| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GMER meldet "hidden rootkit activity" & Rechner langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.02.2013, 23:30
| #16 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   |  GMER meldet "hidden rootkit activity" & Rechner langsamZitat:
Zitat:
 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.02.2013, 11:20
| #17 | |
 | GMER meldet "hidden rootkit activity" & Rechner langsam Hi Cosinus,
__________________sorry, ich glaub, ich kann mich grad irgendwie nicht verständlich ausdrücken.  Zitat:
Die einzige Anleitung bezüglich der Treiberreihenfolge, die ich finden konnte, bezog sich aber auf das Upgrade von XP auf Win7 - mein Gedanke war also: "Ok, den BIOS-Teil überspring ich mal lieber, aber der Rest (erst Chipsatz, dann SATA, dann VGA etc.) müsste ja generell stimmen." Daher also der Verweis auf diese Anleitung. Da ich aber wg. der Treiber noch mehr Fragen hatte (weil es öfters 2 Treiber zur Auswahl gibt & der Hotkey-Treiber zu fehlen scheint ), hab ich denen mal eine Mail geschrieben. lg, me. |
|
13.02.2013, 11:28
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMER meldet "hidden rootkit activity" & Rechner langsam Du machst aber kein Upgrade von XP zu Win7, sondern du installierst einfach nur Win7 neu - was soll denn da der Hinweis für eine Relevanz bitteschön haben?
__________________Zitat:
__________________ |
|
13.02.2013, 12:20
| #19 | ||
| | GMER meldet "hidden rootkit activity" & Rechner langsam Hi Cosinus, Zitat:
Zitat:
(Dann bin ich als Anfänger wohl auf den Hokuspokus reingefallen, den Dell & Asus um ihre Treiberreihenfolge machen.)Tausend Dank noch einmal für Deine ausführliche Hilfe und Geduld mit meinen Anfängerfragen!  lg, me. So, hab jetzt doch noch einen Scan mit ClamTK von dem PartedMagic Stick gemacht - lass mich raten, das BackUp des jetzigen (da funktionierenden) Systems kann ich mir sparen, oder?  Diese verschiedenen Win.Trojan.Expiro (plus Nummer), das sind doch nicht alles Fehlalarmmeldungen, oder? Ich hab die jetzt erstmal in die Qurantäne geschickt - wird die eigentlich gelöscht, sobald ich das PartedMagic herunterfahre? Das läuft ja schließlich nur im Arbeitsspeicher, wenn ich das richtig verstanden habe. Hier die Funde aus der Log-Datei: Code:
ATTFilter Found 382 possible threats (88305 files scanned).
/media/sda1/Program Files/Adobe/Flash Player/AddIns/airappinstaller/airappinstaller.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Adobe/Reader 11.0/Reader/ExtendScript.dll PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/ASUS/ASUS WebStorage/XPClient.dll PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/IrfanView/Plugins/B3d.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/Burning.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/Crw.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/Dicom.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/DjVu.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/EAFSH.dll PUA.Win32.Packer.Aspack-40
/media/sda1/Program Files/IrfanView/Plugins/Ecw/NCScnet.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Ecw/NCSEcw.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Ecw/NCSEcwC.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Ecw/NCSUtil.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/ASUS/ASUSUpdate for Eee PC/AsMultiLang.dll PUA.Win32.Packer.BorlandCpp-9
/media/sda1/Program Files/IrfanView/Plugins/Ecw.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Effects.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/EMail.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Exr.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/FaceDetect.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/Jpm.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/KDC120.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Lcms.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/LogoManager.dll PUA.Win32.Packer.Aspack-40
/media/sda1/Program Files/IrfanView/Plugins/Med.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/ASUS/ASUSUpdate for Eee PC/GifView.dll PUA.Win32.Packer.BorlandCpp-9
/media/sda1/Program Files/IrfanView/Plugins/Metadata.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/Mng.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Mp3.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/MrSID.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Nero.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Paint.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Photocd.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Pngout.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Postscript.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/Quicktime.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/ASUS/LiveUpdate/download/267064555.exe PUA.Win32.Packer.Armadillo-59
/media/sda1/Program Files/IrfanView/Plugins/Ra_player.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Riot.dll PUA.Win32.Packer.Upx-50
/media/sda1/Program Files/IrfanView/Plugins/Sff.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Slideshow.exe PUA.Win32.Packer.Upx-28
