a75dc063c9f0b787cce296c8ccad9c30) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
07:14:12.0275 5520 WsAudio_DeviceS(1) ( UnsignedFile.Multi.Generic ) - warning
07:14:12.0275 5520 WsAudio_DeviceS(1) - detected UnsignedFile.Multi.Generic (1)
07:14:12.0337 5520 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
07:14:12.0358 5520 wscsvc - ok
07:14:12.0377 5520 WSearch - ok
07:14:12.0542 5520 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
07:14:12.0826 5520 wuauserv - ok
07:14:13.0044 5520 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
07:14:13.0133 5520 WudfPf - ok
07:14:13.0213 5520 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:14:13.0248 5520 WUDFRd - ok
07:14:13.0294 5520 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
07:14:13.0323 5520 wudfsvc - ok
07:14:13.0369 5520 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
07:14:13.0386 5520 XAudio - ok
07:14:13.0427 5520 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
07:14:13.0470 5520 XAudioService - ok
07:14:13.0530 5520 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
07:14:13.0591 5520 yukonwlh - ok
07:14:13.0633 5520 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
07:14:14.0403 5520 \Device\Harddisk0\DR0 - ok
07:14:14.0456 5520 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
07:14:14.0600 5520 \Device\Harddisk1\DR1 - ok
07:14:14.0628 5520 Boot (0x1200) (5c64891cba38a56957fc8e8ae32a709b) \Device\Harddisk0\DR0\Partition0
07:14:14.0630 5520 \Device\Harddisk0\DR0\Partition0 - ok
07:14:14.0639 5520 Boot (0x1200) (328a5e908ddc0f988dc6814779b827b5) \Device\Harddisk1\DR1\Partition0
07:14:14.0640 5520 \Device\Harddisk1\DR1\Partition0 - ok
07:14:14.0643 5520 ============================================================
07:14:14.0643 5520 Scan finished
07:14:14.0643 5520 ============================================================
07:14:14.0654 5760 Detected object count: 12
07:14:14.0654 5760 Actual detected object count: 12
07:14:48.0071 5760 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
07:14:48.0071 5760 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:14:48.0072 5760 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:14:48.0072 5760 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:14:48.0072 5760 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
07:14:48.0072 5760 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:14:48.0072 5760 NSUService ( UnsignedFile.Multi.Generic ) - skipped by user
07:14:48.0072 5760 NSUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:14:48.0073 5760 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
07:14:48.0073 5760 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:14:48.0073 5760 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:14:48.0073 5760 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:14:48.0077 5760 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
07:14:48.0077 5760 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:14:48.0077 5760 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
07:14:48.0077 5760 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:14:48.0080 5760 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
07:14:48.0080 5760 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:14:48.0080 5760 VCFw ( UnsignedFile.Multi.Generic ) - skipped by user
07:14:48.0080 5760 VCFw ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:14:48.0082 5760 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:14:48.0082 5760 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:14:48.0083 5760 WsAudio_DeviceS(1) ( UnsignedFile.Multi.Generic ) - skipped by user
07:14:48.0083 5760 WsAudio_DeviceS(1) ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
23.05.2012, 09:44
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-nein Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
23.05.2012, 19:31
| #18 |
| | Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-nein Ausgeführt. Kann es sein, dass das Programm einige Programme gelöscht hat? Wie z.B. Avira? Soll ich es erneut runterladen? Will ja nicht so ganz ohne Schutz im Internet unterwegs sein..
