|
Log-Analyse und Auswertung: Panda findet Hupigon.AZG und Trj/CI.A in diversen DateienWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.10.2012, 19:13 | #31 |
| Panda findet Hupigon.AZG und Trj/CI.A in diversen DateienCode:
ATTFilter ComboFix 12-10-02.02 - c 03.10.2012 14:46:30.1.4 - x64 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1033.18.4095.2513 [GMT 2:00] ausgeführt von:: c:\users\c\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\xp-AntiSpy c:\program files (x86)\xp-AntiSpy\Uninstall.exe c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url c:\programdata\xml19.tmp c:\programdata\xml96.tmp c:\programdata\xmlF889.tmp c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe F:\install.exe K:\install.exe . c:\windows\SysWow64\drivers\ntfs.sys . . . ist infiziert!! . . ((((((((((((((((((((((( Dateien erstellt von 2012-09-03 bis 2012-10-03 )))))))))))))))))))))))))))))) . . 2012-10-02 19:27 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA51F9FC-7F90-46FB-8663-CDC15B140C7B}\mpengine.dll 2012-10-02 19:27 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-25 00:16 . 2012-09-25 00:17 -------- dc-h--w- c:\programdata\{D9BC4C8F-B86F-45C8-A961-B9FF0910DE40} 2012-09-25 00:15 . 2012-09-25 00:15 -------- dc-h--w- c:\programdata\{30FA7941-4170-4C83-A9A8-FDF01C431704} 2012-09-25 00:14 . 2012-09-25 00:14 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14} 2012-09-24 17:46 . 2012-09-24 17:46 -------- d-----w- c:\users\c\AppData\Local\Sidhe 2012-09-23 03:38 . 2012-09-23 03:38 -------- d-----w- c:\program files (x86)\ESET 2012-09-19 14:54 . 2012-09-19 14:54 -------- dc-h--w- c:\programdata\{7F3144B7-67AA-4DD7-BC11-CBA9A40B430D} 2012-09-19 14:43 . 2012-09-19 14:55 -------- d-----w- c:\users\c\AppData\Roaming\ImgBurn 2012-09-19 14:26 . 2012-09-19 14:26 -------- d-----w- c:\program files (x86)\ImgBurn 2012-09-19 14:12 . 2012-09-19 14:12 -------- dc----w- c:\programdata\{20EFD19B-675C-417B-A498-B0161D72FF88} 2012-09-19 14:10 . 2012-09-19 14:10 -------- dc----w- c:\programdata\{B5F0C192-874D-49A8-88D7-8431E3714756} 2012-09-19 12:39 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-19 12:39 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-19 12:39 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-19 12:39 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-19 00:43 . 2012-09-19 00:43 -------- d-----w- c:\users\c\AppData\Roaming\MinMaxGames 2012-09-17 23:40 . 2012-09-17 23:40 -------- dc-h--w- c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD} 2012-09-16 12:04 . 2012-09-16 12:05 -------- d-----w- c:\users\c\AppData\Local\bau_jump_n_run 2012-09-16 09:46 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-16 09:46 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-16 09:46 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-12 23:39 . 2012-09-12 23:39 -------- d-----w- c:\users\c\AppData\Local\IsolatedStorage 2012-09-12 23:38 . 2012-09-12 23:39 -------- d-----w- c:\users\c\AppData\Local\Deployment 2012-09-09 11:18 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-09-09 11:18 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-09-09 11:18 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2012-09-09 11:18 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-09-09 11:18 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-09-09 11:18 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-09-08 14:45 . 2012-09-08 14:45 -------- d-----w- c:\program files\Defraggler 2012-09-08 14:36 . 2012-09-08 14:36 -------- d-----w- c:\users\c\AppData\Roaming\Auslogics 2012-09-08 11:20 . 2012-09-08 11:20 -------- d-----w- c:\program files (x86)\MIDIOX 2012-09-08 04:07 . 2012-09-08 04:07 -------- d-----w- c:\program files (x86)\AutoHotkey 2012-09-03 22:06 . 2012-09-03 22:06 -------- d-----w- c:\users\c\AppData\Roaming\Squids . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-16 09:47 . 2010-05-12 01:59 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-09-07 15:04 . 2010-11-04 22:35 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-02 13:21 . 2012-09-02 13:21 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-02 13:21 . 2012-03-12 00:47 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-09-02 13:21 . 2010-10-13 03:53 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-30 22:12 . 2012-08-30 22:12 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-30 22:12 . 2012-08-30 22:12 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-18 18:15 . 2012-08-14 18:11 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-08 23:52 . 2012-07-08 23:53 372736 ----a-w- c:\windows\system32\NVUNINST.EXE 2010-02-14 13:35 . 2011-05-15 13:56 4411392 ----a-w- c:\program files (x86)\mplayerc.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [-] 2012-05-29 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2012-05-29 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}] 2011-06-24 17:37 86696 ----a-w- c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-06-24 86696] . [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\c\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\c\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\c\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616] "Rainlendar2"="f:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2010-07-11 2199040] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] "F.lux"="c:\users\c\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656] "Spotify Web Helper"="c:\users\c\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-20 1193176] "NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 98304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616] "Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256] "KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "midi5"=KORGUM64.DRV "midi"=KORGUM64.DRV "midi3"=KORGUM64.DRV . