Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Log-Analyse und Auswertung: Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 3 von 3 12 3
Alt 03.10.2012, 19:13   #31
Stowneage
 
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Standard

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Code:
ATTFilter
ComboFix 12-10-02.02 - c 03.10.2012  14:46:30.1.4 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1033.18.4095.2513 [GMT 2:00]
ausgeführt von:: c:\users\c\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\programdata\xml19.tmp
c:\programdata\xml96.tmp
c:\programdata\xmlF889.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
F:\install.exe
K:\install.exe
.
c:\windows\SysWow64\drivers\ntfs.sys . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-03 bis 2012-10-03  ))))))))))))))))))))))))))))))
.
.
2012-10-02 19:27 . 2012-08-30 07:27	9308616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA51F9FC-7F90-46FB-8663-CDC15B140C7B}\mpengine.dll
2012-10-02 19:27 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-25 00:16 . 2012-09-25 00:17	--------	dc-h--w-	c:\programdata\{D9BC4C8F-B86F-45C8-A961-B9FF0910DE40}
2012-09-25 00:15 . 2012-09-25 00:15	--------	dc-h--w-	c:\programdata\{30FA7941-4170-4C83-A9A8-FDF01C431704}
2012-09-25 00:14 . 2012-09-25 00:14	--------	dc-h--w-	c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-09-24 17:46 . 2012-09-24 17:46	--------	d-----w-	c:\users\c\AppData\Local\Sidhe
2012-09-23 03:38 . 2012-09-23 03:38	--------	d-----w-	c:\program files (x86)\ESET
2012-09-19 14:54 . 2012-09-19 14:54	--------	dc-h--w-	c:\programdata\{7F3144B7-67AA-4DD7-BC11-CBA9A40B430D}
2012-09-19 14:43 . 2012-09-19 14:55	--------	d-----w-	c:\users\c\AppData\Roaming\ImgBurn
2012-09-19 14:26 . 2012-09-19 14:26	--------	d-----w-	c:\program files (x86)\ImgBurn
2012-09-19 14:12 . 2012-09-19 14:12	--------	dc----w-	c:\programdata\{20EFD19B-675C-417B-A498-B0161D72FF88}
2012-09-19 14:10 . 2012-09-19 14:10	--------	dc----w-	c:\programdata\{B5F0C192-874D-49A8-88D7-8431E3714756}
2012-09-19 12:39 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-19 12:39 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-19 12:39 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-19 12:39 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-19 00:43 . 2012-09-19 00:43	--------	d-----w-	c:\users\c\AppData\Roaming\MinMaxGames
2012-09-17 23:40 . 2012-09-17 23:40	--------	dc-h--w-	c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-09-16 12:04 . 2012-09-16 12:05	--------	d-----w-	c:\users\c\AppData\Local\bau_jump_n_run
2012-09-16 09:46 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-16 09:46 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-16 09:46 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 23:39 . 2012-09-12 23:39	--------	d-----w-	c:\users\c\AppData\Local\IsolatedStorage
2012-09-12 23:38 . 2012-09-12 23:39	--------	d-----w-	c:\users\c\AppData\Local\Deployment
2012-09-09 11:18 . 2012-02-11 06:43	751104	----a-w-	c:\windows\system32\win32spl.dll
2012-09-09 11:18 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2012-09-09 11:18 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2012-09-09 11:18 . 2012-02-11 05:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2012-09-09 11:18 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2012-09-09 11:18 . 2012-05-05 07:46	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2012-09-08 14:45 . 2012-09-08 14:45	--------	d-----w-	c:\program files\Defraggler
2012-09-08 14:36 . 2012-09-08 14:36	--------	d-----w-	c:\users\c\AppData\Roaming\Auslogics
2012-09-08 11:20 . 2012-09-08 11:20	--------	d-----w-	c:\program files (x86)\MIDIOX
2012-09-08 04:07 . 2012-09-08 04:07	--------	d-----w-	c:\program files (x86)\AutoHotkey
2012-09-03 22:06 . 2012-09-03 22:06	--------	d-----w-	c:\users\c\AppData\Roaming\Squids
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-16 09:47 . 2010-05-12 01:59	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-09-07 15:04 . 2010-11-04 22:35	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-02 13:21 . 2012-09-02 13:21	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-02 13:21 . 2012-03-12 00:47	821736	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-09-02 13:21 . 2010-10-13 03:53	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-30 22:12 . 2012-08-30 22:12	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-30 22:12 . 2012-08-30 22:12	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15 . 2012-08-14 18:11	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-08 23:52 . 2012-07-08 23:53	372736	----a-w-	c:\windows\system32\NVUNINST.EXE
2010-02-14 13:35 . 2011-05-15 13:56	4411392	----a-w-	c:\program files (x86)\mplayerc.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-05-29 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-05-29 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2011-06-24 17:37	86696	----a-w-	c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-06-24 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\c\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\c\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\c\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Rainlendar2"="f:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2010-07-11 2199040]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"F.lux"="c:\users\c\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Spotify Web Helper"="c:\users\c\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-20 1193176]