__________________Außerdem fällt mir auf, dass öfters ein Popup fenster zu sehen ist mit Text I Want This (app oder sonst was). Ich sage immer "Nein" das Programm soll nicht ausgeführt. Auch Combofix hat diese Datei erwähnt.. Hier die Combofix Datei: Combofix Logfile: Code:
ATTFilter ComboFix 12-05-23.05 - Seeigel 012.05.23. 19:57:42.1.2 - x86
Running from: c:\users\Seeigel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Seeigel\avira_free_antivirus_de.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-23 18:10 . 2012-05-23 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-23 05:07 . 2012-05-23 05:07 -------- d-----w- c:\program files\BabylonToolbar
2012-05-23 05:07 . 2012-05-23 05:07 1490 ----a-w- C:\user.js
2012-05-23 05:07 . 2012-05-23 05:07 -------- d-----w- c:\users\Seeigel\AppData\Roaming\Babylon
2012-05-23 05:07 . 2012-05-23 05:07 -------- d-----w- c:\programdata\Babylon
2012-05-23 05:07 . 2012-05-23 05:07 -------- d-----w- c:\users\Seeigel\AppData\Local\I Want This
2012-05-23 05:07 . 2012-05-23 05:07 -------- d-----w- c:\program files\I Want This
2012-05-23 05:07 . 2012-05-23 05:07 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE721BAD-EB6A-42D1-97FD-55B7C2AB1760}\offreg.dll
2012-05-22 19:58 . 2012-05-22 19:58 -------- d-----w- C:\_OTL
2012-05-22 16:44 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE721BAD-EB6A-42D1-97FD-55B7C2AB1760}\mpengine.dll
2012-05-18 17:58 . 2012-05-18 17:58 -------- d-----w- c:\program files\ESET
2012-05-17 17:27 . 2012-05-17 17:27 -------- d-----w- c:\users\Seeigel\AppData\Roaming\Malwarebytes
2012-05-17 17:26 . 2012-05-17 17:26 -------- d-----w- c:\programdata\Malwarebytes
2012-05-17 17:26 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 17:26 . 2012-05-17 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-15 23:38 . 2012-05-15 23:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 23:38 . 2012-05-15 23:38 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-15 23:27 . 2012-05-17 04:55 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-15 20:30 . 2012-05-15 20:30 -------- d-----w- c:\program files\Common Files\Adobe
2012-05-15 20:26 . 2012-05-15 20:26 -------- d-----w- c:\program files\Common Files\Java
2012-05-15 20:23 . 2012-05-15 20:23 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-15 20:23 . 2012-05-15 20:23 -------- d-----w- c:\program files\Java
2012-05-01 06:05 . 2012-05-01 06:05 -------- d-----w- c:\program files\Microsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 20:23 . 2010-08-19 05:26 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-08 17:53 . 2011-10-19 21:40 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 17:53 . 2011-10-19 21:40 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-29 15:11 . 2012-04-11 16:17 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-11 16:17 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-11 16:17 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-11 16:17 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-11 16:18 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-11 16:18 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 16:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-11 16:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-27 262144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-06 30192]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-08-12 24576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"mdiction"="c:\progra~1\TILDES~1\MDICTION.EXE" [2005-05-26 189976]
"CheckCU"="c:\progra~1\TILDES~1\CheckCU.exe" [2005-02-02 40960]
"Skytel"="Skytel.exe" [2008-07-03 1826816]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 10:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 10982185
*Deregistered* - 10982185
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 23:38]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 21:34]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 21:34]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-90521188-4158982503-1986053845-1003Core.job
- c:\users\Seeigel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-22 06:48]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-90521188-4158982503-1986053845-1003UA.job
- c:\users\Seeigel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-22 06:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=b4f1f7a50000000000000016ea426854
IE: &Translate with Tilde Computer Dictionary - c:\program files\Tildes Birojs 2005\TDVLauncher.DLL /201
IE: &Tulkot ar Tildes Datorvārdnīcu - c:\program files\Tildes Birojs 2005\TDVLauncher.DLL /201
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: ***
Trusted Zone: ***
TCP: DhcpNameServer = ***
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-NSS - c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-23 20:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-23 20:21:59
ComboFix-quarantined-files.txt 2012-05-23 18:21
.
Pre-Run: 10 Verzeichnis(se), 158 266 138 624 Bytes frei
Post-Run: 14 Verzeichnis(se), 158 191 362 048 Bytes frei
.
- - End Of File - - BB659255E77FA823B20FC8D9625AE735
|
|
23.05.2012, 20:30
| #19 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-neinZitat:
Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
c:\program files\BabylonToolbar
c:\users\Seeigel\AppData\Roaming\Babylon
c:\programdata\Babylon
c:\users\Seeigel\AppData\Local\I Want This
c:\program files\I Want This
File::
C:\user.js
4. Deaktivere (falls vorhanden) den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.05.2012, 21:22
| #20 |
| | Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-nein Du hattest Recht. Avira ist immer noch vorhanden So-habe alles wie beschrieben ausgeführt Combofix Logfile: Code:
ATTFilter ComboFix 12-05-23.05 - Seeigel 012.05.23. 21:50:35.2.2 - x86
Running from: c:\users\Seeigel\Desktop\ComboFix.exe
Command switches used :: c:\users\Seeigel\Desktop\CFScript.txt
.