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304] R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2008-07-29 1075712] R3 athrusb6;ZyXEL Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\G220Vista64.sys [2007-05-16 1039360] R3 bcd3000;bcd3000;c:\windows\system32\DRIVERS\bcd3000_x64.sys [2010-08-05 54888] R3 bcd3000wdm;bcd3000wdm;c:\windows\system32\DRIVERS\bcd3000wdm_x64.sys [2010-08-05 32872] R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-09-30 185344] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 202840] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 202840] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1417304] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1417304] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 94808] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 94808] R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-09-03 131912] R3 gbxavs_x64;gbxavs_x64;c:\windows\system32\Drivers\gbxavs_x64.sys [2009-10-08 45136] R3 gbxusb_x64;gbxusb_x64;c:\windows\system32\Drivers\gbxusb_x64.sys [2009-10-08 300624] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176] R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2010-09-30 253440] R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-09-30 222208] R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS [2011-03-30 33656] R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [2009-11-09 187912] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-25 114144] R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2008-12-12 45056] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [2009-08-10 93848] R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [2006-11-16 31248] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-06 1255736] R3 X6va006;X6va006;c:\users\c\AppData\Local\Temp\0069E1E.tmp [x] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-12 834544] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-11-23 149768] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-19 140672] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;f:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2012-09-05 6364024] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-01-05 161032] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 114760] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 121928] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-11-30 128264] S2 Radio.fx;Radio.fx Server;e:\tobit radio.fx\Server\rfx-server.exe [2011-11-18 3673944] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440] S3 gbxavs;Maschine Midi;c:\windows\system32\Drivers\gbxavs.sys [2011-07-07 357968] S3 gbxusb_svc;Maschine Controller;c:\windows\system32\Drivers\gbxusb.sys [2011-07-07 68688] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136] S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992] S3 XONE_2D;usb-audio.de driver for Allen & Heath XONE:2D;c:\windows\system32\Drivers\XONE_2D.sys [2010-04-22 398400] S3 XONE_2D_WDM;XONE:2D WDM Audio;c:\windows\system32\drivers\XONE_2DW.sys [2010-04-22 50240] S3 XONE_2DM;XONE:2D WDM Midi Device;c:\windows\system32\drivers\XONE_2dm.sys [2010-04-22 31296] . . Inhalt des "geplante Tasks" Ordners . 2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 01:36] . 2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 01:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\c\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\c\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\c\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\c\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32] "midi"=KORGUM64.DRV "midi3"=KORGUM64.DRV "midi5"=KORGUM64.DRV . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Free YouTube Download - c:\users\c\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm TCP: Interfaces\{091BC6DB-D53F-439F-8CDB-CBC2EBFF26E2}: NameServer = 8.8.4.4,192.168.178.1 TCP: Interfaces\{EF90E457-A960-479F-B576-DDADA01BC4FF}: NameServer = 213.73.89.124,78.47.115.195 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\users\c\AppData\Roaming\Mozilla\Firefox\Profiles\8oq4rs7e.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-Avidemux 2.5 - d:\program files (x86)\Avidemux 2.5\uninstall.exe AddRemove-Camel Audio Alchemy - d:\program files\REAPER (x64)\Plugins\VST\Alchemy\AlchemyUninstall.exe AddRemove-CVPiano-Modeled - d:\progra~2\REAPER~1\Plugins\VST\CVPIAN~1\Install\UNWISE.EXE AddRemove-Instrument-Tuner - d:\progra~3\INSTRU~1\UNWISE.EXE AddRemove-Live 8.2.2 - d:\progra~3\Ableton\LIVE82~1.2\Install\UNWISE.EXE AddRemove-Native Instruments Maschine Controller Driver - c:\programdata\{3C6B30C3-46C9-4FD1-AAC3-6011E43BF0D1}\Maschine Controller Driver Setup.exe AddRemove-Native Instruments Reaktor 3 Demo - d:\progra~3\NATIVE~1\REAKTO~1.0DE\UNWISE.EXE AddRemove-Native Instruments SoundSchool Analog - d:\progra~3\NATIVE~1\SOUNDS~1\UNWISE.EXE AddRemove-REAPER - d:\program files (x86)\REAPER\Uninstall.exe AddRemove-Synthesia - d:\program files (x86)\Synthesia\uninstall.exe AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{4E1B117F-A681-406A-88B5-AF868CF9CB04}\Traktor Setup PC.exe AddRemove-{62F13B4D-FD48-4317-8E55-06DB7B397F49}_is1 - d:\program files\REAPER (x64)\Plugins\VST\unins000.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006] "ImagePath"="\??\c:\users\c\AppData\Local\Temp\0069E1E.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2460917813-4204335397-3809129294-1001\Software\SecuROM\License information*] "datasecu"=hex:fc,0e,17,0d,e2,06,0c,8e,9d,5f,47,ad,b8,da,fd,5f,1a,60,00,93,81, 03,50,42,a8,5a,e0,39,7e,83,bc,22,5f,bd,54,dc,9d,0a,04,13,f1,4a,0b,31,f1,e2,\ "rkeysecu"=hex:91,bd,0c,95,c8,38,7e,d9,6f,2b,2b,7d,c4,af,5d,f5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-10-03 15:03:35 ComboFix-quarantined-files.txt 2012-10-03 13:03 . Vor Suchlauf: 7.046.197.248 bytes free Nach Suchlauf: 6.872.891.392 bytes free . - - End Of File - - E7E7AE88091510C39603B965405EA8D4 |
03.10.2012, 20:13 | #32 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ |
05.10.2012, 20:57 | #33 |
| Panda findet Hupigon.AZG und Trj/CI.A in diversen DateienCode:
ATTFilter <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Report of OSAM: Autorun Manager v5.0.11926.0</title> <style type="text/css"> body { margin : 10px 10px 10px 20px; color : #000000; background-color : #fffbf0; font : 10pt Tahoma, Verdana, Arial, Helvetica, sans-serif; scrollbar-3dlight-color : #fffbf0; scrollbar-arrow-color : #000000; scrollbar-darkshadow-color: #000000; scrollbar-face-color : #fffbf0; scrollbar-highlight-color : #000000; scrollbar-shadow-color : #fffbf0; scrollbar-track-color : #fffbf0; } a:link { color: #e15616; } a:visited { color: #e15616; } a:hover { color: #e4743f; } a:active { color: #e4743f; } .header1 { font-size : 115%; font-weight: bold; margin-left: 0px; } table { border-collapse: collapse; border : 1px solid #000000; cellpadding : 0; cellspacing : 0; width : 90%; } td,th { font-size : 12px; color : #000000; background : #fffbf0; border : 1px solid #000000; text-align : left; vertical-align: top; padding : 2px 4px 2px 4px; } .cap { font-weight: bold; font-size : 10pt; padding : 2px 4px 2px 4px; border : 1px solid #000000; } .group { font-weight: bold; font-size : 10pt; padding : 2px 4px 2px 4px; text-align : center; } .reg { font-weight: bold; font-size : 10pt; border : 0px none; padding : 2px 4px 2px 4px; } .notfound { background-color: #B3DDFF; } .blocked { background-color: #FF96EB; } .nodetails { background-color: #FFFF75; } .trusted { background-color: #C8FFC8; } .rootkit { background-color: #FF8696; } td.rs { text-align: center; vertical-align: center; font-family: courier; } td.rs.rm { background: #F90424; title: "Malware"; } td.rs.ri { background: #F90424; title: "Infected"; color: #21F411; } td.rs.rw { background: #F90424; title: "Unwanted"; } td.rs.rs { background: #F90424; title: "Suspicious"; } td.rs.rt { background: #21F411; title: "Trusted"; } td.rs.rc { background: #21F411; title: "Checked"; } td.rs.ry { background: #21F411; title: "Up-to-You"; } td.rs.rr { background: #F6EB13; title: "Riskware"; } td.rs.ru { background: #D4D0C8; title: "Unknown"; } td.rs.rn { background: #FFFFFF; title: "Not checked"; } </style> </head> <body> <p><span class="header1">Report of OSAM: Autorun Manager v5.0.11926.0</span><br> <a href="hxxp://www.online-solutions.ru/en/" target="_blank">hxxp://www.online-solutions.ru/en/</a><br> Saved at 21:27:24 on 05.10.2012</p> <b>OS</b>: Windows 7 Enterprise Edition Service Pack 1 (Build 7601), 64-bit<br> <b>Default Browser</b>: Mozilla Corporation Firefox 15.0<br> <br><b>Scanner Settings</b><br> <input type="checkbox" disabled checked>Rootkits detection (hidden registry)<br> <input type="checkbox" disabled checked>Rootkits detection (hidden files)<br> <input type="checkbox" disabled checked>Retrieve files information<br> <input type="checkbox" disabled checked>Check Microsoft signatures<br> <br><b>Filters</b><br> <input type="checkbox" disabled>Trusted entries<br> <input type="checkbox" disabled>Empty entries<br> <input type="checkbox" disabled checked>Hidden registry entries (rootkit activity)<br> <input type="checkbox" disabled checked>Exclusively opened files<br> <input type="checkbox" disabled checked>Not found files<br> <input type="checkbox" disabled checked>Files without detailed information<br> <input type="checkbox" disabled checked>Existing files<br> <input type="checkbox" disabled>Non-startable services<br> <input type="checkbox" disabled>Non-startable drivers<br> <input type="checkbox" disabled checked>Active entries<br> <input type="checkbox" disabled checked>Disabled entries<br> <br> <table border="1" cellpadding="0" cellspacing="0"> <tr> <th class="cap" width="20"> </th> <th class="cap">Risk</th> <th class="cap">Name</th> <th class="cap">Publisher</th> <th class="cap">Full Path</th> <th class="cap">Status</th> </tr> <tr> <td class="group" colspan="6">Common</td> </tr> <tr> <td class="reg" colspan="6">%SystemRoot%\Tasks</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"GoogleUpdateTaskMachineCore.job"</td> <td>"Google Inc."</td> <td>C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"GoogleUpdateTaskMachineUA.job"</td> <td>"Google Inc."</td> <td>C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Control Panel Objects</td> </tr> <tr> <td class="reg" colspan="6">%SystemRoot%\system32</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"nvcpl.cpl"</td> <td>"NVIDIA Corporation"</td> <td>C:\Windows\system32\nvcpl.cpl</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"PSUNCpl.cpl"</td> <td>"Panda Security, S.L."</td> <td>C:\Windows\system32\PSUNCpl.cpl</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"QuickTime"</td> <td>"Apple Inc."</td> <td>C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Drivers</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub)</td> <td class="notfound"></td> <td class="notfound">C:\Windows\System32\drivers\tsusbhub.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"bcd3000" (bcd3000)</td> <td>"Behringer"</td> <td>C:\Windows\System32\DRIVERS\bcd3000_x64.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"bcd3000wdm" (bcd3000wdm)</td> <td>"Behringer"</td> <td>C:\Windows\System32\DRIVERS\bcd3000wdm_x64.sys</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"catchme" (catchme)</td> <td class="notfound"></td> <td class="notfound">C:\ComboFix\catchme.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"gbxavs_x64" (gbxavs_x64)</td> <td>"Native Instruments GmbH"</td> <td>C:\Windows\System32\Drivers\gbxavs_x64.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"gbxusb_x64" (gbxusb_x64)</td> <td>"Native Instruments GmbH"</td> <td>C:\Windows\System32\Drivers\gbxusb_x64.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rr">||||||</td> <td>"Hamachi Network Interface" (hamachi)</td> <td>"LogMeIn, Inc."</td> <td>C:\Windows\System32\DRIVERS\hamachi.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"HDJAsioK" (HDJAsioK)</td> <td>"© Guillemot R&D, 2010. All rights reserved."</td> <td>C:\Windows\System32\Drivers\HDJAsioK.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"HDJBulk" (Bulk)</td> <td>"© Guillemot R&D, 2010. All rights reserved."