"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi5"=KORGUM64.DRV
"midi"=KORGUM64.DRV
"midi3"=KORGUM64.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2008-07-29 1075712]
R3 athrusb6;ZyXEL Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\G220Vista64.sys [2007-05-16 1039360]
R3 bcd3000;bcd3000;c:\windows\system32\DRIVERS\bcd3000_x64.sys [2010-08-05 54888]
R3 bcd3000wdm;bcd3000wdm;c:\windows\system32\DRIVERS\bcd3000wdm_x64.sys [2010-08-05 32872]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-09-30 185344]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 202840]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 94808]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 94808]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-09-03 131912]
R3 gbxavs_x64;gbxavs_x64;c:\windows\system32\Drivers\gbxavs_x64.sys [2009-10-08 45136]
R3 gbxusb_x64;gbxusb_x64;c:\windows\system32\Drivers\gbxusb_x64.sys [2009-10-08 300624]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2010-09-30 253440]
R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-09-30 222208]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS [2011-03-30 33656]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [2009-11-09 187912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-25 114144]
R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2008-12-12 45056]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [2009-08-10 93848]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [2006-11-16 31248]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-06 1255736]
R3 X6va006;X6va006;c:\users\c\AppData\Local\Temp\0069E1E.tmp [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-12 834544]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-11-23 149768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-19 140672]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;f:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2012-09-05 6364024]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-01-05 161032]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 114760]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 121928]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-11-30 128264]
S2 Radio.fx;Radio.fx Server;e:\tobit radio.fx\Server\rfx-server.exe [2011-11-18 3673944]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]
S3 gbxavs;Maschine Midi;c:\windows\system32\Drivers\gbxavs.sys [2011-07-07 357968]
S3 gbxusb_svc;Maschine Controller;c:\windows\system32\Drivers\gbxusb.sys [2011-07-07 68688]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
S3 XONE_2D;usb-audio.de driver for Allen & Heath XONE:2D;c:\windows\system32\Drivers\XONE_2D.sys [2010-04-22 398400]
S3 XONE_2D_WDM;XONE:2D WDM Audio;c:\windows\system32\drivers\XONE_2DW.sys [2010-04-22 50240]
S3 XONE_2DM;XONE:2D WDM Midi Device;c:\windows\system32\drivers\XONE_2dm.sys [2010-04-22 31296]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 01:36]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 01:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\c\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\c\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\c\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\c\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi"=KORGUM64.DRV
"midi3"=KORGUM64.DRV
"midi5"=KORGUM64.DRV
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Free YouTube Download - c:\users\c\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: Interfaces\{091BC6DB-D53F-439F-8CDB-CBC2EBFF26E2}: NameServer = 8.8.4.4,192.168.178.1
TCP: Interfaces\{EF90E457-A960-479F-B576-DDADA01BC4FF}: NameServer = 213.73.89.124,78.47.115.195
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\c\AppData\Roaming\Mozilla\Firefox\Profiles\8oq4rs7e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Avidemux 2.5 - d:\program files (x86)\Avidemux 2.5\uninstall.exe
AddRemove-Camel Audio Alchemy - d:\program files\REAPER (x64)\Plugins\VST\Alchemy\AlchemyUninstall.exe
AddRemove-CVPiano-Modeled - d:\progra~2\REAPER~1\Plugins\VST\CVPIAN~1\Install\UNWISE.EXE
AddRemove-Instrument-Tuner - d:\progra~3\INSTRU~1\UNWISE.EXE
AddRemove-Live 8.2.2 - d:\progra~3\Ableton\LIVE82~1.2\Install\UNWISE.EXE
AddRemove-Native Instruments Maschine Controller Driver - c:\programdata\{3C6B30C3-46C9-4FD1-AAC3-6011E43BF0D1}\Maschine Controller Driver Setup.exe
AddRemove-Native Instruments Reaktor 3 Demo - d:\progra~3\NATIVE~1\REAKTO~1.0DE\UNWISE.EXE
AddRemove-Native Instruments SoundSchool Analog - d:\progra~3\NATIVE~1\SOUNDS~1\UNWISE.EXE
AddRemove-REAPER - d:\program files (x86)\REAPER\Uninstall.exe
AddRemove-Synthesia - d:\program files (x86)\Synthesia\uninstall.exe
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{4E1B117F-A681-406A-88B5-AF868CF9CB04}\Traktor Setup PC.exe
AddRemove-{62F13B4D-FD48-4317-8E55-06DB7B397F49}_is1 - d:\program files\REAPER (x64)\Plugins\VST\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\c\AppData\Local\Temp\0069E1E.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2460917813-4204335397-3809129294-1001\Software\SecuROM\License information*]
"datasecu"=hex:fc,0e,17,0d,e2,06,0c,8e,9d,5f,47,ad,b8,da,fd,5f,1a,60,00,93,81,
   03,50,42,a8,5a,e0,39,7e,83,bc,22,5f,bd,54,dc,9d,0a,04,13,f1,4a,0b,31,f1,e2,\
"rkeysecu"=hex:91,bd,0c,95,c8,38,7e,d9,6f,2b,2b,7d,c4,af,5d,f5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-03  15:03:35
ComboFix-quarantined-files.txt  2012-10-03 13:03
.
Vor Suchlauf: 7.046.197.248 bytes free
Nach Suchlauf: 6.872.891.392 bytes free
.
- - End Of File - - E7E7AE88091510C39603B965405EA8D4