FILE ::
"C:\user.js"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BabylonToolbar
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
c:\program files\BabylonToolbar\BabylonToolbar\BabylonTB.xpi
c:\program files\I Want This
c:\program files\I Want This\I Want This.dll
c:\program files\I Want This\I Want This.exe
c:\program files\I Want This\I Want This.ico
c:\program files\I Want This\I Want This.ini
c:\program files\I Want This\I Want ThisGui.exe
c:\program files\I Want This\I Want ThisInstaller.log
c:\program files\I Want This\Uninstall.exe
c:\programdata\Babylon
C:\user.js
c:\users\Seeigel\AppData\Local\I Want This
c:\users\Seeigel\AppData\Local\I Want This\Chrome\I Want This.crx
c:\users\Seeigel\AppData\Roaming\Babylon
c:\users\Seeigel\AppData\Roaming\Babylon\log_file.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-23 20:02 . 2012-05-23 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-23 05:08 . 2012-05-23 05:08 -------- d-----w- c:\users\Seeigel\AppData\Roaming\BabylonToolbar
2012-05-23 05:07 . 2012-05-23 05:07 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE721BAD-EB6A-42D1-97FD-55B7C2AB1760}\offreg.dll
2012-05-22 19:58 . 2012-05-22 19:58 -------- d-----w- C:\_OTL
2012-05-22 16:44 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE721BAD-EB6A-42D1-97FD-55B7C2AB1760}\mpengine.dll
2012-05-18 17:58 . 2012-05-18 17:58 -------- d-----w- c:\program files\ESET
2012-05-17 17:27 . 2012-05-17 17:27 -------- d-----w- c:\users\Seeigel\AppData\Roaming\Malwarebytes
2012-05-17 17:26 . 2012-05-17 17:26 -------- d-----w- c:\programdata\Malwarebytes
2012-05-17 17:26 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 17:26 . 2012-05-17 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-15 23:38 . 2012-05-15 23:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 23:38 . 2012-05-15 23:38 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-15 23:27 . 2012-05-17 04:55 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-15 20:30 . 2012-05-15 20:30 -------- d-----w- c:\program files\Common Files\Adobe
2012-05-15 20:26 . 2012-05-15 20:26 -------- d-----w- c:\program files\Common Files\Java
2012-05-15 20:23 . 2012-05-15 20:23 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-15 20:23 . 2012-05-15 20:23 -------- d-----w- c:\program files\Java
2012-05-01 06:05 . 2012-05-01 06:05 -------- d-----w- c:\program files\Microsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 20:23 . 2010-08-19 05:26 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-08 17:53 . 2011-10-19 21:40 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 17:53 . 2011-10-19 21:40 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-29 15:11 . 2012-04-11 16:17 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-11 16:17 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-11 16:17 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-11 16:17 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-11 16:18 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-11 16:18 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 16:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-11 16:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-23_18.11.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-24 19:17 . 2012-05-23 19:44 325340 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-12-24 19:17 . 2012-05-23 16:15 325340 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-27 262144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-06 30192]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-08-12 24576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"mdiction"="c:\progra~1\TILDES~1\MDICTION.EXE" [2005-05-26 189976]
"CheckCU"="c:\progra~1\TILDES~1\CheckCU.exe" [2005-02-02 40960]
"Skytel"="Skytel.exe" [2008-07-03 1826816]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 10:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 10982185
*Deregistered* - 10982185
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 23:38]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 21:34]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 21:34]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-90521188-4158982503-1986053845-1003Core.job
- c:\users\Seeigel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-22 06:48]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-90521188-4158982503-1986053845-1003UA.job
- c:\users\Seeigel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-22 06:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=b4f1f7a50000000000000016ea426854
IE: &Translate with Tilde Computer Dictionary - c:\program files\Tildes Birojs 2005\TDVLauncher.DLL /201
IE: &Tulkot ar Tildes Datorvārdnīcu - c:\program files\Tildes Birojs 2005\TDVLauncher.DLL /201
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: ***
Trusted Zone: ***
TCP: DhcpNameServer = ***
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
AddRemove-I Want This - c:\program files\I Want This\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-23 22:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-23 22:14:47
ComboFix-quarantined-files.txt 2012-05-23 20:14
ComboFix2.txt 2012-05-23 18:22
.