/media/sda1/Program Files/IrfanView/Plugins/SoundPlayer.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Tools.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/Video.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/Vtf.dll PUA.Win32.Packer.Asprotect-2
/media/sda1/Program Files/IrfanView/Plugins/Wbz.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/WebP.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/ASUS/LiveUpdate/LiveUpdate.exe PUA.Packed.Armadillo-1
/media/sda1/Program Files/IrfanView/Plugins/Wsq.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/FFactory.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/Flash.dll PUA.Win32.Packer.Upx-50
/media/sda1/Program Files/IrfanView/Plugins/Flash4.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Fmod/Fmod.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Formats.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/Fpx.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Ftp.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/Hdp.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/Icons.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/Avira/AntiVir Desktop/apnstub.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/IrfanView/Plugins/Ics.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/ImPDF.dll PUA.Win32.Packer.UpxProtector
/media/sda1/Program Files/IrfanView/Plugins/ImPDN.dll PUA.Win32.Packer.UpxProtector
/media/sda1/Program Files/IrfanView/Plugins/ImXCF.dll PUA.Win32.Packer.UpxProtector
/media/sda1/Program Files/IrfanView/Plugins/IV_Player.exe PUA.Win32.Packer.Upx-28
/media/sda1/Program Files/IrfanView/Plugins/JPEG2000.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/Jpeg_LS.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Jpg_Transform.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/Malwarebytes' Anti-Malware/unins000.exe PUA.Win32.Packer.Vip
/media/sda1/Program Files/Microsoft Office/Office/EXCEL.EXE PUA.Win32.Packer.Vip
/media/sda1/Program Files/Avira/AntiVir Desktop/apntoolbarinstaller.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Microsoft Silverlight/sllauncher.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/ProgramData/Adobe/Setup/{AC76BA86-7AD7-1031-7B44-AB0000000001}/AcroRead.msi PUA.Win32.Packer.MsVisualCpp-3
/media/sda1/ProgramData/Microsoft/OEMOffice14/Office14/SingleImage.WW/.svn/text-base/Office64WW.msi.svn-base PUA.Win32.Packer.MsVisualCpp-3
/media/sda1/ProgramData/Microsoft/OEMOffice14/Office14/SingleImage.WW/Office64WW.msi PUA.Win32.Packer.MsVisualCpp-3
/media/sda1/ProgramData/Microsoft/OEMOffice14/Office14/Proofing.de-de/Proof.de/.svn/text-base/Proof.cab.svn-base PUA.Win32.Packer.Pseudosigner-95
/media/sda1/ProgramData/Microsoft/OEMOffice14/Office14/Proofing.de-de/Proof.de/Proof.cab PUA.Win32.Packer.Pseudosigner-95
/media/sda1/ProgramData/Microsoft/OEMOffice14/Office14/Proofing.de-de/Proof.en/.svn/text-base/Proof.cab.svn-base PUA.Win32.Packer.Pseudosigner-95
/media/sda1/ProgramData/Microsoft/OEMOffice14/Office14/Proofing.de-de/Proof.en/Proof.cab PUA.Win32.Packer.Pseudosigner-95
/media/sda1/ProgramData/Microsoft/OEMOffice14/Office14/Proofing.de-de/Proof.fr/.svn/text-base/Proof.cab.svn-base PUA.Win32.Packer.Pseudosigner-95
/media/sda1/ProgramData/Microsoft/OEMOffice14/Office14/Proofing.de-de/Proof.fr/Proof.cab PUA.Win32.Packer.Pseudosigner-95
/media/sda1/Program Files/Avira/AntiVir Desktop/avadmin.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/ProgramData/Microsoft/OEMOffice14/OStarter/de-de/.svn/text-base/click2run.msi.svn-base PUA.Win32.Packer.MsVisualCpp-2
/media/sda1/ProgramData/Microsoft/OEMOffice14/OStarter/de-de/click2run.msi PUA.Win32.Packer.MsVisualCpp-2
/media/sda1/ProgramData/Microsoft/Windows Defender/Definition Updates/Backup/mpengine.dll PUA.Win32.Packer.Lzexe
/media/sda1/ProgramData/Microsoft/Windows Defender/Definition Updates/{25CE1327-FE27-49CD-9765-DEC6A6117B18}/mpengine.dll PUA.Win32.Packer.Lzexe
/media/sda1/ProgramData/Skype/{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}/Skype.msi PUA.Win32.Packer.Upx-26
/media/sda1/Users/Default/AppData/Roaming/Macromedia/Flash Player/www.macromedia.com/bin/airappinstaller/airappinstaller.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Users/.../AppData/Local/Adobe/Updater6/Install/reader9rdr-MUI/AdbeRdrUpd920_mui_cum.msp PUA.Win32.Packer.SetupExeSection
/media/sda1/Users/.../AppData/LocalLow/Sun/Java/AU/au.cab PUA.Win32.Packer.SetupExeSection
/media/sda1/Users/.../AppData/Roaming/Macromedia/Flash Player/www.macromedia.com/bin/airappinstaller/airappinstaller.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Users/.../AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Tools/MWconn/CONFIG.exe PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/Avira/AntiVir Desktop/avcenter.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Users/.../AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Tools/MWconn/GPRS.exe PUA.Win32.Packer.Upx-53
/media/sda1/Users/.../AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Tools/MWconn/MWconn.exe PUA.Win32.Packer.Upx-53
/media/sda1/Users/.../AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Tools/MWconn/UMTS.exe PUA.Win32.Packer.Upx-53