Alt 03.10.2012, 20:13   #32
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Standard

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________

__________________
Alt 05.10.2012, 20:57   #33
Stowneage
 
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Standard

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Code:
ATTFilter
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Report of OSAM: Autorun Manager v5.0.11926.0</title>
<style type="text/css">
body
{
    margin                    : 10px 10px 10px 20px;
    color                     : #000000;
    background-color          : #fffbf0;
    font                      : 10pt Tahoma, Verdana, Arial, Helvetica, sans-serif;
    scrollbar-3dlight-color   : #fffbf0;
    scrollbar-arrow-color     : #000000;
    scrollbar-darkshadow-color: #000000;
    scrollbar-face-color      : #fffbf0;
    scrollbar-highlight-color : #000000;
    scrollbar-shadow-color    : #fffbf0;
    scrollbar-track-color     : #fffbf0;
}
a:link
{
    color: #e15616;
}
a:visited 
{
    color: #e15616;
}
a:hover
{
    color: #e4743f;
}
a:active
{
    color: #e4743f;
}
.header1
{
    font-size  : 115%;
    font-weight: bold;
    margin-left: 0px;
}
table
{
    border-collapse: collapse;
    border         : 1px solid #000000;
    cellpadding    : 0;
    cellspacing    : 0;
    width          : 90%;
}
td,th
{
    font-size     : 12px;
    color         : #000000;
    background    : #fffbf0;
    border        : 1px solid #000000;
    text-align    : left;
    vertical-align: top;
    padding       : 2px 4px 2px 4px;
}
.cap
{
    font-weight: bold;
    font-size  : 10pt;
    padding    : 2px 4px 2px 4px;
    border     : 1px solid #000000;
}
.group
{
    font-weight: bold;
    font-size  : 10pt;
    padding    : 2px 4px 2px 4px;
    text-align : center;
}
.reg
{
    font-weight: bold;
    font-size  : 10pt;
    border     : 0px none;
    padding    : 2px 4px 2px 4px;
}
.notfound
{
    background-color: #B3DDFF;
}
.blocked
{
    background-color: #FF96EB;
}
.nodetails
{
    background-color: #FFFF75;
}
.trusted
{
    background-color: #C8FFC8;
}
.rootkit
{
    background-color: #FF8696;
}
td.rs { text-align: center; vertical-align: center; font-family: courier; }
td.rs.rm { background: #F90424; title: "Malware"; }
td.rs.ri { background: #F90424; title: "Infected"; color: #21F411; }
td.rs.rw { background: #F90424; title: "Unwanted"; }
td.rs.rs { background: #F90424; title: "Suspicious"; }
td.rs.rt { background: #21F411; title: "Trusted"; }
td.rs.rc { background: #21F411; title: "Checked"; }
td.rs.ry { background: #21F411; title: "Up-to-You"; }
td.rs.rr { background: #F6EB13; title: "Riskware"; }
td.rs.ru { background: #D4D0C8; title: "Unknown"; }
td.rs.rn { background: #FFFFFF; title: "Not checked"; }
</style>
</head>
<body>
<p><span class="header1">Report of OSAM: Autorun Manager v5.0.11926.0</span><br>
<a href="hxxp://www.online-solutions.ru/en/" target="_blank">hxxp://www.online-solutions.ru/en/</a><br>
Saved at 21:27:24 on 05.10.2012</p>
<b>OS</b>: Windows 7 Enterprise Edition Service Pack 1 (Build 7601), 64-bit<br>
<b>Default Browser</b>: Mozilla Corporation Firefox 15.0<br>
<br><b>Scanner Settings</b><br>
<input type="checkbox" disabled checked>Rootkits detection (hidden registry)<br>
<input type="checkbox" disabled checked>Rootkits detection (hidden files)<br>
<input type="checkbox" disabled checked>Retrieve files information<br>
<input type="checkbox" disabled checked>Check Microsoft signatures<br>
<br><b>Filters</b><br>
<input type="checkbox" disabled>Trusted entries<br>
<input type="checkbox" disabled>Empty entries<br>
<input type="checkbox" disabled checked>Hidden registry entries (rootkit activity)<br>
<input type="checkbox" disabled checked>Exclusively opened files<br>
<input type="checkbox" disabled checked>Not found files<br>
<input type="checkbox" disabled checked>Files without detailed information<br>
<input type="checkbox" disabled checked>Existing files<br>
<input type="checkbox" disabled>Non-startable services<br>
<input type="checkbox" disabled>Non-startable drivers<br>
<input type="checkbox" disabled checked>Active entries<br>
<input type="checkbox" disabled checked>Disabled entries<br>
<br>
<table border="1" cellpadding="0" cellspacing="0">
<tr>
<th class="cap" width="20">&nbsp;</th>
<th class="cap">Risk</th>
<th class="cap">Name</th>
<th class="cap">Publisher</th>
<th class="cap">Full Path</th>
<th class="cap">Status</th>
</tr>
<tr>
<td class="group" colspan="6">Common</td>
</tr>
<tr>
<td class="reg" colspan="6">%SystemRoot%\Tasks</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"GoogleUpdateTaskMachineCore.job"</td>
<td>"Google Inc."</td>
<td>C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"GoogleUpdateTaskMachineUA.job"</td>
<td>"Google Inc."</td>
<td>C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Control Panel Objects</td>
</tr>
<tr>
<td class="reg" colspan="6">%SystemRoot%\system32</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"nvcpl.cpl"</td>
<td>"NVIDIA Corporation"</td>
<td>C:\Windows\system32\nvcpl.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"PSUNCpl.cpl"</td>
<td>"Panda Security, S.L."</td>
<td>C:\Windows\system32\PSUNCpl.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"QuickTime"</td>
<td>"Apple Inc."</td>
<td>C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Drivers</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub)</td>
<td class="notfound"></td>
<td class="notfound">C:\Windows\System32\drivers\tsusbhub.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"bcd3000" (bcd3000)</td>
<td>"Behringer"</td>
<td>C:\Windows\System32\DRIVERS\bcd3000_x64.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"bcd3000wdm" (bcd3000wdm)</td>
<td>"Behringer"</td>
<td>C:\Windows\System32\DRIVERS\bcd3000wdm_x64.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"catchme" (catchme)</td>
<td class="notfound"></td>
<td class="notfound">C:\ComboFix\catchme.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"gbxavs_x64" (gbxavs_x64)</td>
<td>"Native Instruments GmbH"</td>
<td>C:\Windows\System32\Drivers\gbxavs_x64.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"gbxusb_x64" (gbxusb_x64)</td>
<td>"Native Instruments GmbH"</td>
<td>C:\Windows\System32\Drivers\gbxusb_x64.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rr">||||||</td>
<td>"Hamachi Network Interface" (hamachi)</td>
<td>"LogMeIn, Inc."</td>
<td>C:\Windows\System32\DRIVERS\hamachi.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"HDJAsioK" (HDJAsioK)</td>
<td>"© Guillemot R&D, 2010. All rights reserved."</td>
<td>C:\Windows\System32\Drivers\HDJAsioK.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"HDJBulk" (Bulk)</td>
<td>"© Guillemot R&D, 2010. All rights reserved."</td>
<td>C:\Windows\System32\Drivers\HDJBulk.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Hercules DJ Console Rmx MIDI" (HDJMidi)</td>
<td>"© Guillemot R&D, 2010. All rights reserved."</td>