Pre-Run: 13 Verzeichnis(se), 158 221 619 200 Bytes frei
Post-Run: 14 Verzeichnis(se), 158 181 224 448 Bytes frei
.
- - End Of File - - AFDF81BEE23784D05084588D1F9654E7
|
|
23.05.2012, 21:35
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-nein Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ --> Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-nein |
|
24.05.2012, 19:11
| #22 |
| | Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-nein So-hier endlich die Logs GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-05-24 09:07:20
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01
Running: f9m4hyy9.exe; Driver: C:\Users\Seeigel\AppData\Local\Temp\ugloapog.sys
---- System - GMER 1.0.15 ----
SSDT 984529E6 ZwCreateSection
SSDT 984529F0 ZwRequestWaitReplyPort
SSDT 984529EB ZwSetContextThread
SSDT 984529F5 ZwSetSecurityObject
SSDT 984529FA ZwSystemDebugControl
SSDT 98452987 ZwTerminateProcess
INT 0xA0 ? 996ABCD0
Code 913617BC NlsAnsiCodePage
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 8A0F68D8 4 Bytes [E6, 29, 45, 98] {OUT 0x29, AL; INC EBP; CWDE }
.text ntkrnlpa.exe!KeSetEvent + 539 8A0F6BFC 4 Bytes [F0, 29, 45, 98] {LOCK SUB [EBP-0x68], EAX}
.text ntkrnlpa.exe!KeSetEvent + 56D 8A0F6C30 4 Bytes [EB, 29, 45, 98] {JMP 0x2b; INC EBP; CWDE }
.text ntkrnlpa.exe!KeSetEvent + 5D1 8A0F6C94 4 Bytes [F5, 29, 45, 98] {CMC ; SUB [EBP-0x68], EAX}
.text ntkrnlpa.exe!KeSetEvent + 619 8A0F6CDC 4 Bytes [FA, 29, 45, 98] {CLI ; SUB [EBP-0x68], EAX}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9660B000, 0x1FB12A, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74267817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742AB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7426BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7425F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7425E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742973F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7426DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7425FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7425FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [742ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7428C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7425D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74256853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7425687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74262AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:33:43 on 24.05.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Maxthon International ltd. Maxthon Browser 2, 5, 12, 4586 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "GoogleUpdateTaskUserS-1-5-21-90521188-4158982503-1986053845-1003Core.job" - "Google Inc." - C:\Users\Seeigel\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-90521188-4158982503-1986053845-1003UA.job" - "Google Inc." - C:\Users\Seeigel\AppData\Local\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\Seeigel\AppData\Local\Temp\catchme.sys (File not found) "igfx" (igfx) - ? - C:\Windows\System32\DRIVERS\igdkmd32.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys "Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "ugloapog" (ugloapog) - ? - C:\Users\Seeigel\AppData\Local\Temp\ugloapog.sys (Hidden registry entry, rootkit activity | File not found) "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys "WsAudio_DeviceS(1)" (WsAudio_DeviceS(1)) - "Wondershare" - C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "SnagIt" - "TechSmith Corporation" - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll {CF74B903-3389-469c-B3B6-0204D204FCBD} "SnagItShellExt Class" - "TechSmith Corporation" - C:\Program Files\TechSmith\SnagIt 9\SnagItShellExt.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} "Emsisoft Web Malware Scan" - "Emsi Software GmbH" - C:\Windows\DOWNLO~1\EMSISO~1.OCX / hxxp://ax.emsisoft.com/emsisoft_webscan.cab {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} "EPUImageControl Class" - "eBay, Inc." - C:\Windows\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\Windows\Downloaded Program Files\ImageUploader5.ocx / hxxp://www.geni.com/ImageUploader5.cab {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.7.0_03" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_03" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.3.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_2_202_235.