Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner Yontoo html/expkit.gen3

Trojaner Yontoo html/expkit.gen3


Log-Analyse und Auswertung: Trojaner Yontoo html/expkit.gen3

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 22.03.2013, 19:22   #3
vanessawa
 
Trojaner Yontoo html/expkit.gen3 - Standard

Trojaner Yontoo html/expkit.gen3


Vielen Dank für deine schnelle Hilfe.

Schritt 1 : Habe alle Programme deinstalliert, die auf der Liste standen. (Allerdings habe ich nun kein Antivirus-Programm)

Schritt 2: LOG AdwCleaner

Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 22/03/2013 um 19:11:15 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Vanessa - VANESSA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Vanessa\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\igfvk60f.default\prefs.js

C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\igfvk60f.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [835 octets] - [22/03/2013 19:11:15]

########## EOF - C:\AdwCleaner[S1].txt - [894 octets] ##########
Schritt 3: Habe mit TFC alle Temp.Dateien gelöscht. Dazu gab es keine Logs.

Schritt 4: LOG DDS+

DDS

DDS Logfile:
DDS Logfile:
Code:
ATTFilter
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16521
Run by Vanessa at 19:15:32 on 2013-03-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.12270.10578 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{57CBE84E-95BE-4789-82B8-6D1E8882D70F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C4641DD4-0E76-4AFA-B98C-973714B92841} : DHCPNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\igfvk60f.default\
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-03-21 18:01; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\igfvk60f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-3-23 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-3-23 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-3-23 62584]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-23 13336]
R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2010-9-15 34304]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-3-23 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-23 378472]
R2 XTUService;Intel(R) Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-3-19 54784]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-7 77696]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-18 26136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-19 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-19 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-19 30208]
S3 WSDScan;WSD-Scanunterstützung durch UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-03-21 20:42:15	--------	d-----w-	C:\ProgramData\Canon IJ Network Tool
2013-03-21 20:42:15	--------	d-----w-	C:\Program Files (x86)\Canon
2013-03-21 20:42:13	303104	----a-w-	C:\Windows\SysWow64\CNC560L.dll
2013-03-21 20:42:13	15872	----a-w-	C:\Windows\SysWow64\CNHMCA.dll
2013-03-21 20:42:13	106496	----a-w-	C:\Windows\SysWow64\CNC560U.dll
2013-03-21 20:41:46	39424	----a-w-	C:\Windows\System32\CNMN6UI.DLL
2013-03-21 20:41:46	366592	----a-w-	C:\Windows\SysWow64\CNMNPPM.DLL
2013-03-21 20:41:46	359936	----a-w-	C:\Windows\System32\CNMN6PPM.DLL
2013-03-21 20:41:46	--------	d-----w-	C:\Windows\System32\STRING
2013-03-21 20:41:29	83968	----a-w-	C:\Windows\System32\Spool\prtprocs\x64\CNMPPA0.DLL
2013-03-21 20:41:29	28672	----a-w-	C:\Windows\System32\Spool\prtprocs\x64\CNMPDA0.DLL
2013-03-21 20:41:07	336896	----a-w-	C:\Windows\System32\CNMLMA0.DLL
2013-03-21 20:41:05	244736	----a-w-	C:\Windows\System32\CNMIUA0.DLL
2013-03-21 18:12:34	--------	d-----w-	C:\Users\Vanessa\AppData\Local\{3906C75A-D971-4EBC-810D-9CE3C3994477}