<td>C:\Windows\System32\DRIVERS\HDJMidi.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"Motorola USB CDC ACM Driver" (motmodem)</td>
<td class="notfound"></td>
<td class="notfound">C:\Windows\System32\DRIVERS\motmodem.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"NVR0Dev" (NVR0Dev)</td>
<td>"NVidia Corp."</td>
<td>C:\Windows\nvoclk64.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"PSINAflt" (PSINAflt)</td>
<td>"Panda Security, S.L."</td>
<td>C:\Windows\System32\DRIVERS\PSINAflt.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"PSINFile" (PSINFile)</td>
<td>"Panda Security, S.L."</td>
<td>C:\Windows\System32\DRIVERS\PSINFile.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"PSINKNC" (PSINKNC)</td>
<td>"Panda Security, S.L."</td>
<td>C:\Windows\System32\DRIVERS\psinknc.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"PSINProc" (PSINProc)</td>
<td>"Panda Security, S.L."</td>
<td>C:\Windows\System32\DRIVERS\PSINProc.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"PSINProt" (PSINProt)</td>
<td>"Panda Security, S.L."</td>
<td>C:\Windows\System32\DRIVERS\PSINProt.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"SANDRA" (SANDRA)</td>
<td>"SiSoftware"</td>
<td>C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x64\Sandra.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"SASDIFSV" (SASDIFSV)</td>
<td>"SUPERAdBlocker.com and SUPERAntiSpyware.com"</td>
<td>C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"SASKUTIL" (SASKUTIL)</td>
<td>"SUPERAdBlocker.com and SUPERAntiSpyware.com"</td>
<td>C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Service for M-Audio FastTrack Pro" (MAUSBFASTTRACKPRO)</td>
<td>"Avid Technology, Inc."</td>
<td>C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"SynasUSB" (SynasUSB)</td>
<td>"SIA Syncrosoft"</td>
<td>C:\Windows\System32\drivers\SynUSB64.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"Synth3dVsc" (Synth3dVsc)</td>
<td class="notfound"></td>
<td class="notfound">C:\Windows\System32\drivers\synth3dvsc.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Tpkd" (Tpkd)</td>
<td>"PACE Anti-Piracy, Inc."</td>
<td>C:\Windows\system32\drivers\Tpkd.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"VGPU" (VGPU)</td>
<td class="notfound"></td>
<td class="notfound">C:\Windows\System32\drivers\rdvgkmd.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"X6va006" (X6va006)</td>
<td class="notfound"></td>
<td class="notfound">C:\Users\c\AppData\Local\Temp\0069E1E.tmp</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="group" colspan="6">Explorer</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Classes\Folder\shellex\ColumnHandlers</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"</td>
<td>"The Document Foundation"</td>
<td>C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{AE424E85-F6DF-4910-A6A9-438797986431} "LibreOffice Property Handler"</td>
<td>"The Document Foundation"</td>
<td>C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\propertyhdl.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler"</td>
<td>"The Document Foundation"</td>
<td>C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler"</td>
<td>"The Document Foundation"</td>
<td>C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler"</td>
<td>"The Document Foundation"</td>
<td>C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer"</td>
<td>"The Document Foundation"</td>
<td>C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="group" colspan="6">Internet Explorer</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">ITBar7Height "ITBar7Height"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound"><binary data> "ITBar7Layout"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{D4B68B83-8710-488B-A692-D74B50BA558E} "Creative Software AutoUpdate Support Package 2"<br>hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab</td>
<td>"Creative Technology Ltd"</td>
<td>C:\Windows\DOWNLO~1\CTPIDPDE.ocx</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{E705A591-DA3C-4228-B0D5-A356DBA42FBF} "{E705A591-DA3C-4228-B0D5-A356DBA42FBF}"<br>hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{F6ACF75C-C32C-447B-9BEF-46B766368D29} "{F6ACF75C-C32C-447B-9BEF-46B766368D29}"<br>hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101"</td>
<td class="notfound"></td>
<td class="notfound">res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} "Panda Security Toolbar"</td>
<td></td>
<td>C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper"</td>
<td>"Oracle Corporation"</td>
<td>C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper"</td>
<td>"Oracle Corporation"</td>
<td>C:\Program Files (x86)\Java\jre7\bin\ssv.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} "Panda Security Toolbar"</td>
<td></td>
<td>C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Known DLLs</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"user32"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Windows\system32\user32.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">LSA Providers</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Lsa</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Security Packages"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Windows\system32\livessp.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Logon</td>
</tr>
<tr>
<td class="reg" colspan="6">%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"desktop.ini"</td>
<td></td>
<td>C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Stardock ObjectDock.lnk"</td>
<td>"Stardock"</td>
<td>C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe</td>
<td>Shortcut exists | File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"desktop.ini"</td>
<td></td>
<td>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</td>
</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs rc">||&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="nodetails">"F.lux"</td>
<td class="nodetails"></td>
<td class="nodetails">"C:\Users\c\Local Settings\Apps\F.lux\flux.exe" /noshow</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"NVIDIA nTune"</td>
<td>"NVIDIA"</td>
<td>"C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Rainlendar2"</td>
<td></td>
<td>f:\Program Files (x86)\Rainlendar2\Rainlendar2.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td class="nodetails">"RocketDock"</td>
<td class="nodetails"></td>
<td class="nodetails">"C:\Program Files (x86)\RocketDock\RocketDock.exe"</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Skype"</td>
<td>"Skype Technologies S.A."</td>
<td>"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun</td>
<td>File exists</td>
</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="nodetails">"Spotify Web Helper"</td>
<td class="nodetails"></td>
<td class="nodetails">"C:\Users\c\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Run</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"KORG USB-MIDI Driver"</td>
<td>"KORG Inc."</td>