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {98889811-442D-49dd-99D7-DC866BE87DBC} "Babylon Toolbar" - ? - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (File not found) <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "SnagIt" - "TechSmith Corporation" - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {2EECD738-5844-4a99-B4B6-146BF802613B} "Babylon toolbar helper" - ? - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (File not found) {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll {00C6482D-C502-44C8-8409-FCE54AD9C208} "SnagIt Toolbar Loader" - "TechSmith Corporation" - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Seeigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CheckCU" - ? - "C:\PROGRA~1\TILDES~1\CheckCU.exe" {36E408F0-DF8A-4F9B-BF26-AED92C789F5D} Tildes Birojs 2005 (File found, but it contains no detailed information) "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "MarketingTools" - "Sony Corporation" - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe "mdiction" - "Sabiedrîba Tilde" - C:\PROGRA~1\TILDES~1\MDICTION.EXE "NokiaMServer" - "Nokia" - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PrimoMon" - ? - C:\Windows\system32\Primomonnt.dll (File found, but it contains no detailed information) "PrintServer Network Port" - "Microsoft Corporation" - C:\Windows\system32\PSNT.DLL "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe "NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\Sony\Network Utility\NSUService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe "Realtek Audio Service" (RtkAudioService) - "Realtek Semiconductor" - C:\Windows\RtkAudioService.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "Sony PC Companion" (Sony PC Companion) - "Avanquest Software" - C:\Program Files\Sony\Sony PC Companion\PCCService.exe "Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "VAIO Content Folder Watcher" (VCFw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe "VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe "VAIO Content Metadata XML Interface" (VcmXmlIfHelper) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe "VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe "VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe "VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe "VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe "VAIO Media plus Content Importer" (SOHCImp) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe "VAIO Media plus Device Searcher" (SOHDs) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe "VAIO Media plus Digital Media Server" (SOHDms) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "SereneScreen" - C:\Windows\system32\MARINE~1.SCR -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "igfxcui" - ? - igfxdev.dll (File not found) "VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-05-24 18:35:38 ----------------------------- 18:35:38.742 OS Version: Windows 6.0.6002 Service Pack 2 18:35:38.743 Number of processors: 2 586 0xF0D 18:35:38.743 ComputerName: SEEIGEL-PC UserName: Seeigel 18:35:40.932 Initialize success 18:38:31.744 AVAST engine defs: 12052401 18:39:01.731 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 18:39:01.734 Disk 0 Vendor: TOSHIBA_ LV01 Size: 238475MB BusType: 3 18:39:01.837 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000075 18:39:01.840 Disk 1 Vendor: RICOH 01 Size: 3810MB BusType: 0 18:39:01.842 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000076 18:39:01.845 Disk 2 Vendor: RICOH 02 Size: 3810MB BusType: 0 18:39:02.155 Disk 0 MBR read successfully 18:39:02.158 Disk 0 MBR scan 18:39:02.164 Disk 0 Windows VISTA default MBR code 18:39:02.251 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8304 MB offset 2048 18:39:02.285 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230169 MB offset 17008640 18:39:02.674 Disk 0 scanning sectors +488395120 18:39:03.112 Disk 0 scanning C:\Windows\system32\drivers 18:40:35.587 Service scanning 18:41:25.511 Modules scanning 18:43:25.120 Disk 0 trace - called modules: 18:43:25.169 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 18:43:25.181 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8e7a2ac8] 18:43:25.192 3 CLASSPNP.SYS[927a68b3] -> nt!IofCallDriver -> [0x8d521408] 18:43:25.204 5 acpi.sys[8a6916bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8dad1028] 18:43:26.640 AVAST engine scan C:\Windows 18:45:05.036 AVAST engine scan C:\Windows\system32 19:03:26.895 AVAST engine scan C:\Windows\system32\drivers 19:06:45.858 AVAST engine scan C:\Users\Seeigel 19:45:31.474 AVAST engine scan C:\ProgramData 20:03:55.622 Scan finished successfully 20:05:20.381 Disk 0 MBR has been saved successfully to "C:\Users\Seeigel\Desktop\MBR.dat" 20:05:20.387 The log file has been saved successfully to "C:\Users\Seeigel\Desktop\aswMBR.txt" |