2013-03-21 16:52:07	--------	d-----w-	C:\Users\Vanessa\AppData\Roaming\Malwarebytes
2013-03-21 16:51:51	--------	d-----w-	C:\ProgramData\Malwarebytes
2013-03-21 16:49:19	--------	d-----w-	C:\Users\Vanessa\AppData\Roaming\TuneUp Software
2013-03-21 16:49:06	--------	d-----w-	C:\ProgramData\TuneUp Software
2013-03-21 16:19:38	--------	d-sh--w-	C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-03-21 16:19:38	--------	d--h--w-	C:\ProgramData\Common Files
2013-03-20 21:49:02	68616	----a-w-	C:\Windows\SysWow64\XAPOFX1_1.dll
2013-03-20 21:49:02	509448	----a-w-	C:\Windows\SysWow64\XAudio2_2.dll
2013-03-20 21:49:02	467984	----a-w-	C:\Windows\SysWow64\d3dx10_39.dll
2013-03-20 21:49:02	3851784	----a-w-	C:\Windows\SysWow64\D3DX9_39.dll
2013-03-20 21:49:02	1493528	----a-w-	C:\Windows\SysWow64\D3DCompiler_39.dll
2013-03-20 21:45:34	--------	d-----w-	C:\Program Files (x86)\Riot Games
2013-03-20 20:12:45	--------	d-----w-	C:\Users\Vanessa\AppData\Local\PMB Files
2013-03-20 20:12:44	--------	d-----w-	C:\ProgramData\PMB Files
2013-03-20 20:12:38	--------	d-----w-	C:\Program Files (x86)\Pando Networks
2013-03-20 20:12:27	--------	d-----w-	C:\Users\Vanessa\.swt
2013-03-20 18:30:00	--------	d-----w-	C:\Users\Vanessa\AppData\Local\Macromedia
2013-03-20 18:00:38	73432	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-20 18:00:38	693976	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-20 17:27:45	--------	d-----w-	C:\ProgramData\Spybot - Search & Destroy
2013-03-20 17:27:36	--------	d-----w-	C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-03-20 17:27:31	--------	d-----w-	C:\Users\Vanessa\AppData\Local\Programs
2013-03-20 17:20:02	--------	d-----w-	C:\Users\Vanessa\AppData\Local\Cyberlink
2013-03-20 17:19:55	--------	d-----w-	C:\Users\Vanessa\AppData\Roaming\PowerCinema
2013-03-20 17:18:39	--------	d-----w-	C:\Program Files (x86)\Guild Wars 2
2013-03-20 17:05:46	--------	d-----w-	C:\Users\Vanessa\AppData\Local\{BF77CF68-5E4C-4267-A61E-C023C325D754}
2013-03-20 17:04:55	--------	d-----w-	C:\Users\Vanessa\AppData\Roaming\Windows Live Writer
2013-03-20 17:04:55	--------	d-----w-	C:\Users\Vanessa\AppData\Local\Windows Live Writer
2013-03-20 17:03:51	--------	d-----w-	C:\Users\Vanessa\AppData\Roaming\TS3Client
2013-03-20 17:03:04	--------	d-----w-	C:\Program Files\TeamSpeak 3 Client
2013-03-20 04:07:16	--------	d-----w-	C:\Windows\de-DE
2013-03-20 04:07:15	--------	d-----w-	C:\Windows\SysWow64\XPSViewer
2013-03-20 04:07:15	--------	d-----w-	C:\Windows\SysWow64\wbem\de-DE
2013-03-20 04:07:15	--------	d-----w-	C:\Windows\SysWow64\drivers\UMDF\de-DE
2013-03-20 04:07:15	--------	d-----w-	C:\Windows\SysWow64\drivers\de-DE
2013-03-20 04:07:15	--------	d-----w-	C:\Windows\SysWow64\de
2013-03-20 04:07:15	--------	d-----w-	C:\Windows\SysWow64\0407
2013-03-20 04:07:14	--------	d-----w-	C:\Windows\System32\drivers\UMDF\de-DE
2013-03-20 04:07:14	--------	d-----w-	C:\Windows\System32\drivers\de-DE
2013-03-20 04:07:14	--------	d-----w-	C:\Windows\System32\0407
2013-03-20 04:07:13	--------	d-----w-	C:\Windows\System32\wbem\de-DE
2013-03-20 04:07:13	--------	d-----w-	C:\Windows\System32\de
2013-03-20 04:07:02	2048	----a-w-	C:\Windows\System32\drivers\de-DE\usbrpm.sys.mui
2013-03-20 04:04:33	--------	d-----w-	C:\Windows\NAPP_Dism_Log
2013-03-19 23:03:53	--------	d-----w-	C:\Program Files (x86)\MSXML 4.0
2013-03-19 22:55:31	458712	----a-w-	C:\Windows\System32\drivers\cng.sys
2013-03-19 22:55:31	340992	----a-w-	C:\Windows\System32\schannel.dll
2013-03-19 22:55:31	247808	----a-w-	C:\Windows\SysWow64\schannel.dll
2013-03-19 22:55:30	96768	----a-w-	C:\Windows\SysWow64\sspicli.dll