</td> <td>C:\Windows\System32\Drivers\HDJBulk.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"Hercules DJ Console Rmx MIDI" (HDJMidi)</td> <td>"© Guillemot R&D, 2010. All rights reserved."</td> <td>C:\Windows\System32\DRIVERS\HDJMidi.sys</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"Motorola USB CDC ACM Driver" (motmodem)</td> <td class="notfound"></td> <td class="notfound">C:\Windows\System32\DRIVERS\motmodem.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"NVR0Dev" (NVR0Dev)</td> <td>"NVidia Corp."</td> <td>C:\Windows\nvoclk64.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"PSINAflt" (PSINAflt)</td> <td>"Panda Security, S.L."</td> <td>C:\Windows\System32\DRIVERS\PSINAflt.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"PSINFile" (PSINFile)</td> <td>"Panda Security, S.L."</td> <td>C:\Windows\System32\DRIVERS\PSINFile.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"PSINKNC" (PSINKNC)</td> <td>"Panda Security, S.L."</td> <td>C:\Windows\System32\DRIVERS\psinknc.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"PSINProc" (PSINProc)</td> <td>"Panda Security, S.L."</td> <td>C:\Windows\System32\DRIVERS\PSINProc.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"PSINProt" (PSINProt)</td> <td>"Panda Security, S.L."</td> <td>C:\Windows\System32\DRIVERS\PSINProt.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"SANDRA" (SANDRA)</td> <td>"SiSoftware"</td> <td>C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x64\Sandra.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"SASDIFSV" (SASDIFSV)</td> <td>"SUPERAdBlocker.com and SUPERAntiSpyware.com"</td> <td>C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"SASKUTIL" (SASKUTIL)</td> <td>"SUPERAdBlocker.com and SUPERAntiSpyware.com"</td> <td>C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"Service for M-Audio FastTrack Pro" (MAUSBFASTTRACKPRO)</td> <td>"Avid Technology, Inc."</td> <td>C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"SynasUSB" (SynasUSB)</td> <td>"SIA Syncrosoft"</td> <td>C:\Windows\System32\drivers\SynUSB64.sys</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"Synth3dVsc" (Synth3dVsc)</td> <td class="notfound"></td> <td class="notfound">C:\Windows\System32\drivers\synth3dvsc.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Tpkd" (Tpkd)</td> <td>"PACE Anti-Piracy, Inc."</td> <td>C:\Windows\system32\drivers\Tpkd.sys</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"VGPU" (VGPU)</td> <td class="notfound"></td> <td class="notfound">C:\Windows\System32\drivers\rdvgkmd.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"X6va006" (X6va006)</td> <td class="notfound"></td> <td class="notfound">C:\Users\c\AppData\Local\Temp\0069E1E.tmp</td> <td class="notfound">File not found</td> </tr> <tr> <td class="group" colspan="6">Explorer</td> </tr> <tr> <td class="reg" colspan="6">HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Classes\Folder\shellex\ColumnHandlers</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"</td> <td>"The Document Foundation"</td> <td>C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{AE424E85-F6DF-4910-A6A9-438797986431} "LibreOffice Property Handler"</td> <td>"The Document Foundation"</td> <td>C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\propertyhdl.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler"</td> <td>"The Document Foundation"</td> <td>C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler"</td> <td>"The Document Foundation"</td> <td>C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler"</td> <td>"The Document Foundation"</td> <td>C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer"</td> <td>"The Document Foundation"</td> <td>C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="group" colspan="6">Internet Explorer</td> </tr> <tr> <td class="reg" colspan="6">HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">ITBar7Height "ITBar7Height"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound"><binary data> "ITBar7Layout"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{D4B68B83-8710-488B-A692-D74B50BA558E} "Creative Software AutoUpdate Support Package 2"<br>hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab</td> <td>"Creative Technology Ltd"</td> <td>C:\Windows\DOWNLO~1\CTPIDPDE.ocx</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{E705A591-DA3C-4228-B0D5-A356DBA42FBF} "{E705A591-DA3C-4228-B0D5-A356DBA42FBF}"<br>hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{F6ACF75C-C32C-447B-9BEF-46B766368D29} "{F6ACF75C-C32C-447B-9BEF-46B766368D29}"<br>hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101"</td> <td class="notfound"></td> <td class="notfound">res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204</td> <td class="notfound">File not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} "Panda Security Toolbar"</td> <td></td> <td>C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper"</td> <td>"Oracle Corporation"</td> <td>C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper"</td> <td>"Oracle Corporation"</td> <td>C:\Program Files (x86)\Java\jre7\bin\ssv.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} "Panda Security Toolbar"</td> <td></td> <td>C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Known DLLs</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"user32"</td> <td>"Microsoft Corporation"</td> <td>C:\Windows\system32\user32.dll</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">LSA Providers</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Lsa</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Security Packages"</td> <td>"Microsoft Corporation"</td> <td>C:\Windows\system32\livessp.dll</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Logon</td> </tr> <tr> <td class="reg" colspan="6">%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"desktop.ini"</td> <td></td> <td>C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Stardock ObjectDock.lnk"</td> <td>"Stardock"</td> <td>C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe</td> <td>Shortcut