|
24.05.2012, 22:15
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-nein Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.05.2012, 20:15
| #24 |
| | Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-nein Hi. Bin zurück aus dem Urlaub. Ich glaube, es sieht nicht allzu gut aus. Soll ich den PC lieber ganz neu aufsetzen lassen?: SUPERAntiSpyware Scan Log Code:
ATTFilter Generated 05/29/2012 at 09:09 PM
Application Version : 5.0.1150
Core Rules Database Version : 8652
Trace Rules Database Version: 6464
Scan type : Complete Scan
Total Scan Time : 02:00:35
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator
Memory items scanned : 965
Memory threats detected : 0
Registry items scanned : 37250
Registry threats detected : 0
File items scanned : 129430
File threats detected : 54
Adware.Tracking Cookie
C:\Users\Seeigel\AppData\Roaming\Microsoft\Windows\Cookies\MA28YX9I.txt [ /accounts.google.com ]
C:\Users\Seeigel\AppData\Roaming\Microsoft\Windows\Cookies\3FQ6OA45.txt [ /adfarm1.adition.com ]
C:\Users\Seeigel\AppData\Roaming\Microsoft\Windows\Cookies\GIGXLJLP.txt [ /doubleclick.net ]
C:\Users\Seeigel\AppData\Roaming\Microsoft\Windows\Cookies\TWORP67P.txt [ /mediaplex.com ]
C:\Users\Seeigel\AppData\Roaming\Microsoft\Windows\Cookies\IBPH11BL.txt [ /tracking.quisma.com ]
C:\Users\Seeigel\AppData\Roaming\Microsoft\Windows\Cookies\RGM5UYHP.txt [ /fastclick.net ]
C:\Users\Seeigel\AppData\Roaming\Microsoft\Windows\Cookies\QLDHIQ23.txt [ /apmebf.com ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SBSK5R4J.txt [ Cookie:Seeigel@ww251.smartadserver.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\VY7XBZ0G.txt [ Cookie:Seeigel@www.google.de/accounts ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZMFUCKGA.txt [ Cookie:Seeigel@ad2.adfarm1.adition.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\N9S84Z51.txt [ Cookie:Seeigel@www.googleadservices.com/pagead/conversion/988755538/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\V4IRVFYE.txt [ Cookie:Seeigel@cp.adform.net/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\43UA7LL6.txt [ Cookie:Seeigel@guj.122.2o7.net/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PQZ8B4QI.txt [ Cookie:Seeigel@www.etracker.de/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1ALTNE8T.txt [ Cookie:Seeigel@ad.yieldmanager.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0N7IGX98.txt [ Cookie:Seeigel@atdmt.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\A2GAZPM7.txt [ Cookie:Seeigel@kontera.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\6C17IVXQ.txt [ Cookie:Seeigel@adsplius.lt/banners_autopliuslv.js ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PYPNFSE9.txt [ Cookie:Seeigel@bs.serving-sys.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\O9VKY6WS.txt [ Cookie:Seeigel@accounts.google.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CRQ9IAEV.txt [ Cookie:Seeigel@www.zanox-affiliate.de/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\E380BXA9.txt [ Cookie:Seeigel@de.sitestat.com/ndr/eurovision/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\L3TI6K5T.txt [ Cookie:Seeigel@adfarm1.adition.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SNFQW14L.txt [ Cookie:Seeigel@imrworldwide.com/cgi-bin ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7XH37H5G.txt [ Cookie:Seeigel@doubleclick.net/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\IBJHTPRV.txt [ Cookie:Seeigel@tradedoubler.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NJW7J96K.txt [ Cookie:Seeigel@ad.zanox.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\QQ5OGGQ8.txt [ Cookie:Seeigel@track.webtrekk.net/523478367474333/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\72RZUA5A.txt [ Cookie:Seeigel@fastclick.net/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\RYE15ZB0.txt [ Cookie:Seeigel@adtech.de/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4VJ326H2.txt [ Cookie:Seeigel@accounts.youtube.com/accounts ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SUWXWIWD.txt [ Cookie:Seeigel@track.webtrekk.net/223128535705246/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UPX393X8.txt [ Cookie:Seeigel@apmebf.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\U9GSQ6HQ.txt [ Cookie:Seeigel@revsci.net/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q2QT8A19.txt [ Cookie:Seeigel@serving-sys.