| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "System Check" ScarewareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.03.2012, 21:21
| #1 |
 |  "System Check" Scareware Hi, bei mir auf dem PC ist eine Malware aufgetaucht, die vortäuscht irgendwelche Systemfehler entdeckt zu haben. Das Programm trägt als Icon das Windows-Logo. Außerdem wurden alle Dateien versteckt und auch im Startmenü sind keine Einträge mehr vorhanden. Vielen Dank. Defogger-Log anhängend. DDS.TXT [QUOTE].DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by Chabo at 21:23:34 on 2012-03-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4095.2292 [GMT 1:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
D:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\qnXjXprRiiiIx.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\SysWOW64\attrib.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\uI0gW8E7TvSuIf.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\attrib.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\attrib.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\attrib.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: af0.Adblock.BHO: {90eff544-3981-4d46-85c9-c0361d0931d6} - mscoree.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [<NO NAME>]
uRun: [qnXjXprRiiiIx.exe] C:\ProgramData\qnXjXprRiiiIx.exe
mRun: [<NO NAME>]
mRun: [VirtualCloneDrive] "D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [NBAgent] "D:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [LogMeIn Hamachi Ui] "D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: An OneNote s&enden - D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{116CDEAC-79FA-4395-8CA1-958E8F1B396B} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{90EFF544-3981-4d46-85C9-C0361D0931D6}
{AE7CD045-E861-484f-8273-0445EE161910}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
mRun-x64: [(Standard)]
mRun-x64: [VirtualCloneDrive] "D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [NBAgent] "D:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [LogMeIn Hamachi Ui] "D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chabo\AppData\Roaming\Mozilla\Firefox\Profiles\a93fmfxi.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - www.google.de
FF - component: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Chabo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 RRNetCapMP;RRNetCapMP;C:\Windows\system32\DRIVERS\rrnetcap.sys --> C:\Windows\system32\DRIVERS\rrnetcap.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;D:\Program Files\Sandboxie\SbieDrv.sys [2011-10-12 157824]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MRV6X64P;Vista 64-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13C.sys --> C:\Windows\system32\DRIVERS\MRVW13C.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RRNetCap;RRNetCap Service;C:\Windows\system32\DRIVERS\rrnetcap.sys --> C:\Windows\system32\DRIVERS\rrnetcap.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
.
=============== Created Last 30 ================
.
2012-03-20 18:58:22 351232 ---ha-w- C:\ProgramData\uI0gW8E7TvSuIf.exe
2012-03-20 18:55:55 449024 ---ha-w- C:\ProgramData\qnXjXprRiiiIx.exe
2012-03-20 18:52:06 -------- d--h--w- C:\Users\Chabo\AppData\Local\{1B3A7341-7EE3-4BC8-BC37-183466B49C2E}
2012-03-20 18:51:54 -------- d--h--w- C:\Users\Chabo\AppData\Local\{2A62E79C-A66C-4EC4-9FBB-96EEADC26FFD}
2012-03-20 08:58:31 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{889C1C1D-911E-4781-8E08-BA0BBCB1D26D}\mpengine.dll
2012-03-19 17:34:15 -------- d-----w- C:\Windows\Downloaded Installations
2012-03-18 10:13:12 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 10:13:12 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-17 15:23:32 -------- d--h--w- C:\Users\Chabo\AppData\Local\{678973AB-D17D-496C-BDD8-498515012963}
2012-03-17 15:23:07 -------- d--h--w- C:\Users\Chabo\AppData\Local\{09962BB8-3FBE-4086-8D9F-53ED0AC2089F}
2012-03-17 00:45:06 -------- d--h--w- C:\Users\Chabo\AppData\Local\{3BBD908A-4A03-46B1-8573-1EED1246B291}
2012-03-17 00:44:53 -------- d--h--w- C:\Users\Chabo\AppData\Local\{DD537BC4-ED0A-44CA-A8C9-58F83BFC972A}
2012-03-14 19:41:57 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 19:41:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 19:41:54 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 17:48:02 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 17:48:01 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 17:48:00 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 13:54:36 -------- d--h--w- C:\Users\Chabo\AppData\Local\{694A99CC-FC8E-4E19-B403-B0A0478B7A52}
2012-03-14 13:54:13 -------- d--h--w- C:\Users\Chabo\AppData\Local\{BD34228B-F240-4A4A-8334-4EC76656A790}