exists | File exists</td> </tr> <tr> <td class="reg" colspan="6">%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"desktop.ini"</td> <td></td> <td>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</td> </tr> <tr> <td class="nodetails"><input type="checkbox" disabled checked></td> <td class="rs rc">|| </td> <td class="nodetails">"F.lux"</td> <td class="nodetails"></td> <td class="nodetails">"C:\Users\c\Local Settings\Apps\F.lux\flux.exe" /noshow</td> <td class="nodetails">File found, but it contains no detailed information</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"NVIDIA nTune"</td> <td>"NVIDIA"</td> <td>"C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Rainlendar2"</td> <td></td> <td>f:\Program Files (x86)\Rainlendar2\Rainlendar2.exe</td> <td>File exists</td> </tr> <tr> <td class="nodetails"><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td class="nodetails">"RocketDock"</td> <td class="nodetails"></td> <td class="nodetails">"C:\Program Files (x86)\RocketDock\RocketDock.exe"</td> <td class="nodetails">File found, but it contains no detailed information</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Skype"</td> <td>"Skype Technologies S.A."</td> <td>"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun</td> <td>File exists</td> </tr> <tr> <td class="nodetails"><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td class="nodetails">"Spotify Web Helper"</td> <td class="nodetails"></td> <td class="nodetails">"C:\Users\c\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"</td> <td class="nodetails">File found, but it contains no detailed information</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Run</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"KORG USB-MIDI Driver"</td> <td>"KORG Inc."</td> <td>C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"Panda Security URL Filtering"</td> <td>"Panda Security"</td> <td>"C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"PSUNMain"</td> <td>"Panda Security, S.L."</td> <td>"C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"QuickTime Task"</td> <td>"Apple Inc."</td> <td>"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"SunJavaUpdateSched"</td> <td>"Sun Microsystems, Inc."</td> <td>"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Print Monitors</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"pdfcmon"</td> <td>"pdfforge GbR"</td> <td>C:\Windows\system32\pdfcmon.dll</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Services</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend)</td> <td class="notfound"></td> <td class="notfound">C:\Program Files (x86)\Windows Defender\mpsvc.dll</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc)</td> <td class="notfound"></td> <td class="notfound">"C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"</td> <td class="notfound">File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"Apple Mobile Device" (Apple Mobile Device)</td> <td>"Apple Inc."</td> <td>C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"ASP.NET State Service" (aspnet_state)</td> <td>"Microsoft Corporation"</td> <td>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"Desura Install Service" (Desura Install Service)</td> <td>"Desura Pty Ltd"</td> <td>C:\Program Files (x86)\Common Files\Desura\desura_service.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Dienst "Bonjour"" (Bonjour Service)</td> <td>"Apple Inc."</td> <td>C:\Program Files\Bonjour\mDNSResponder.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Google Update Service (gupdate)" (gupdate)</td> <td>"Google Inc."</td> <td>C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Google Update-Dienst (gupdatem)" (gupdatem)</td> <td>"Google Inc."</td> <td>C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"InstallDriver Table Manager" (IDriverT)</td> <td>"Macrovision Corporation"</td> <td>C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"iPod-Dienst" (iPod Service)</td> <td>"Apple Inc."</td> <td>C:\Program Files\iPod\bin\iPodService.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc)</td> <td>"LogMeIn Inc."</td> <td>F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64)</td> <td>"Microsoft Corporation"</td> <td>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32)</td> <td>"Microsoft Corporation"</td> <td>C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"Mozilla Maintenance Service" (MozillaMaintenance)</td> <td>"Mozilla Foundation"</td> <td>C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"NIHardwareService" (NIHardwareService)</td> <td>"Native Instruments GmbH"</td> <td>C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"nTune Service" (nTuneService)</td> <td>"NVIDIA"</td> <td>C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"NVIDIA Display Driver Service" (nvsvc)</td> <td>"NVIDIA Corporation"</td> <td>C:\Windows\system32\nvvsvc.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"NVIDIA Update Service Daemon" (nvUpdatusService)</td> <td>"NVIDIA Corporation"</td> <td>C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Panda Cloud Antivirus Service" (NanoServiceMain)</td> <td>"Panda Security, S.L."</td> <td>C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"Radio.fx Server" (Radio.fx)</td> <td></td> <td>E:\Tobit Radio.fx\Server\rfx-server.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"SAS Core Service" (!SASCORE)</td> <td>"SUPERAntiSpyware.com"</td> <td>C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"SiSoftware Deployment Agent Service" (SandraAgentSrv)</td> <td>"SiSoftware"</td> <td>C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Skype Updater" (SkypeUpdate)</td> <td>"Skype Technologies"</td> <td>C:\Program Files (x86)\Skype\Updater\Updater.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"Steam Client Service" (Steam Client Service)</td> <td>"Valve Corporation"</td> <td>C:\Program Files (x86)\Common Files\Steam\SteamService.