<td>C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Panda Security URL Filtering"</td>
<td>"Panda Security"</td>
<td>"C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"PSUNMain"</td>
<td>"Panda Security, S.L."</td>
<td>"C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"QuickTime Task"</td>
<td>"Apple Inc."</td>
<td>"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"SunJavaUpdateSched"</td>
<td>"Sun Microsystems, Inc."</td>
<td>"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Print Monitors</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"pdfcmon"</td>
<td>"pdfforge GbR"</td>
<td>C:\Windows\system32\pdfcmon.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Services</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend)</td>
<td class="notfound"></td>
<td class="notfound">C:\Program Files (x86)\Windows Defender\mpsvc.dll</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc)</td>
<td class="notfound"></td>
<td class="notfound">"C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Apple Mobile Device" (Apple Mobile Device)</td>
<td>"Apple Inc."</td>
<td>C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"ASP.NET State Service" (aspnet_state)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Desura Install Service" (Desura Install Service)</td>
<td>"Desura Pty Ltd"</td>
<td>C:\Program Files (x86)\Common Files\Desura\desura_service.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Dienst "Bonjour"" (Bonjour Service)</td>
<td>"Apple Inc."</td>
<td>C:\Program Files\Bonjour\mDNSResponder.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Google Update Service (gupdate)" (gupdate)</td>
<td>"Google Inc."</td>
<td>C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Google Update-Dienst (gupdatem)" (gupdatem)</td>
<td>"Google Inc."</td>
<td>C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"InstallDriver Table Manager" (IDriverT)</td>
<td>"Macrovision Corporation"</td>
<td>C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"iPod-Dienst" (iPod Service)</td>
<td>"Apple Inc."</td>
<td>C:\Program Files\iPod\bin\iPodService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc)</td>
<td>"LogMeIn Inc."</td>
<td>F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Mozilla Maintenance Service" (MozillaMaintenance)</td>
<td>"Mozilla Foundation"</td>
<td>C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"NIHardwareService" (NIHardwareService)</td>
<td>"Native Instruments GmbH"</td>
<td>C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"nTune Service" (nTuneService)</td>
<td>"NVIDIA"</td>
<td>C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"NVIDIA Display Driver Service" (nvsvc)</td>
<td>"NVIDIA Corporation"</td>
<td>C:\Windows\system32\nvvsvc.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"NVIDIA Update Service Daemon" (nvUpdatusService)</td>
<td>"NVIDIA Corporation"</td>
<td>C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Panda Cloud Antivirus Service" (NanoServiceMain)</td>
<td>"Panda Security, S.L."</td>
<td>C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Radio.fx Server" (Radio.fx)</td>
<td></td>
<td>E:\Tobit Radio.fx\Server\rfx-server.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"SAS Core Service" (!SASCORE)</td>
<td>"SUPERAntiSpyware.com"</td>
<td>C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"SiSoftware Deployment Agent Service" (SandraAgentSrv)</td>
<td>"SiSoftware"</td>
<td>C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Skype Updater" (SkypeUpdate)</td>
<td>"Skype Technologies"</td>
<td>C:\Program Files (x86)\Skype\Updater\Updater.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Steam Client Service" (Steam Client Service)</td>
<td>"Valve Corporation"</td>
<td>C:\Program Files (x86)\Common Files\Steam\SteamService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rr">||||||</td>
<td>"TeamViewer 7" (TeamViewer7)</td>
<td>"TeamViewer GmbH"</td>
<td>C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Windows Live ID Sign-in Assistant" (wlidsvc)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Winsock Providers</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"mdnsNSP"</td>
<td>"Apple Inc."</td>
<td>C:\Program Files (x86)\Bonjour\mdnsNSP.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"WindowsLive Local NSP"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"WindowsLive NSP"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL</td>
<td>File exists</td>
</tr>
</table>
<p>If You have questions or want to get some help, You can visit <a href="hxxp://forum.online-solutions.ru" target="_blank">hxxp://forum.online-solutions.ru</a></p>
</body></html>
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-05 21:29:09
-----------------------------
21:29:09.027    OS Version: Windows x64 6.1.7601 Service Pack 1
21:29:09.027    Number of processors: 4 586 0xF0B
21:29:09.029    ComputerName: C-PC  UserName: c
21:29:09.352    Initialize success
21:30:14.788    AVAST engine defs: 12100501
21:30:47.414    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
21:30:47.417    Disk 0 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610480MB BusType: 3
21:30:47.419    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5
21:30:47.422    Disk 1 Vendor: SAMSUNG_HD401LJ ZZ100-15 Size: 381554MB BusType: 3
21:30:47.431    Disk 0 MBR read successfully
21:30:47.433    Disk 0 MBR scan
21:30:47.438    Disk 0 Windows XP default MBR code
21:30:47.442    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        49998 MB offset 2048
21:30:47.448    Disk 0 Partition - 00     05     Extended              8001 MB offset 102398310
21:30:47.459    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        49999 MB offset 118784610
21:30:47.470    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       502478 MB offset 221182920
21:30:47.484    Disk 0 Partition 4 00     82   Linux swap              8001 MB offset 102398373
21:30:47.508    Disk 0 scanning C:\Windows\system32\drivers
21:30:57.700    Service scanning
21:31:15.902    Modules scanning
21:31:15.910    Disk 0 trace - called modules:
21:31:15.930    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
21:31:15.936    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a30060]
21:31:15.943    3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa80047c4e40]
21:31:15.950    5 ACPI.sys[fffff88000f697a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80047d4060]
21:31:16.499    AVAST engine scan C:\Windows
21:31:18.992    AVAST engine scan C:\Windows\system32
21:34:14.919    AVAST engine scan C:\Windows\system32\drivers
21:34:32.212    AVAST engine scan C:\Users\c
21:43:51.788    AVAST engine scan C:\ProgramData
21:49:52.524    Scan finished successfully
21:54:02.124    Disk 0 MBR has been saved successfully to "C:\Users\c\Desktop\MBR.dat"
21:54:02.130    The log file has been saved successfully to "C:\Users\c\Desktop\aswMBR.txt"
__________________
Alt 07.10.2012, 04:53   #34
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Standard