/media/sda1/Users/.../AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Tools/MWconn/UMTSGPRS.exe PUA.Win32.Packer.Upx-53
/media/sda1/Users/.../Desktop/adwcleaner.exe PUA.Win32.Packer.Upx-53
/media/sda1/Users/.../Desktop/aswMBR.exe PUA.Crypt.ScriptCryptor
/media/sda1/Users/.../Desktop/Defogger.exe PUA.Win32.Packer.MingwGcc-2
/media/sda1/Users/.../Desktop/gmer_2.0.18454.exe PUA.Win32.Packer.Upx-28
/media/sda1/Users/.../Desktop/mbar-1.01.0.1020/mbar/msvcr100.dll PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Users/.../Desktop/mbar-1.01.0.1020.zip PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Program Files/Avira/AntiVir Desktop/avconfig.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Users/.../Desktop/OTL.exe PUA.Packed.PECompact-1
/media/sda1/Windows/assembly/GAC_MSIL/SqliteShared/1.0.3726.20828__0d0f4b69e50e559b/SqliteShared.dll PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/assembly/NativeImages_v2.0.50727_32/System.ServiceProce#/7ff638de44686eab4afaa8b3c8a9cfca/System.ServiceProcess.ni.dll PUA.Win32.Packer.Starforce-1
/media/sda1/Windows/assembly/NativeImages_v2.0.50727_32/SMDiagnostics/eb33bf977e97e97b12e82c18e36fbaee/SMDiagnostics.ni.dll PUA.Win32.Packer.Starforce-1
/media/sda1/Windows/Installer/$PatchCache$/Managed/1D5E3C0FEDA1E123187686FED06E995A/10.0.40219/F_CENTRAL_msvcr100_x86 PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Windows/Installer/$PatchCache$/Managed/68AB67CA7DA71301B744BA0000000010/11.0.0/adobearmhelper.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/$PatchCache$/Managed/68AB67CA7DA71301B744BA0000000010/11.0.0/F_CENTRAL_msvcr100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Windows/Installer/11ea98.msi PUA.Packed.Armadillo-1
/media/sda1/Windows/Installer/127884.msp PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/13a2ee.msp PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Adobe/Reader 11.0/Reader/plug_ins/Annotations/Stamps/DEU/Dynamic.pdf PUA.Script.PDF.EmbeddedJavaScript
/media/sda1/Program Files/Avira/AntiVir Desktop/avguard.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/146db5.msi PUA.Win32.Packer.MsVisualCpp-3
/media/sda1/Windows/Installer/148627.msi PUA.Win32.Packer.MsVisualCpp-3
/media/sda1/Windows/Installer/148640.msp PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Windows/Installer/15ecbf8.msp PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/1a8f2.msi PUA.Win32.Packer.MsVisualCpp-3
/media/sda1/Windows/Installer/1a8f8.msi PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/1a8fd.msi PUA.Packed.PECompact-1
/media/sda1/Windows/Installer/1a92b.msp PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/1b2fe.msi PUA.Win32.Packer.MsVisualCpp-3
/media/sda1/Windows/Installer/1b306.msi PUA.Win32.Packer.MsVisualCpp-3
/media/sda1/Program Files/Avira/AntiVir Desktop/avnotify.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}/NewShortcut1_FDC47883CED846FEB64AC94819B9AABF.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}/NewShortcut2_3525ED74B9D6424D808586906752AB80.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/{17780F99-A9DF-450B-81B3-6781B20A17A8}/ARPPRODUCTICON.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/{17780F99-A9DF-450B-81B3-6781B20A17A8}/FontResizer.exe1_7054C2662034464DB2C03BE964E87280.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/{17780F99-A9DF-450B-81B3-6781B20A17A8}/FontResizer.exe_E602E14F8D1B43E990EB9A85ED4976C3.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/{17780F99-A9DF-450B-81B3-6781B20A17A8}/UNINST_Uninstall_F_E68D5C28A66047B984D28BD0452CAC52.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/2064f1.msi PUA.Win32.Packer.MsVisualCpp-2
/media/sda1/Windows/Installer/21b986.msi PUA.Win32.Packer.MsVisualCpp-3
/media/sda1/Windows/Installer/53610c.msi PUA.Win32.Packer.MsVisualCpp-3
/media/sda1/Windows/Installer/5e5b6.msp PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Avira/AntiVir Desktop/avrestart.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/64026.msp PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/8760e.msi PUA.Packed.Armadillo-1
/media/sda1/Windows/Installer/87614.msi PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/988de.msi PUA.Win32.Packer.Upx-26
/media/sda1/Windows/Installer/9cd3ad.msi PUA.Win32.Packer.MsVisualCpp-3
/media/sda1/Windows/Installer/9e942a.msi PUA.Win32.Packer.Armadillo-59
/media/sda1/Windows/Installer/b1a674.msi PUA.Win32.Packer.MsVisualCpp-3
/media/sda1/Windows/Installer/f2994.msp PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/f74cd.msp PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/1b30c.msi PUA.Win32.Packer.Msvcpp
/media/sda1/Program Files/Avira/AntiVir Desktop/avscan.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/{38E5A3B1-ADF1-47E0-8024-76310A30EB36}/ARPPRODUCTICON.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/{38E5A3B1-ADF1-47E0-8024-76310A30EB36}/Help.exe_8B528BCCE93B4E8D81A819E500F6F7AC.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/{38E5A3B1-ADF1-47E0-8024-76310A30EB36}/Help.exe_93534D1C82624E1CB79EB496AFE18AB9.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/{38E5A3B1-ADF1-47E0-8024-76310A30EB36}/LiveUpdate.exe_159D431DD2094A75A6EE2B7624A40520.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Installer/{38E5A3B1-ADF1-47E0-8024-76310A30EB36}/LiveUpdate.exe_770D538A4C1A4C0287E1FA02AE562DA4.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/Microsoft.NET/Framework/v2.0.50727/dfdll.dll PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/ServiceProfiles/LocalService/AppData/Local/Temp/TfsStore/Tfs_DAV/essentialpim30.exe PUA.Win32.Packer.Upx-26