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rr">||||||</td> <td>"TeamViewer 7" (TeamViewer7)</td> <td>"TeamViewer GmbH"</td> <td>C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Windows Live ID Sign-in Assistant" (wlidsvc)</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Winsock Providers</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"mdnsNSP"</td> <td>"Apple Inc."</td> <td>C:\Program Files (x86)\Bonjour\mdnsNSP.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"WindowsLive Local NSP"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"WindowsLive NSP"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL</td> <td>File exists</td> </tr> </table> <p>If You have questions or want to get some help, You can visit <a href="hxxp://forum.online-solutions.ru" target="_blank">hxxp://forum.online-solutions.ru</a></p> </body></html> Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-10-05 21:29:09 ----------------------------- 21:29:09.027 OS Version: Windows x64 6.1.7601 Service Pack 1 21:29:09.027 Number of processors: 4 586 0xF0B 21:29:09.029 ComputerName: C-PC UserName: c 21:29:09.352 Initialize success 21:30:14.788 AVAST engine defs: 12100501 21:30:47.414 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 21:30:47.417 Disk 0 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610480MB BusType: 3 21:30:47.419 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5 21:30:47.422 Disk 1 Vendor: SAMSUNG_HD401LJ ZZ100-15 Size: 381554MB BusType: 3 21:30:47.431 Disk 0 MBR read successfully 21:30:47.433 Disk 0 MBR scan 21:30:47.438 Disk 0 Windows XP default MBR code 21:30:47.442 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49998 MB offset 2048 21:30:47.448 Disk 0 Partition - 00 05 Extended 8001 MB offset 102398310 21:30:47.459 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 49999 MB offset 118784610 21:30:47.470 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 502478 MB offset 221182920 21:30:47.484 Disk 0 Partition 4 00 82 Linux swap 8001 MB offset 102398373 21:30:47.508 Disk 0 scanning C:\Windows\system32\drivers 21:30:57.700 Service scanning 21:31:15.902 Modules scanning 21:31:15.910 Disk 0 trace - called modules: 21:31:15.930 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 21:31:15.936 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a30060] 21:31:15.943 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa80047c4e40] 21:31:15.950 5 ACPI.sys[fffff88000f697a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80047d4060] 21:31:16.499 AVAST engine scan C:\Windows 21:31:18.992 AVAST engine scan C:\Windows\system32 21:34:14.919 AVAST engine scan C:\Windows\system32\drivers 21:34:32.212 AVAST engine scan C:\Users\c 21:43:51.788 AVAST engine scan C:\ProgramData 21:49:52.524 Scan finished successfully 21:54:02.124 Disk 0 MBR has been saved successfully to "C:\Users\c\Desktop\MBR.dat" 21:54:02.130 The log file has been saved successfully to "C:\Users\c\Desktop\aswMBR.txt" |
07.10.2012, 19:38 | #36 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien Und warum jetzt im Anhang? Die Logs bitte nur in den Anhang (gezippt) legen, wenn sie zu groß sind um direkt gepostet zu werden! Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher übersichtlicher und man spart sich ne Menge Rumklickerei Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ --> Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien |
07.10.2012, 19:54 | #37 |
| Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien Ok jetzt habe ich den Fehler erkannt. OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:00:48 on 07.10.2012 OS: Windows 7 Enterprise Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 15.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl "PSUNCpl.cpl" - "Panda Security, S.L." - C:\Windows\system32\PSUNCpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys (File not found) "bcd3000" (bcd3000) - "Behringer" - C:\Windows\System32\DRIVERS\bcd3000_x64.sys "bcd3000wdm" (bcd3000wdm) - "Behringer" - C:\Windows\System32\DRIVERS\bcd3000wdm_x64.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "gbxavs_x64" (gbxavs_x64) - "Native Instruments GmbH" - C:\Windows\System32\Drivers\gbxavs_x64.sys "gbxusb_x64" (gbxusb_x64) - "Native Instruments GmbH" - C:\Windows\System32\Drivers\gbxusb_x64.sys "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "HDJAsioK" (HDJAsioK) - "© Guillemot R&D, 2010. All rights reserved." - C:\Windows\System32\Drivers\HDJAsioK.sys "HDJBulk" (Bulk) - "© Guillemot R&D, 2010. All rights reserved." - C:\Windows\System32\Drivers\HDJBulk.sys "Hercules DJ Console Rmx MIDI" (HDJMidi) - "© Guillemot R&D, 2010. All rights reserved." - C:\Windows\System32\DRIVERS\HDJMidi.sys "Motorola USB CDC ACM Driver" (motmodem) - ? - C:\Windows\System32\DRIVERS\motmodem.sys (File not found) "NVR0Dev" (NVR0Dev) - "NVidia Corp." - C:\Windows\nvoclk64.sys "PSINAflt" (PSINAflt) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINAflt.sys "PSINFile" (PSINFile) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINFile.sys "PSINKNC" (PSINKNC) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\psinknc.sys "PSINProc" (PSINProc) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINProc.sys "PSINProt" (PSINProt) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINProt.sys "SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x64\Sandra.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS "Service for M-Audio FastTrack Pro" (MAUSBFASTTRACKPRO) - "Avid Technology, Inc." - C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys "SynasUSB" (SynasUSB) - "SIA Syncrosoft" - C:\Windows\System32\drivers\SynUSB64.sys "Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys (File not found) "Tpkd" (Tpkd) - "PACE Anti-Piracy, Inc." - C:\Windows\system32\drivers\Tpkd.sys "VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys (File not found) "X6va006" (X6va006) - ? - C:\Users\c\AppData\Local\Temp\0069E1E.tmp (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "ms-help" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise-Projekte" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL {AE424E85-F6DF-4910-A6A9-438797986431} "LibreOffice Property Handler" - "The Document Foundation" - C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\propertyhdl.