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7SKQRW6A.txt [ Cookie:Seeigel@ad.dyntracker.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UAJTI1LJ.txt [ Cookie:Seeigel@invitemedia.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\C1534KKS.txt [ Cookie:Seeigel@track.adform.net/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8J1BYTSJ.txt [ Cookie:Seeigel@ad3.adfarm1.adition.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\6DQ9RG5D.txt [ Cookie:Seeigel@webmasterplan.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\URI1B8M7.txt [ Cookie:Seeigel@smartadserver.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\54T9FQGV.txt [ Cookie:Seeigel@quartermedia.de/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UIYKCFYB.txt [ Cookie:Seeigel@ad1.adfarm1.adition.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\VVYF8YO8.txt [ Cookie:Seeigel@zanox.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\6Z1TTCJQ.txt [ Cookie:Seeigel@yadro.ru/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1BOBGSII.txt [ Cookie:Seeigel@ad4.adfarm1.adition.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5PPWBEA1.txt [ Cookie:Seeigel@questionmarket.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4TNANWE0.txt [ Cookie:Seeigel@www.m-adserver.com/ ]
C:\USERS\SEEIGEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MLRSPEYQ.txt [ Cookie:Seeigel@de.sitestat.com/ndr/ ]
C:\USERS\SEEIGEL\Cookies\MA28YX9I.txt [ Cookie:Seeigel@accounts.google.com/ ]
C:\USERS\SEEIGEL\Cookies\3FQ6OA45.txt [ Cookie:Seeigel@adfarm1.adition.com/ ]
C:\USERS\SEEIGEL\Cookies\GIGXLJLP.txt [ Cookie:Seeigel@doubleclick.net/ ]
C:\USERS\SEEIGEL\Cookies\RGM5UYHP.txt [ Cookie:Seeigel@fastclick.net/ ]
C:\USERS\SEEIGEL\Cookies\QLDHIQ23.txt [ Cookie:Seeigel@apmebf.com/ ]
Code:
ATTFilter Datenbank Version: v2012.05.25.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Seeigel:: Seeigel-PC [Administrator]
Schutz: Deaktiviert
2012.05.25. 6:57:01
mbam-log-2012-05-25 (08-17-57).txt
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 329564
Laufzeit: 1 Stunde(n), 20 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 8
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 4
C:\Qoobox\Quarantine\C\Program Files\I Want This\I Want This.dll.vir (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Program Files\I Want This\I Want This.exe.vir (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Program Files\I Want This\I Want ThisGui.exe.vir (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Program Files\I Want This\Uninstall.exe.vir (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
(Ende)
|
|
30.05.2012, 10:13
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-neinZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2012, 15:39
| #26 |
| | Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-nein Habe soeben Quickscan durchgeführt und er hat schon wieder irgendwas gefunden. Oder sind die Dinger harmlos? Schutz: Deaktiviert 2012.05.30. 16:24:05 mbam-log-2012-05-30 (16-24-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206546 Laufzeit: 7 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
30.05.2012, 15:53
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-nein Wenn überhaupt nur irgendwelche Adware-Reste in der Registry Du hast aber offensichtlich nach dem letzten Vollscan nichts entfernt - oder doch?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2012, 17:04
| #28 |
| | Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-nein Ich glaube, nicht. In der Quarantäne befinden sich momentan 12 Objekte. Ich lösche sie, gel? |
|
30.05.2012, 20:42
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-nein Lass bitte die Q in Ruhe! Wenn hier von "Löschen" mit Malwarebytes und anderen Tools die Rede ist, so bedeutet das noch kein endgültiges Löschen - endgültiges Löschen wird es erst wenn man (voreilig) Objekte aus der Q entfernt - und später ist das Gejammer groß falls man doch noch was braucht was in der Q war Also, außer den Adware-Resten wurden nur Cookies gefunden Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bin ich den Ukash 100 EUR Trojaner los? Avira und Malwarebytes Malware sagen-ja, Scan Spyware-nein |
| anti-malware, antimalware, antworten, avira, bericht, ergebnis, forum, funktioniert, gelöscht, keine viren, laptop, log, malwarebytes, namen, neustart, nicht mehr, nicht sicher, problem, scan, speicher, spyware, system, test, trojaner, viren, virus, windows |
Linear-Darstellung