/media/sda1/Windows/SoftwareDistribution/Download/e0f9d7423b51e40432c544fdca5e8fa267518085 PUA.Win32.Packer.Lzexe
/media/sda1/Windows/SoftwareDistribution/Download/fd7c4ac3264f6025258a325562c062c346433de5 PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/SoftwareDistribution/Download/ae3d3c94fcbc0daf57e16cf20d36d762207c0616 PUA.Win32.Packer.Nspack-33
/media/sda1/Program Files/Avira/AntiVir Desktop/avwebgrd.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/System32/bdeadmin.cpl PUA.Win32.Packer.BorlandDelphi-13
/media/sda1/Windows/System32/dccw.exe Win.Trojan.Expiro-775
/media/sda1/Windows/System32/debug.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/System32/DeviceProperties.exe Win.Trojan.Expiro-966
/media/sda1/Windows/System32/diskcopy.dll PUA.Win32.Packer.Exepack
/media/sda1/Windows/System32/DriverStore/FileRepository/avmisdnc.inf_x86_neutral_e8031e434b323b61/avmenum.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Windows/System32/DriverStore/FileRepository/hdasrsa.inf_x86_neutral_ab50393e6fb89af1/AERTSrv.exe PUA.Win32.Packer.NspackDotnetNor-1
/media/sda1/Windows/System32/DriverStore/FileRepository/netvg62.inf_x86_neutral_4a0e9c58796bca8a/getn62.sys PUA.Win32.Packer.NspackDotnetNor-1
/media/sda1/Windows/System32/DriverStore/FileRepository/synpd.inf_x86_neutral_1077834d1adc6fed/WdfCoInstaller01009.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Windows/System32/drivers/fastfat.sys PUA.Win32.Packer.NspackDotnetNor-1
/media/sda1/Program Files/Avira/AntiVir Desktop/avwebloader.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/System32/drivers/nsiproxy.sys PUA.Win32.Packer.Pequake-3
/media/sda1/Windows/System32/edit.com PUA.Win32.Packer.Exepack
/media/sda1/Windows/System32/edlin.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/System32/eudcedit.exe Win.Trojan.Expiro-895
/media/sda1/Windows/System32/exe2bin.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/System32/fastopen.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/System32/hpbmiapi.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Windows/System32/hpboid.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Windows/System32/hpboidps.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Windows/System32/hpbpro.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Program Files/Avira/AntiVir Desktop/avwsc.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/System32/hpbprops.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Windows/System32/HPZidr12.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Windows/System32/HPZinw12.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Windows/System32/HPZipm12.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Windows/System32/HPZipr12.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Windows/System32/hpzipt12.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Windows/System32/Magnify.exe Win.Trojan.Expiro-799
/media/sda1/Windows/System32/hpzisn12.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Windows/System32/iscsicli.exe Win.Trojan.Expiro-934
/media/sda1/Windows/System32/KBDLT2.DLL PUA.Win32.Packer.Starforce-1
/media/sda1/Program Files/Avira/AntiVir Desktop/fact.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/System32/LocationNotifications.exe Win.Trojan.Expiro-645
/media/sda1/Windows/System32/mcupdate_GenuineIntel.dll PUA.Win32.Packer.BorlandDelphiKo
/media/sda1/Windows/System32/mem.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/System32/migwiz/migwiz.exe Win.Trojan.Expiro-858
/media/sda1/Windows/System32/migwiz/PostMig.exe Win.Trojan.Expiro-769
/media/sda1/Windows/System32/msconfig.exe Win.Trojan.Expiro-654
/media/sda1/Windows/System32/msvcr100.dll PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Windows/System32/perfmon.exe Win.Trojan.Expiro-958
/media/sda1/Windows/System32/NlsData0013.dll PUA.Win32.Packer.Pseudosigner-95
/media/sda1/Windows/System32/ntdll.dll PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Program Files/Avira/AntiVir Desktop/FAILSAFE/aerdl.dll PUA.Win32.Packer.Aspack-40
/media/sda1/Windows/System32/nlsfunc.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/System32/NlsLexicons0001.dll PUA.Win32.Packer.Starforce-1
/media/sda1/Windows/System32/NlsLexicons0007.dll PUA.Win32.Packer.Starforce-1
/media/sda1/Windows/System32/NlsLexicons000a.dll PUA.Win32.Packer.Starforce-1
/media/sda1/Windows/System32/OptionalFeatures.exe Win.Trojan.Expiro-619
/media/sda1/Windows/System32/RMActivate_isv.exe Win.Trojan.Expiro-764
/media/sda1/Windows/System32/RMActivate_ssp_isv.exe Win.Trojan.Expiro-817
/media/sda1/Windows/System32/rstrui.exe Win.Trojan.Expiro-631
/media/sda1/Windows/System32/share.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/System32/spool/drivers/w32x86/3/PS5UI.DLL PUA.Win32.Packer.Msvcpp