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Microsoft Outlook Custom Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D4B68B83-8710-488B-A692-D74B50BA558E} "Creative Software AutoUpdate Support Package 2" - "Creative Technology Ltd" - C:\Windows\DOWNLO~1\CTPIDPDE.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab {E705A591-DA3C-4228-B0D5-A356DBA42FBF} "{E705A591-DA3C-4228-B0D5-A356DBA42FBF}" - ? - (File not found | COM-object registry key not found) / hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab {F6ACF75C-C32C-447B-9BEF-46B766368D29} "{F6ACF75C-C32C-447B-9BEF-46B766368D29}" - ? - (File not found | COM-object registry key not found) / hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (File not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} "Panda Security Toolbar" - ? - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} "Panda Security Toolbar" - ? - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Known DLLs] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )----- "user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Stardock ObjectDock.lnk" - "Stardock" - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun "F.lux" - ? - "C:\Users\c\Local Settings\Apps\F.lux\flux.exe" /noshow (File found, but it contains no detailed information) "NVIDIA nTune" - "NVIDIA" - "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear "Rainlendar2" - ? - f:\Program Files (x86)\Rainlendar2\Rainlendar2.exe "RocketDock" - ? - "C:\Program Files (x86)\RocketDock\RocketDock.exe" (File found, but it contains no detailed information) "Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun "Spotify Web Helper" - ? - "C:\Users\c\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "KORG USB-MIDI Driver" - "KORG Inc." - C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s "Panda Security URL Filtering" - "Panda Security" - "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" "PSUNMain" - "Panda Security, S.L." - "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe "Desura Install Service" (Desura Install Service) - "Desura Pty Ltd" - C:\Program Files (x86)\Common Files\Desura\desura_service.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - F:\Program Files\Microsoft Office\Office14\GROOVE.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "NIHardwareService" (NIHardwareService) - "Native Instruments GmbH" - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe "nTune Service" (nTuneService) - "NVIDIA" - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe "Office 64 Source Engine" (ose64) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Panda Cloud Antivirus Service" (NanoServiceMain) - "Panda Security, S.L." - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe "Radio.fx Server" (Radio.fx) - ? - E:\Tobit Radio.fx\Server\rfx-server.exe "SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE "SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== --- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Geändert von Stowneage (07.10.2012 um 20:02 Uhr) |
07.10.2012, 20:30 | #38 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
09.10.2012, 21:31 | #39 |
| Panda findet Hupigon.AZG und Trj/CI.A in diversen DateienCode:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 10/09/2012 at 08:34 PM Application Version : 5.6.1010 Core Rules Database Version : 9367 Trace Rules Database Version: 7179 Scan type : Complete Scan Total Scan Time : 02:08:13 Operating System Information Windows 7 Enterprise 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 649 Memory threats detected : 0 Registry items scanned : 74519 Registry threats detected : 0 File items scanned : 156153 File threats detected : 114 Adware.Tracking Cookie C:\Users\c\AppData\Roaming\Microsoft\Windows\Cookies\ZW5MMBK5.txt [ /serving-sys.com ] C:\Users\c\AppData\Roaming\Microsoft\Windows\Cookies\TW1IHJ7V.txt [ /bs.serving-sys.com ] C:\USERS\C\Cookies\TW1IHJ7V.txt [ Cookie:c@bs.serving-sys.com/ ] .estat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] tracking.sim-technik.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .liveperson.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] server.iad.liveperson.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .liveperson.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .cbsdigitalmedia.112.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .xiti.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] fr.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] fr.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .microsoftsto.112.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] stats.o2more.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] stats.o2more.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .paypal.112.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .e-2dj6afkyupczcbq.stats.esomniture.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .partnersearchmetrics.sbx1.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.elitepvpers.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.elitepvpers.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .elitepvpers.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .elitepvpers.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .elitepvpers.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.elitepvpers.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] wstat.wibiya.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] ad.zanox.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .bwincom.122.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] tracking.mobile.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] int.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] int.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .histats.