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Warum postest du das OSAM Log nicht in dem Format, dass ich lt. Anleitung haben wollte?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.10.2012, 13:10   #35
Stowneage
 
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Standard

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Zitat:
Zitat von cosinus Beitrag anzeigen
Warum postest du das OSAM Log nicht in dem Format, dass ich lt. Anleitung haben wollte?
Sorry, hatte da wohl was missverstanden.
So besser ?


Alt 07.10.2012, 19:38   #36
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Standard

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Und warum jetzt im Anhang?

Die Logs bitte nur in den Anhang (gezippt) legen, wenn sie zu groß sind um direkt gepostet zu werden!
Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher übersichtlicher und man spart sich ne Menge Rumklickerei

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________
--> Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien

Alt 07.10.2012, 19:54   #37
Stowneage
 
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Standard

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Ok jetzt habe ich den Fehler erkannt.

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:00:48 on 07.10.2012

OS: Windows 7 Enterprise Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 15.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"PSUNCpl.cpl" - "Panda Security, S.L." - C:\Windows\system32\PSUNCpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)
"bcd3000" (bcd3000) - "Behringer" - C:\Windows\System32\DRIVERS\bcd3000_x64.sys
"bcd3000wdm" (bcd3000wdm) - "Behringer" - C:\Windows\System32\DRIVERS\bcd3000wdm_x64.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"gbxavs_x64" (gbxavs_x64) - "Native Instruments GmbH" - C:\Windows\System32\Drivers\gbxavs_x64.sys
"gbxusb_x64" (gbxusb_x64) - "Native Instruments GmbH" - C:\Windows\System32\Drivers\gbxusb_x64.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"HDJAsioK" (HDJAsioK) - "© Guillemot R&D, 2010. All rights reserved." - C:\Windows\System32\Drivers\HDJAsioK.sys
"HDJBulk" (Bulk) - "© Guillemot R&D, 2010. All rights reserved." - C:\Windows\System32\Drivers\HDJBulk.sys
"Hercules DJ Console Rmx MIDI" (HDJMidi) - "© Guillemot R&D, 2010. All rights reserved." - C:\Windows\System32\DRIVERS\HDJMidi.sys
"Motorola USB CDC ACM Driver" (motmodem) - ? - C:\Windows\System32\DRIVERS\motmodem.sys  (File not found)
"NVR0Dev" (NVR0Dev) - "NVidia Corp." - C:\Windows\nvoclk64.sys
"PSINAflt" (PSINAflt) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINAflt.sys
"PSINFile" (PSINFile) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINFile.sys
"PSINKNC" (PSINKNC) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\psinknc.sys
"PSINProc" (PSINProc) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINProc.sys
"PSINProt" (PSINProt) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINProt.sys
"SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x64\Sandra.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
"Service for M-Audio FastTrack Pro" (MAUSBFASTTRACKPRO) - "Avid Technology, Inc." - C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys
"SynasUSB" (SynasUSB) - "SIA Syncrosoft" - C:\Windows\System32\drivers\SynUSB64.sys
"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)
"Tpkd" (Tpkd) - "PACE Anti-Piracy, Inc." - C:\Windows\system32\drivers\Tpkd.sys
"VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys  (File not found)
"X6va006" (X6va006) - ? - C:\Users\c\AppData\Local\Temp\0069E1E.tmp  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "ms-help" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise-Projekte" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL
{AE424E85-F6DF-4910-A6A9-438797986431} "LibreOffice Property Handler" - "The Document Foundation" - C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\propertyhdl.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Microsoft Outlook Custom Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{D4B68B83-8710-488B-A692-D74B50BA558E} "Creative Software AutoUpdate Support Package 2" - "Creative Technology Ltd" - C:\Windows\DOWNLO~1\CTPIDPDE.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
{E705A591-DA3C-4228-B0D5-A356DBA42FBF} "{E705A591-DA3C-4228-B0D5-A356DBA42FBF}" - ? -   (File not found | COM-object registry key not found) / hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
{F6ACF75C-C32C-447B-9BEF-46B766368D29} "{F6ACF75C-C32C-447B-9BEF-46B766368D29}" - ? -   (File not found | COM-object registry key not found) / hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} "Panda Security Toolbar" - ? - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} "Panda Security Toolbar" - ? - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Stardock ObjectDock.lnk" - "Stardock" - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"F.lux" - ? - "C:\Users\c\Local Settings\Apps\F.lux\flux.exe" /noshow  (File found, but it contains no detailed information)
"NVIDIA nTune" - "NVIDIA" - "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
"Rainlendar2" - ? - f:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
"RocketDock" - ? - "C:\Program Files (x86)\RocketDock\RocketDock.exe"  (File found, but it contains no detailed information)
"Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"Spotify Web Helper" - ? - "C:\Users\c\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"KORG USB-MIDI Driver" - "KORG Inc." - C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
"Panda Security URL Filtering" - "Panda Security" - "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"