/media/sda1/Program Files/Avira/AntiVir Desktop/licmgr.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/System32/spool/drivers/w32x86/3/PSCRIPT5.DLL PUA.Win32.Packer.Msvcpp
/media/sda1/Windows/System32/SupportAppCB/cc3260.dll PUA.Win32.Packer.BorlandCpp-9
/media/sda1/Windows/System32/SupportAppCB/file_aut.exe PUA.Win32.Packer.BorlandCpp-8
/media/sda1/Windows/System32/SupportAppCB/Setup/ISSetup.dll PUA.Packed.PECompact-1
/media/sda1/Windows/System32/SystemPropertiesHardware.exe Win.Trojan.Expiro-996
/media/sda1/Windows/System32/SystemPropertiesRemote.exe Win.Trojan.Expiro-900
/media/sda1/Windows/System32/WdfCoInstaller01009.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Windows/System32/WerFault.exe Win.Trojan.Expiro-992
/media/sda1/Windows/System32/wusa.exe Win.Trojan.Expiro-837
/media/sda1/Windows/System32/xmllite.dll PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Program Files/Adobe/Reader 11.0/Reader/plug_ins/Annotations/Stamps/ENU/Dynamic.pdf PUA.Script.PDF.EmbeddedJavaScript
/media/sda1/Program Files/Avira/AntiVir Desktop/setup.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/winsxs/Backup/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_debug.exe_bdafe3af PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/Backup/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_mem.exe_e5748c01 PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/Backup/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_share.exe_bbb4488d PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/Backup/x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_dc7b1529735a0950_iscsicli.exe_20e14d4f Win.Trojan.Expiro-934
/media/sda1/Windows/winsxs/Backup/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_nlsfunc.exe_68d576d3 PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/Backup/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_edit.com_fc89ce91 PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/Backup/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_edlin.exe_420aa87c PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/Backup/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_exe2bin.exe_584b170f PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/Backup/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_fastopen.exe_34b8aa0e PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/Backup/x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.17836_none_48d3a041118f7939_rstrui.exe_dfa7225b Win.Trojan.Expiro-631
/media/sda1/Program Files/Avira/AntiVir Desktop/update.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/winsxs/Backup/x86_microsoft-windows-xmllite_31bf3856ad364e35_6.1.7601.17633_none_8b2c4a4201a1c2f4_xmllite.dll_ce078c31 PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Windows/winsxs/Backup/x86_microsoft-windows-m..update-genuineintel_31bf3856ad364e35_6.1.7601.17514_none_bec7764d108f674f_mcupdate_genuineintel.dll_940e6a7f PUA.Win32.Packer.BorlandDelphiKo
/media/sda1/Windows/winsxs/Backup/x86_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.17725_none_5ad47c575a76f4b7_ntdll.dll_ae4ef39c PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Windows/winsxs/Backup/x86_microsoft-windows-usermodensi_31bf3856ad364e35_6.1.7600.16385_none_7238790328c77613_nsiproxy.sys_ebb6a83d PUA.Win32.Packer.Pequake-3
/media/sda1/Windows/winsxs/Backup/x86_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_ae8981a3b8b7be50_fastfat.sys_0ffee946 PUA.Win32.Packer.NspackDotnetNor-1
/media/sda1/Windows/winsxs/Manifests/x86_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.1.7600.16385_none_6e047166262083ba.manifest PUA.Script.ActiveX_BID43345
/media/sda1/Windows/winsxs/Manifests/x86_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.1.7601.17514_none_7035852e230f0754.manifest PUA.Script.ActiveX_BID43345
/media/sda1/Windows/winsxs/x86_avmisdnc.inf_31bf3856ad364e35_6.1.7600.16385_none_5f240ef0e2922573/avmenum.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Windows/winsxs/x86_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_ea20b9269b3c9a2c/DeviceProperties.exe Win.Trojan.Expiro-966
/media/sda1/Windows/winsxs/x86_microsoft-windows-diskcopy_31bf3856ad364e35_6.1.7600.16385_none_67875ad3f8081c3f/diskcopy.dll PUA.Win32.Packer.Exepack
/media/sda1/Program Files/Avira/AntiVir Desktop/wsctool.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/winsxs/x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7600.16385_none_6fdd72c59e1ce6aa/WerFault.exe Win.Trojan.Expiro-992
/media/sda1/Windows/winsxs/x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_720e868d9b0b6a44/WerFault.exe Win.Trojan.Expiro-992
/media/sda1/Windows/winsxs/x86_microsoft-windows-eudcedit_31bf3856ad364e35_6.1.7601.17514_none_5b9fee911dc04044/eudcedit.exe Win.Trojan.Expiro-895
/media/sda1/Windows/winsxs/x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca/explorer.exe Win.Trojan.Bamital-336
/media/sda1/Windows/winsxs/x86_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_ae8981a3b8b7be50/fastfat.sys PUA.Win32.Packer.NspackDotnetNor-1
/media/sda1/Windows/winsxs/x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_dc7b1529735a0950/iscsicli.exe Win.Trojan.Expiro-934
