| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Seltsame Anwendung wollte bei Thunderbird-Setup AdministratorrechteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.04.2015, 15:43
| #1 |
 |  Seltsame Anwendung wollte bei Thunderbird-Setup Administratorrechte Servus Trojanerboard, ich befürchte es hat mich erwischt. Ich bin normalerweise sehr vorsichtig und lade nur Software auf vertrauenswürdigen Quellen wie Heise Software oder den Herstellerseiten herunter. Heute wollte ich nach langer "Rechner-Abstinenz" (habe mit Laptop gearbeitet) aus einer Laune heraus von Mozilla die aktuelle Version von Thunderbird heruntergeladen. Als ich das Setup durch einen Doppelklick startete, wollte eine Anwendung mit dem Namen (in etwa) "Windows-Hausprozess (rundil)" Administratorrechte. Das Fenster war "vertrauenswürdig" blau, der Herausgeber war verifiziert (irgendwas mit Microsoft) und in diesem Moment war der Finger schneller als das Hirn. :-( Ich habe das Setup (das sich danach normal öffnete) aus Panik sofort beendet (aber nicht gelöscht). Zwar hat Microsoft Security Essentials bei dem vollständigen Suchlauf nichts gefunden, aber ich hatte trotzdem ein ungutes Gefühl. Deswegen habe ich einen Freund aus der IT telefonisch um Hilfe gebeten. Der hat mich zu euch geschickt, um zu prüfen ob das System wirklich sauber ist. Auf dem Rechner wurde Online-Banking betrieben, das letzte Mal vor zwei Tagen. Weil weder Microsoft Security Essentials noch MBAM (die anderen Logs sind etwas kryptisch) etwas gefunden hat, habe ich diesen Zugang noch nicht bei der Bank gesperrt. Ich habe so ein externes TAN-Generator-Ding, wo man die Karte reinsteckt und eine PIN eingibt. Das sollte doch in jedem Fall sicher sein, oder? Hier die vier Logs von defogger, FRST und GMER, ich habe auch noch (auf Rat des Kollegen) MBAM in dieser Reihenfolge ausgeführt. Ich hoffe das hat nicht geschadet. Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:19 on 27/04/2015 (Thomas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015
Ran by Thomas (administrator) on THOMAS-PC on 27-04-2015 15:24:18
Running from C:\Users\Thomas\Downloads
Loaded Profiles: Thomas (Available profiles: Thomas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 83.169.184.161
FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\svd3mpjz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-27] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\svd3mpjz.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-04-27]
FF Extension: Adblock Edge - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\svd3mpjz.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-04-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-27 15:23 - 2015-04-27 15:24 - 00004863 _____ () C:\Users\Thomas\Downloads\FRST.txt
2015-04-27 15:19 - 2015-04-27 15:24 - 00000000 ____D () C:\FRST
2015-04-27 15:19 - 2015-04-27 15:19 - 00000474 _____ () C:\Users\Thomas\Downloads\defogger_disable.log
2015-04-27 15:19 - 2015-04-27 15:19 - 00000000 _____ () C:\Users\Thomas\defogger_reenable
2015-04-27 15:18 - 2015-04-27 15:18 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-27 15:18 - 2015-04-27 15:18 - 00602112 _____ (OldTimer Tools) C:\Users\Thomas\Downloads\OTL.exe
2015-04-27 15:17 - 2015-04-27 15:17 - 02100736 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2015-04-27 15:17 - 2015-04-27 15:17 - 00050477 _____ () C:\Users\Thomas\Downloads\Defogger.exe
2015-04-27 15:16 - 2015-04-27 15:16 - 00380416 _____ () C:\Users\Thomas\Downloads\yed4cxii.exe
2015-04-27 12:40 - 2015-04-27 12:40 - 28745120 _____ (Mozilla) C:\Users\Thomas\Downloads\Thunderbird Setup 31.6.0.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-27 15:12 - 2009-07-14 06:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-27 15:12 - 2009-07-14 06:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-27 15:09 - 2011-04-12 09:43 - 00643628 _____ () C:\Windows\system32\perfh007.dat
2015-04-27 15:09 - 2011-04-12 09:43 - 00126188 _____ () C:\Windows\system32\perfc007.dat
2015-04-27 15:09 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-27 10:46
==================== End Of Log ============================
--- --- --- --- --- --- FRST Additional: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015
Ran by Thomas at 2015-04-27 15:24:41
Running from C:\Users\Thomas\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2253816567-2930413787-4049114413-500 - Administrator - Disabled)