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .histats.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] in.getclicky.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.cyonix.to [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.cyonix.to [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] ad.zanox.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .tracking.3gnet.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .traffictrack.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .traffictrack.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .www.traffictrack.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .kaspersky.122.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .cyonix.to [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .cyonix.to [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .cyonix.to [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.etracker.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.etracker.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] application.etracker.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .stats.paypal.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .tracker.vinsight.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] application.etracker.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .cmp.112.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .mediatack.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .mediatack.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .mediatack.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .accounts.google.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .accounts.google.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .accounts.google.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .deutschepostag.112.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] Adware.SoftonicDownloader C:\_OTL\MOVEDFILES\09272012_223053\F_FIREFOX DLS\SOFTONICDOWNLOADER_FUER_NVIDIA-GPU-TEMP.EXE Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.08.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 c :: C-PC [administrator] 09.10.2012 01:03:06 mbam-log-2012-10-09 (01-03-06).txt Scan type: Full scan (C:\|E:\|F:\|G:\|J:\|K:\|L:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 1049362 Time elapsed: 2 hour(s), 46 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
10.10.2012, 11:15 | #40 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Panda findet Hupigon.AZG und Trj/CI.A in diversen DateienCode:
ATTFilter UAC On - Limited User Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
10.10.2012, 19:19 | #41 |
| Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien Mit rechtsklick als Admin kommt die gleiche Meldung...ich probiere es nochmal. Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 10/10/2012 at 08:13 PM Application Version : 5.6.1010 Core Rules Database Version : 9375 Trace Rules Database Version: 7187 Scan type : Complete Scan Total Scan Time : 02:33:49 Operating System Information Windows 7 Enterprise 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 629 Memory threats detected : 0 Registry items scanned : 74551 Registry threats detected : 0 File items scanned : 152287 File threats detected : 30 Adware.Tracking Cookie media.mtvnservices.com [ C:\USERS\C\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LTZC8J6A ] secure-us.imrworldwide.com [ C:\USERS\C\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LTZC8J6A ] .mtvn.112.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .account.mojang.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .account.mojang.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .account.mojang.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] uk.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] uk.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] application.etracker.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] application.etracker.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .accounts.google.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .accounts.google.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .accounts.google.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .questionpro.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] accounts.google.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .questionpro.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .surveys.questionpro.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .surveys.questionpro.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] .surveys.questionpro.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ] |
11.10.2012, 11:55 | #42 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien Hmja, das ist ein Bug von SUPERAntiSpyware aber halb so wild Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
17.10.2012, 15:32 | #43 |
| Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien Also ich habe das ganze jetzt mal ein paar Tage beobachtet. Es scheint alles soweit ganz gut zu laufen. Lediglich firefox reagiert manchmal (gestern zb.) noch extrem verzögert auf jeglich Eingaben. Allerdings jetzt nichtmehr dauerhaft. Ein Neustart ist dann allerdings nötig um das zu beheben.. Die Windowsmeldung ich möge ein Antivirenprogrmm finden besteht auch nachwievor. Ansonsten scheint alles gut zu sein. |
17.10.2012, 16:13 | #44 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien Dann wären wir durch! Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
17.10.2012, 18:26 | #45 |
| Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien Dann bedanke ich mich recht herzlich für die sehr Umfangreiche Hilfe und hoffe das war es erstmal Toll, dass es euch gibt. Vielen Dank. |
Themen zu Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien |
aktiviere, anleitung, anti, antivirus, center, dateien, dauernd, deaktivieren, deaktiviert, diverse, diverser, eingabeaufforderung, erledigt, euren, firefox, lahm, lahmt, panda, plötzlich, programm, schei, security, system, trj/ci.a, virus, windows |