/media/sda1/Windows/winsxs/x86_microsoft-windows-i..l-keyboard-00020427_31bf3856ad364e35_6.1.7600.16385_none_2ffe0004a8f7d7d9/KBDLT2.DLL PUA.Win32.Packer.Starforce-1
/media/sda1/Windows/winsxs/x86_microsoft-windows-icm-dccw_31bf3856ad364e35_6.1.7600.16385_none_1ac50203efd6e328/dccw.exe Win.Trojan.Expiro-775
/media/sda1/Windows/winsxs/x86_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_175ab6276b721d6a/LocationNotifications.exe Win.Trojan.Expiro-645
/media/sda1/Windows/winsxs/x86_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7600.16385_none_ba516d0cf5a8dbbc/migwiz.exe Win.Trojan.Expiro-858
/media/sda1/Program Files/Avira/AntiVir Desktop/aerdl.dll PUA.Win32.Packer.Aspack-40
/media/sda1/Windows/winsxs/x86_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7600.16385_none_ba516d0cf5a8dbbc/PostMig.exe Win.Trojan.Expiro-769
/media/sda1/Windows/winsxs/x86_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_bc8280d4f2975f56/migwiz.exe Win.Trojan.Expiro-858
/media/sda1/Windows/winsxs/x86_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_bc8280d4f2975f56/PostMig.exe Win.Trojan.Expiro-769
/media/sda1/Windows/winsxs/x86_microsoft-windows-m..update-genuineintel_31bf3856ad364e35_6.1.7601.17514_none_bec7764d108f674f/mcupdate_GenuineIntel.dll PUA.Win32.Packer.BorlandDelphiKo
/media/sda1/Windows/winsxs/x86_microsoft-windows-m..update-genuineintel_31bf3856ad364e35_6.1.7600.16385_none_bc96628513a0e3b5/mcupdate_GenuineIntel.dll PUA.Win32.Packer.BorlandDelphiKo
/media/sda1/Windows/winsxs/x86_microsoft-windows-magnify_31bf3856ad364e35_6.1.7600.16385_none_6e042d8ffa037534/Magnify.exe Win.Trojan.Expiro-799
/media/sda1/Windows/winsxs/x86_microsoft-windows-msconfig-exe_31bf3856ad364e35_6.1.7601.17514_none_dc81a86efc02299c/msconfig.exe Win.Trojan.Expiro-654
/media/sda1/Windows/winsxs/x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.1.7600.16385_none_9db12a5d8c0f6a9e/NlsData0013.dll PUA.Win32.Packer.Pseudosigner-95
/media/sda1/Windows/winsxs/x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.1.7600.16385_none_9db12a5d8c0f6a9e/NlsLexicons0001.dll PUA.Win32.Packer.Starforce-1
/media/sda1/Windows/winsxs/x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.1.7600.16385_none_9db12a5d8c0f6a9e/NlsLexicons0007.dll PUA.Win32.Packer.Starforce-1
/media/sda1/Program Files/Citavi 3/bin/Citavi.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Windows/winsxs/x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.1.7600.16385_none_9db12a5d8c0f6a9e/NlsLexicons000a.dll PUA.Win32.Packer.Starforce-1
/media/sda1/Windows/winsxs/x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.1.7601.17514_none_9fe23e2588fdee38/NlsData0013.dll PUA.Win32.Packer.Pseudosigner-95
/media/sda1/Windows/winsxs/x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.1.7601.17514_none_9fe23e2588fdee38/NlsLexicons0001.dll PUA.Win32.Packer.Starforce-1
/media/sda1/Windows/winsxs/x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.1.7601.17514_none_9fe23e2588fdee38/NlsLexicons0007.dll PUA.Win32.Packer.Starforce-1
/media/sda1/Windows/winsxs/x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.1.7601.17514_none_9fe23e2588fdee38/NlsLexicons000a.dll PUA.Win32.Packer.Starforce-1
/media/sda1/Windows/winsxs/x86_microsoft-windows-networkprojection_31bf3856ad364e35_6.1.7600.16385_none_e39dd9555210c2c2/NetProj.exe Win.Trojan.Expiro-659
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.17725_none_5ad47c575a76f4b7/ntdll.dll PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d/debug.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d/edit.com PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d/edlin.exe PUA.Win32.Packer.Exepack
/media/sda1/Program Files/Citavi 3/bin/dbodbc.dll PUA.Win32.Packer.BorlandDelphi-14
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d/exe2bin.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d/fastopen.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d/mem.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d/nlsfunc.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d/share.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7/debug.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7/edit.com PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7/nlsfunc.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7/share.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7/exe2bin.exe PUA.Win32.Packer.Exepack
/media/sda1/Program Files/Citavi 3/bin/GdPicture.NET.pdf.gdpdfplug.dll PUA.Win32.Packer.Vip
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7/fastopen.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7/mem.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7/edlin.exe PUA.Win32.Packer.Exepack
/media/sda1/Windows/winsxs/x86_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_663d506d4f028574/OptionalFeatures.exe Win.Trojan.Expiro-619
/media/sda1/Windows/winsxs/x86_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_9e112816ff36091b/perfmon.exe Win.Trojan.Expiro-958
/media/sda1/Windows/winsxs/x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.1.7601.17514_none_f71e39745cb0f950/RMActivate_ssp_isv.exe Win.Trojan.Expiro-817