2012-03-14 09:44:43 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 09:44:43 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 09:44:43 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 09:44:42 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 09:44:42 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 09:44:42 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 09:44:42 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-14 09:44:42 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 11:46:32 -------- d--h--w- C:\Users\Chabo\AppData\Local\{9398D879-BE63-467F-819F-8A6D23875905}
2012-03-13 11:46:19 -------- d--h--w- C:\Users\Chabo\AppData\Local\{F7AE2E68-F067-4006-ABE5-43581AE269CF}
2012-03-12 13:28:32 -------- d--h--w- C:\Users\Chabo\AppData\Local\{E6F74557-8322-4C15-BF65-CFDC1D52BEDE}
2012-03-12 13:28:09 -------- d--h--w- C:\Users\Chabo\AppData\Local\{A222C0C1-8D6E-4644-8205-9B88C8C2247B}
2012-03-11 20:08:44 -------- d--h--w- C:\Users\Chabo\AppData\Local\{91B6E79B-B1E6-4D60-ACB3-90BD98143BE9}
2012-03-11 20:08:24 -------- d--h--w- C:\Users\Chabo\AppData\Local\{6A40366E-D467-47D4-BCDE-FEEE4137DC84}
2012-03-10 10:07:43 -------- d--h--w- C:\Users\Chabo\AppData\Roaming\Avira
2012-03-10 10:02:11 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-03-10 10:02:11 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-03-10 10:02:08 -------- d--h--w- C:\ProgramData\Avira
2012-03-10 10:02:08 -------- d-----w- C:\Program Files (x86)\Avira
2012-03-09 14:16:12 -------- d--h--w- C:\Users\Chabo\AppData\Local\{A84CC915-B46B-475E-AAF7-11EE93E56B57}
2012-03-09 14:15:50 -------- d--h--w- C:\Users\Chabo\AppData\Local\{FDD1E28E-2A21-4EB3-9EEA-9A5F2053328F}
2012-03-06 17:19:24 -------- d--h--w- C:\Users\Chabo\AppData\Local\{BF692B35-41FB-4C73-8902-6D65259008EA}
2012-03-06 17:19:12 -------- d--h--w- C:\Users\Chabo\AppData\Local\{7224523A-E31C-44DC-85AC-F6FCB7550CB5}
2012-03-05 20:35:00 -------- d--h--w- C:\Users\Chabo\AppData\Local\{B0A5C255-E0DF-49B2-A643-4C2B47F3533D}
2012-03-05 20:34:35 -------- d--h--w- C:\Users\Chabo\AppData\Local\{0CE09B80-A142-4E8A-8472-A09A3BDC724A}
2012-03-05 13:49:55 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-03-05 13:15:36 -------- d--h--w- C:\AMD
2012-03-04 18:40:51 -------- d--h--w- C:\Users\Chabo\AppData\Roaming\WindSolutions
2012-03-04 18:40:51 -------- d--h--w- C:\ProgramData\WindSolutions
2012-03-01 19:27:10 -------- d--h--w- C:\Users\Chabo\AppData\Local\{2C74BF28-B156-440B-9CCD-9F0CFF4A0A9D}
2012-03-01 19:26:48 -------- d--h--w- C:\Users\Chabo\AppData\Local\{FDB8481E-924D-4286-95C9-73349E94C312}
2012-02-28 20:13:26 -------- d--h--w- C:\Users\Chabo\AppData\Local\{7449EB8B-DE1E-4813-9FEE-17D7C285182B}
2012-02-28 20:13:03 -------- d--h--w- C:\Users\Chabo\AppData\Local\{9AA04151-A706-4661-9FCC-748D997E1933}
2012-02-27 12:55:45 -------- d--h--w- C:\Users\Chabo\AppData\Local\{1AD406D1-907C-42DC-B205-D9A2033D3439}
2012-02-27 12:55:32 -------- d--h--w- C:\Users\Chabo\AppData\Local\{38998060-7467-4769-9789-E771EE44E08F}
2012-02-26 11:01:17 -------- d--h--w- C:\Users\Chabo\AppData\Local\{372586EC-094D-43B0-A300-5F77EA5B00A0}
2012-02-26 11:01:05 -------- d--h--w- C:\Users\Chabo\AppData\Local\{DBCD3677-7186-4055-B8FD-A99A52E34E92}
2012-02-25 11:10:56 -------- d--h--w- C:\Users\Chabo\AppData\Local\{6934F84E-F727-41D0-AA7E-5299107CCDCE}
2012-02-25 11:10:35 -------- d--h--w- C:\Users\Chabo\AppData\Local\{D05B04C5-8117-4ED5-9EE9-7C14A3E373D2}
2012-02-24 14:29:23 -------- d--h--w- C:\Users\Chabo\AppData\Local\{ABEF8F78-8887-4177-8876-830517D9EEA4}
2012-02-24 14:29:10 -------- d--h--w- C:\Users\Chabo\AppData\Local\{601821B3-60C3-4978-8EFD-50153F570243}
2012-02-23 19:09:36 -------- d--h--w- C:\Users\Chabo\AppData\Local\{7C8AA72A-8571-475E-9434-2AEBFA725192}
2012-02-23 19:09:15 -------- d--h--w- C:\Users\Chabo\AppData\Local\{7E15F18A-E9EC-4107-84C3-C4483F2D3F05}
2012-02-22 23:20:46 327432 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSA\9.0\VsaEnv\vsaenv.exe
2012-02-22 11:56:51 -------- d--h--w- C:\Users\Chabo\AppData\Local\{EEBE5EFF-C9CE-41AC-9339-0BFD235B9EE3}
2012-02-22 11:56:27 -------- d--h--w- C:\Users\Chabo\AppData\Local\{3B6F179A-F07E-4804-A9BE-2ACC76859133}
2012-02-21 12:11:01 -------- d--h--w- C:\Users\Chabo\AppData\Local\{3F2C5EBC-2224-44D7-967B-E7632D3B00B4}
2012-02-21 12:10:44 -------- d--h--w- C:\Users\Chabo\AppData\Local\{2F7BF280-08E7-4558-B233-63D04C38D13D}
2012-02-20 20:02:40 -------- d--h--w- C:\Users\Chabo\AppData\Local\{333019DF-9271-435A-B6ED-4EF67C087125}
2012-02-20 20:02:11 -------- d--h--w- C:\Users\Chabo\AppData\Local\{63FC3816-9D1E-4CFB-8416-FB04E8A65C80}
.
==================== Find3M ====================
.
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-21 09:42:57 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 21:31:04,09 ===============
Geändert von t-rexx (20.03.2012 um 21:36 Uhr) |
| Themen zu "System Check" Scareware |
| anhänge, aufgetaucht, check, dateien, dateien versteckt, device driver, document, einträge, entdeck, entdeckt, google earth, hotspot, hotspot shield, hänge, icon, malware, plug-in, programm, scareware, startmenü, system, system check, systemfehler, träge, trägt, versteckt, virtualbox |
Baum-Darstellung