Gast (S-1-5-21-2253816567-2930413787-4049114413-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2253816567-2930413787-4049114413-1002 - Limited - Enabled)
Thomas (S-1-5-21-2253816567-2930413787-4049114413-1000 - Administrator - Enabled) => C:\Users\Thomas
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
27-04-2015 12:06:55 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0E2DACE6-91A8-407A-B987-1D8BA2DF6A10} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {D6125483-61EA-4217-9C7D-5210D18FEA78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2015-04-27 15:02 - 2015-04-27 15:02 - 00514711 _____ () C:\Windows\System32\sakuya64.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2253816567-2930413787-4049114413-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 83.169.184.161
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{0AC118EF-43B9-400F-9FAC-16F00AE1BD50}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B83D6681-0807-43DF-AC3B-E3DC3DBC185B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/27/2015 03:24:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mod_frst.exe, Version: 3.3.12.0, Zeitstempel: 0x54dfeaf2
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00080229
ID des fehlerhaften Prozesses: 0x9e4
Startzeit der fehlerhaften Anwendung: 0xmod_frst.exe0
Pfad der fehlerhaften Anwendung: mod_frst.exe1
Pfad des fehlerhaften Moduls: mod_frst.exe2
Berichtskennung: mod_frst.exe3
Error: (04/27/2015 03:10:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ac
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00080229
ID des fehlerhaften Prozesses: 0x7fc
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (04/27/2015 03:06:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/27/2015 02:57:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/27/2015 02:48:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (04/27/2015 00:12:30 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Microsoft Office Sessions:
=========================
Error: (04/27/2015 03:24:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mod_frst.exe3.3.12.054dfeaf2unknown0.0.0.000000000c0000005000802299e401d080ed85acc437C:\Windows\mod_frst.exeunknownc3784ea3-ece0-11e4-a794-08002710536d
Error: (04/27/2015 03:10:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe37.0.2.5583552ee9acunknown0.0.0.000000000c0000005000802297fc01d080eb7e79afd7C:\Program Files (x86)\Mozilla Firefox\firefox.exeunknownbd7d8e51-ecde-11e4-a794-08002710536d
Error: (04/27/2015 03:06:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/27/2015 02:57:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/27/2015 02:48:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 970 @ 3.20GHz
Percentage of memory in use: 29%
Total physical RAM: 4095.55 MB
Available physical RAM: 2892.63 MB
Total Pagefile: 8189.31 MB
Available Pagefile: 6994.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.9 GB) (Free:102.61 GB) NTFS
Drive d: () (CDROM) (Total:0 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 120 GB) (Disk ID: 4D8E3977)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-27 15:43:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD10EZEX-00BN5AO rev.01.01A01 120,00GB
Running: yed4cxii.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\uwdiipoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\explorer.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformation 0000000076d41670 8 bytes JMP 0000000166d42bdf
.text C:\Windows\explorer.exe[2452] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076bf1bb0 5 bytes JMP 0000000166d42a22
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\slui.exe [2360:2632] 0000000000060210
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.04.2015 Suchlauf-Zeit: 15:51:36 Logdatei: MBAM.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.04.27.02 Rootkit Datenbank: v2015.04.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Thomas Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 321054 Verstrichene Zeit: 4 Min, 45 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Viele, viele Grüße Thomas Geändert von ThoWag (27.04.2015 um 16:21 Uhr) Grund: Typo |
| Themen zu Seltsame Anwendung wollte bei Thunderbird-Setup Administratorrechte |
| .dll, administratorrechte, adware, browser, cpu, defender, desktop, explorer, firefox, flash player, harddisk, home, karte, microsoft, mozilla, prüfen, registry, scan, schutz, security, services.exe, software, svchost.exe, system, winlogon.exe |
Baum-Darstellung