"PSUNMain" - "Panda Security, S.L." - "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Desura Install Service" (Desura Install Service) - "Desura Pty Ltd" - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - F:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"NIHardwareService" (NIHardwareService) - "Native Instruments GmbH" - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
"nTune Service" (nTuneService) - "NVIDIA" - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Office 64 Source Engine" (ose64) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Panda Cloud Antivirus Service" (NanoServiceMain) - "Panda Security, S.L." - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
"Radio.fx Server" (Radio.fx) - ? - E:\Tobit Radio.fx\Server\rfx-server.exe
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Geändert von Stowneage (07.10.2012 um 20:02 Uhr)

Alt 07.10.2012, 20:30   #38
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Standard

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.10.2012, 21:31   #39
Stowneage
 
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Standard

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/09/2012 at 08:34 PM

Application Version : 5.6.1010

Core Rules Database Version : 9367
Trace Rules Database Version: 7179

Scan type       : Complete Scan
Total Scan Time : 02:08:13

Operating System Information
Windows 7 Enterprise 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 649
Memory threats detected   : 0
Registry items scanned    : 74519
Registry threats detected : 0
File items scanned        : 156153
File threats detected     : 114

Adware.Tracking Cookie
	C:\Users\c\AppData\Roaming\Microsoft\Windows\Cookies\ZW5MMBK5.txt [ /serving-sys.com ]
	C:\Users\c\AppData\Roaming\Microsoft\Windows\Cookies\TW1IHJ7V.txt [ /bs.serving-sys.com ]
	C:\USERS\C\Cookies\TW1IHJ7V.txt [ Cookie:c@bs.serving-sys.com/ ]
	.estat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	tracking.sim-technik.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	server.iad.liveperson.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.cbsdigitalmedia.112.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.microsoftsto.112.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	stats.o2more.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	stats.o2more.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6afkyupczcbq.stats.esomniture.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.partnersearchmetrics.sbx1.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.elitepvpers.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.elitepvpers.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.elitepvpers.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.elitepvpers.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.elitepvpers.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.elitepvpers.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	wstat.wibiya.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.bwincom.122.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	tracking.mobile.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	int.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	int.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.cyonix.to [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.cyonix.to [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.tracking.3gnet.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.www.traffictrack.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.kaspersky.122.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.cyonix.to [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.cyonix.to [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.cyonix.to [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.etracker.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.etracker.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	application.etracker.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.stats.paypal.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.tracker.vinsight.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	application.etracker.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.cmp.112.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.mediatack.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.mediatack.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.mediatack.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]

Adware.SoftonicDownloader
	C:\_OTL\MOVEDFILES\09272012_223053\F_FIREFOX DLS\SOFTONICDOWNLOADER_FUER_NVIDIA-GPU-TEMP.EXE
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.08.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
c :: C-PC [administrator]

09.10.2012 01:03:06
mbam-log-2012-10-09 (01-03-06).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|J:\|K:\|L:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1049362
Time elapsed: 2 hour(s), 46 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Alt 10.10.2012, 11:15   #40
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Standard

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Code:
ATTFilter
UAC On - Limited User
Wie hast du SUPERAntiSpyware gestartet? Einfach per Doppelklick? Oder so wie es in der Anleitung steht?

Zitat:
Zitat von cosinus Beitrag anzeigen
Teil 2: Programm ausführen
Das Programm wurde nun installiert, eine Verknüpfung auf dem Desktop sollte erstellt worden sein. Nachdem du es gestartet hast, wird es sich erstmalig beim Updateserver nach neuen Schädlingssignaturen umsehen und Updates installieren. Diesen Vorgang NICHT abbrechen!