/media/sda1/Windows/winsxs/x86_microsoft-windows-s..ccessagent-binaries_31bf3856ad364e35_6.1.7600.16385_none_de06b4fbd5b45f78/autorun.inf PUA.Script.Autorun
/media/sda1/Windows/winsxs/x86_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_6.1.7600.16385_none_40d0db63344deff9/SystemPropertiesHardware.exe Win.Trojan.Expiro-996
/media/sda1/Windows/winsxs/x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.17514_none_eb5947ea4debcf36/RMActivate_isv.exe Win.Trojan.Expiro-764
/media/sda1/Windows/winsxs/x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009/SystemPropertiesRemote.exe Win.Trojan.Expiro-900
/media/sda1/Program Files/Citavi 3/bin/TdbEng60.dll PUA.Win32.Packer.Vip
/media/sda1/Windows/winsxs/x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.17514_none_48e739d311811734/rstrui.exe Win.Trojan.Expiro-631
/media/sda1/Windows/winsxs/x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.17836_none_48d3a041118f7939/rstrui.exe Win.Trojan.Expiro-631
/media/sda1/Windows/winsxs/x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43/tcpip.sys PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Windows/winsxs/x86_microsoft-windows-usermodensi_31bf3856ad364e35_6.1.7600.16385_none_7238790328c77613/nsiproxy.sys PUA.Win32.Packer.Pequake-3
/media/sda1/Windows/winsxs/x86_microsoft-windows-wusa_31bf3856ad364e35_6.1.7601.17514_none_af07fb6876def437/wusa.exe Win.Trojan.Expiro-837
/media/sda1/Windows/winsxs/x86_microsoft-windows-xmllite_31bf3856ad364e35_6.1.7600.16834_none_8946ed86047a705f/xmllite.dll PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Windows/winsxs/x86_microsoft-windows-xmllite_31bf3856ad364e35_6.1.7600.20987_none_899d7b931dbde7e3/xmllite.dll PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Windows/winsxs/x86_microsoft-windows-xmllite_31bf3856ad364e35_6.1.7601.17633_none_8b2c4a4201a1c2f4/xmllite.dll PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Windows/winsxs/x86_microsoft-windows-xmllite_31bf3856ad364e35_6.1.7601.21748_none_8bb018931ac2fd62/xmllite.dll PUA.Win32.Packer.Pseudosigner-35
/media/sda1/Windows/winsxs/x86_netfx-dfdll_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_5cd78bb510da3dfc/dfdll.dll PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Citavi 3/bin/TdbEng700.dll PUA.Win32.Packer.Vip
/media/sda1/Windows/winsxs/x86_netvg62.inf_31bf3856ad364e35_6.1.7600.16385_none_6c01577ba0762bd4/getn62.sys PUA.Win32.Packer.NspackDotnetNor-1
/media/sda1/Windows/winsxs/x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_2106a98149904819/ielowutil.exe Win.Trojan.Expiro-876
/media/sda1/Program Files/Common Files/Adobe/ARM/1.0/AdobeARMHelper.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/ASUS/ASUS WebStorage/BackupSetting.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Common Files/Adobe AIR/Versions/1.0/Adobe AIR Application Installer.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Common Files/Adobe AIR/Versions/1.0/Resources/Adobe AIR Updater.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Common Files/Adobe AIR/Versions/1.0/Resources/airappinstaller.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Common Files/Borland Shared/BDE/iddao32.dll PUA.Win32.Packer.NspackDotnetNor-1
/media/sda1/Program Files/Common Files/Borland Shared/BDE/bdeadmin.exe PUA.Win32.Packer.BorlandDelphi-13
/media/sda1/Program Files/Common Files/Borland Shared/BDE/disp.dll PUA.Win32.Packer.BorlandDelphi-13
/media/sda1/Program Files/Common Files/microsoft shared/Artgalry/CAG.EXE PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Common Files/microsoft shared/Proof/1033/MSGR2EN.DLL PUA.Win32.Packer.Pseudosigner-95
/media/sda1/Program Files/Common Files/microsoft shared/Proof/CHAPI3T1.DLL PUA.Win32.Packer.PrivateExeProte-15
/media/sda1/Program Files/Common Files/microsoft shared/Proof/CTAPI3T2.DLL PUA.Win32.Packer.PrivateExeProte-15
/media/sda1/Program Files/ASUS/ASUS WebStorage/InstallAction.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Common Files/Windows Live/.cache/4368bfbc1cbc4a2/DSETUP.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Program Files/Common Files/Windows Live/.cache/4368bfbc1cbc4a2/dsetup32.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Program Files/Common Files/Windows Live/.cache/4368bfbc1cbc4a2/dxupdate.cab PUA.Win32.Packer.Msvcpp
/media/sda1/Program Files/Edraw Mind Map/Edraw.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Edraw Mind Map/GdiPlus.dll PUA.Win32.Packer.MsVisualCpp-2
/media/sda1/Program Files/Edraw Mind Map/unins000.exe PUA.Win32.Packer.Vip
/media/sda1/Program Files/PDFCreator/GS9.04/gs9.04/Bin/gsdll32.dll PUA.Win32.Packer.Psadobefont
/media/sda1/Program Files/PDFCreator/PDFSpool.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/PDFCreator/unins000.exe PUA.Win32.Packer.Vip
/media/sda1/Program Files/Realtek/Audio/HDA/AERTSrv.exe PUA.Win32.Packer.NspackDotnetNor-1
/media/sda1/Program Files/ASUS/ASUS WebStorage/RegisterExtension.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Secunia/PSI/psia.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Secunia/PSI/sua.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Skype/Updater/Updater.exe PUA.Win32.Packer.Upx-26
/media/sda1/Program Files/TreeSize Free/TreeSizeFree.DE PUA.Win32.Packer.Pequake-3