Benutzer mit Windows Vista und Windows 7 starten das Tool bitte wieder per Rechtsklick => als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.10.2012, 19:19   #41
Stowneage
 
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Standard

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Mit rechtsklick als Admin kommt die gleiche Meldung...ich probiere es nochmal.

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/10/2012 at 08:13 PM

Application Version : 5.6.1010

Core Rules Database Version : 9375
Trace Rules Database Version: 7187

Scan type       : Complete Scan
Total Scan Time : 02:33:49

Operating System Information
Windows 7 Enterprise 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 629
Memory threats detected   : 0
Registry items scanned    : 74551
Registry threats detected : 0
File items scanned        : 152287
File threats detected     : 30

Adware.Tracking Cookie
	media.mtvnservices.com [ C:\USERS\C\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LTZC8J6A ]
	secure-us.imrworldwide.com [ C:\USERS\C\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LTZC8J6A ]
	.mtvn.112.2o7.net [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.account.mojang.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.account.mojang.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.account.mojang.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	uk.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	uk.sitestat.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	application.etracker.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	application.etracker.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.questionpro.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.questionpro.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.surveys.questionpro.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.surveys.questionpro.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]
	.surveys.questionpro.com [ C:\USERS\C\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OQ4RS7E.DEFAULT\COOKIES.SQLITE ]

Alt 11.10.2012, 11:55   #42
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Standard

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Hmja, das ist ein Bug von SUPERAntiSpyware aber halb so wild

Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.10.2012, 15:32   #43
Stowneage
 
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Standard

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Also ich habe das ganze jetzt mal ein paar Tage beobachtet.
Es scheint alles soweit ganz gut zu laufen.
Lediglich firefox reagiert manchmal (gestern zb.) noch extrem verzögert auf jeglich Eingaben. Allerdings jetzt nichtmehr dauerhaft.
Ein Neustart ist dann allerdings nötig um das zu beheben..
Die Windowsmeldung ich möge ein Antivirenprogrmm finden besteht auch nachwievor.
Ansonsten scheint alles gut zu sein.

Alt 17.10.2012, 16:13   #44
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Standard

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.10.2012, 18:26   #45
Stowneage
 
Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Standard

Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


Dann bedanke ich mich recht herzlich für die sehr Umfangreiche Hilfe und hoffe das war es erstmal

Toll, dass es euch gibt.

Vielen Dank.

Antwort
Seite 3 von 3 12 3

Themen zu Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien
aktiviere, anleitung, anti, antivirus, center, dateien, dauernd, deaktivieren, deaktiviert, diverse, diverser, eingabeaufforderung, erledigt, euren, firefox, lahm, lahmt, panda, plötzlich, programm, schei, security, system, trj/ci.a, virus, windows


« USB Virus (auf Vista Parallels): Verknüfungen statt normale Ordner | fotos weck »


Ähnliche Themen: Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien


  1. MSE findet unerwünschte Dateien auf dem Rechner
    Plagegeister aller Art und deren Bekämpfung - 18.10.2015 (14)
  2. MalwareScan findet 11 infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 25.10.2013 (23)
  3. Windows 7: Malwarebytes Anti-Malware meldet hunderte Infizierungen mit diversen PUP.Optional Dateien
    Log-Analyse und Auswertung - 13.09.2013 (7)
  4. MBAM findet 2 Infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (11)
  5. Malwarebytes findet 5 infiszierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (5)
  6. Verdächtige Hooks in diversen Dateien laut GMER
    Log-Analyse und Auswertung - 13.06.2013 (11)
  7. AntiVir findet nichts doch Malwarebytes findet 22 infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (21)
  8. habe GEMA Trojaner aber finde die dateien nicht die in diversen anleitungen aufgelistet sind
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (9)
  9. Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner
    Log-Analyse und Auswertung - 17.05.2012 (20)
  10. Malwarebytes findet 3 infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (14)
  11. avast findet "giraffic.exe", danach findet malewarebytes 13 infizierte dateien..PUP.Hacktool.Patcher
    Log-Analyse und Auswertung - 26.08.2011 (5)
  12. Nach Viren-Scan und Diversen Dateien in Quarantäne, kein Browser mehr funktioniert.
    Log-Analyse und Auswertung - 05.12.2010 (8)
  13. Panda-Onlinescanner findet UNIV-Virus
    Log-Analyse und Auswertung - 26.08.2010 (3)
  14. Panda findet bifrose.akl ist er jetzt weg?
    Plagegeister aller Art und deren Bekämpfung - 13.05.2009 (8)
  15. Seltsame Popups von "Windows"... panda findet spyware
    Log-Analyse und Auswertung - 02.08.2006 (4)
  16. Hilfe Panda Online Findet Spyware !!!!
    Log-Analyse und Auswertung - 08.01.2006 (8)
  17. Probleme mit Panda oder findet er als einziger alle Viren etc ?
    Log-Analyse und Auswertung - 31.10.2005 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien - Code: Alles auswählen Aufklappen ATTFilter ComboFix 12-10-02.02 - c 03.10.2012 14:46:30.1.4 - x64 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1033.18.4095.2513 [GMT 2:00] ausgeführt von:: c:\users\c\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . - Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien...
Archiv
Du betrachtest: Panda findet Hupigon.AZG und Trj/CI.A in diversen Dateien auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130