/media/sda1/Program Files/TreeSize Free/TreeSizeFree.exe PUA.Win32.Packer.Upx-28
/media/sda1/Program Files/VideoLAN/VLC/plugins/codec/libavcodec_plugin.dll PUA.Win32.Packer.InterplaysMveFi
/media/sda1/Program Files/VideoLAN/VLC/plugins/demux/libmod_plugin.dll PUA.Win32.Packer.AsylumMusicFile
/media/sda1/Program Files/VideoLAN/VLC/plugins/demux/libvoc_plugin.dll PUA.Win32.Packer.CreativeAudioFi
/media/sda1/Program Files/VideoLAN/VLC/plugins/meta_engine/libtaglib_plugin.dll PUA.Win32.Packer.XmMusicFile
/media/sda1/Program Files/VoipDiscount/unins000.exe PUA.Win32.Packer.Vip
/media/sda1/Program Files/ASUS/ASUS WebStorage/RegisterExtension_x64.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Watermark Image/unins000.exe PUA.Win32.Packer.Vip
/media/sda1/Program Files/WordPerfect Office 12/Programs/PCDLIB32.DLL PUA.Win32.Packer.BorlandDelphi-2
/media/sda1/Program Files/WordPerfect Office 12/Programs/PFIT120.DLL PUA.Win32.Packer.CreativeAudioFi
/media/sda1/Program Files/WordPerfect Office 12/Programs/CdrAutoSense112.dll PUA.Win32.Packer.CreativeAudioFi
/media/sda1/Program Files/WordPerfect Office 12/Shared/Textart/Textart.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/ZTE Join Air/gdiplus.dll PUA.Win32.Packer.Msvcpp
/media/sda1/Program Files/ZTE Join Air/StopNetBiosService.dll PUA.Win32.Packer.BorlandCpp-9
/media/sda1/Program Files/EeePC/HotkeyService/HotKeyMon.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Foxit Software/Foxit Reader/Foxit Reader.exe PUA.Win32.Packer.Psadobefont
/media/sda1/Program Files/Foxit Software/Foxit Reader/Shell Extensions/FoxitPDFInfo.dll PUA.Win32.Packer.Psadobefont
/media/sda1/Program Files/ASUS/ASUS WebStorage/RestartExplorer.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/Foxit Software/Foxit Reader/Start/js/jquery.tabs.js PUA.Script.Packed-2
/media/sda1/Program Files/HP/HP LaserJet P1000_P1500 Series/Setup.exe PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/InstallShield Installation Information/{17780F99-A9DF-450B-81B3-6781B20A17A8}/ISSetup.dll PUA.Packed.PECompact-1
/media/sda1/Program Files/InstallShield Installation Information/{28006915-2739-4EBE-B5E8-49B25D32EB33}/ISSetup.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/InstallShield Installation Information/{3108C217-BE83-42E4-AE9E-A56A2A92E549}/ISSetup.dll PUA.Packed.PECompact-1
/media/sda1/Program Files/InstallShield Installation Information/{40FEF622-6E0F-46B6-824B-A40C178FD4CD}/ISSetup.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/InstallShield Installation Information/{4B5092B6-F231-4D18-83BC-2618B729CA45}/ISSetup.dll PUA.Packed.PECompact-1
/media/sda1/Program Files/InstallShield Installation Information/{6333FC29-BFE5-4024-AC78-958A1A7555D1}/ISSetup.dll PUA.Packed.PECompact-1
/media/sda1/Program Files/InstallShield Installation Information/{71C0E38E-09F2-4386-9977-404D4F6640CD}/ISSetup.dll PUA.Packed.PECompact-1
/media/sda1/Program Files/InstallShield Installation Information/{88F08F98-12BC-4613-81A2-8F9B88CFC73E}/ISSetup.dll PUA.Packed.PECompact-1
/media/sda1/Program Files/ASUS/ASUS WebStorage/SqliteShared.dll PUA.Win32.Packer.SetupExeSection
/media/sda1/Program Files/InstallShield Installation Information/{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}/ISSetup.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/InstallShield Installation Information/{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}/ISSetup.dll PUA.Packed.PECompact-1
/media/sda1/Program Files/IrfanView/iv_uninstall.exe PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/i_view32.exe PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Languages/Deutsch.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/8BF_Filters.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/Adobe 8BF/PopArt.8bf PUA.Win32.Packer.WatcomCCpp-1
/media/sda1/Program Files/IrfanView/Plugins/AltaLux.dll PUA.Win32.Packer.Upx-57
/media/sda1/Program Files/IrfanView/Plugins/Ansi2Unicode.dll PUA.Win32.Packer.Upx-53
/media/sda1/Program Files/IrfanView/Plugins/Awd.dll PUA.Win32.Packer.Upx-57
lg, me. |
|
14.02.2013, 12:43
| #20 |
| | GMER meldet "hidden rootkit activity" & Rechner langsam Mhm, scheint doch false-positive zu sein. Ich hab die Dateien alle bei Virustotal hochgeladen und jedes Mal war das Ergebnis 1/45, sprich es hat immer nur ClamAV angeschlagen & bei den Kommentaren stand immer, dass das reguläre Win7-Systemdateien sind. Und bis auf die beiden x86_microsoft...-Dateien (das eine scheint ein Wiederherstellungspunkt zu sein) haben die auch alle nur zwei verschiedene Änderungsdaten, die wohl das Installationsdatum des Netbooks sein dürften bzw. sogar noch früher (2010 bzw. 2009). Okay, also dann würd ich die Dateien doch wieder aus der Quarantäne holen, ja? lg, me. |
|
| Themen zu GMER meldet "hidden rootkit activity" & Rechner langsam |
| 32 bit, antivir, arbeitsspeicher voll, avira, cpu, error, failed, firefox, flash player, format, ftp, install.exe, installation, kaspersky, langsam, logfile, microsoft office starter 2010, mozilla, neu aufsetzen, ntdll.dll, ntopenkeyex, programm, realtek, registry, rootkit, rundll, scan, secunia psi, security, software, svchost.exe, udp |
Linear-Darstellung