2013-03-19 22:55:30	22016	----a-w-	C:\Windows\SysWow64\secur32.dll
2013-03-19 22:55:30	154480	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2013-03-19 22:55:30	1448448	----a-w-	C:\Windows\System32\lsasrv.dll
2013-03-19 22:55:28	514560	----a-w-	C:\Windows\SysWow64\qdvd.dll
2013-03-19 22:55:27	366592	----a-w-	C:\Windows\System32\qdvd.dll
2013-03-19 22:45:42	9728	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-19 22:43:38	19968	----a-w-	C:\Windows\System32\drivers\usb8023.sys
2013-03-19 22:36:31	--------	d-----w-	C:\ProgramData\clear.fi
2013-03-19 22:32:42	--------	d-----w-	C:\Windows\SysWow64\wbem\en-US
2013-03-19 22:32:41	--------	d-----w-	C:\Windows\System32\wbem\en-US
2013-03-19 22:30:27	--------	d-----w-	C:\ProgramData\Blizzard Entertainment
2013-03-19 22:30:27	--------	d-----w-	C:\Program Files (x86)\World of Warcraft
2013-03-19 22:30:27	--------	d-----w-	C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-03-19 22:29:42	--------	d-----w-	C:\ProgramData\Battle.net
2013-03-19 22:19:58	9728	----a-w-	C:\Windows\System32\Wdfres.dll
2013-03-19 22:19:58	785512	----a-w-	C:\Windows\System32\drivers\Wdf01000.sys
2013-03-19 22:19:58	54376	----a-w-	C:\Windows\System32\drivers\WdfLdr.sys
2013-03-19 22:19:58	2560	----a-w-	C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
2013-03-19 22:16:19	294912	----a-w-	C:\Windows\System32\browserchoice.exe
2013-03-19 22:13:09	70656	----a-w-	C:\Windows\SysWow64\fontsub.dll
2013-03-19 22:13:09	46080	----a-w-	C:\Windows\System32\atmlib.dll
2013-03-19 22:13:09	367616	----a-w-	C:\Windows\System32\atmfd.dll
2013-03-19 22:13:09	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2013-03-19 22:13:09	295424	----a-w-	C:\Windows\SysWow64\atmfd.dll
2013-03-19 22:13:09	100864	----a-w-	C:\Windows\System32\fontsub.dll
2013-03-19 22:12:50	87040	----a-w-	C:\Windows\System32\drivers\WUDFPf.sys
2013-03-19 22:12:50	84992	----a-w-	C:\Windows\System32\WUDFSvc.dll
2013-03-19 22:12:50	744448	----a-w-	C:\Windows\System32\WUDFx.dll
2013-03-19 22:12:50	45056	----a-w-	C:\Windows\System32\WUDFCoinstaller.dll
2013-03-19 22:12:50	229888	----a-w-	C:\Windows\System32\WUDFHost.exe
2013-03-19 22:12:50	198656	----a-w-	C:\Windows\System32\drivers\WUDFRd.sys
2013-03-19 22:12:50	194048	----a-w-	C:\Windows\System32\WUDFPlatform.dll
2013-03-19 22:12:04	81408	----a-w-	C:\Windows\System32\imagehlp.dll
2013-03-19 22:12:04	23408	----a-w-	C:\Windows\System32\drivers\fs_rec.sys
2013-03-19 22:12:04	159232	----a-w-	C:\Windows\SysWow64\imagehlp.dll
2013-03-19 22:12:03	5120	----a-w-	C:\Windows\SysWow64\wmi.dll
2013-03-19 22:12:03	5120	----a-w-	C:\Windows\System32\wmi.dll
2013-03-19 22:09:56	2002432	----a-w-	C:\Windows\System32\msxml6.dll
2013-03-19 22:08:58	307200	----a-w-	C:\Windows\System32\ncrypt.dll
2013-03-19 22:06:39	424448	----a-w-	C:\Windows\System32\KernelBase.dll
2013-03-19 22:05:32	1659760	----a-w-	C:\Windows\System32\drivers\ntfs.sys
2013-03-19 22:04:47	314880	----a-w-	C:\Windows\SysWow64\webio.dll
2013-03-19 22:03:34	3216384	----a-w-	C:\Windows\System32\msi.dll
2013-03-19 22:03:34	2342400	----a-w-	C:\Windows\SysWow64\msi.dll
2013-03-19 22:03:33	715776	----a-w-	C:\Windows\System32\kerberos.dll
2013-03-19 22:03:33	542208	----a-w-	C:\Windows\SysWow64\kerberos.dll
2013-03-19 22:03:32	75120	----a-w-	C:\Windows\System32\drivers\partmgr.sys
2013-03-19 22:03:31	68608	----a-w-	C:\Windows\System32\taskhost.exe
2013-03-19 22:03:30	95744	----a-w-	C:\Windows\System32\synceng.dll
2013-03-19 22:03:30	78336	----a-w-	C:\Windows\SysWow64\synceng.dll
2013-03-19 22:01:54	936960	----a-w-	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-03-19 21:59:28	77312	----a-w-	C:\Windows\System32\packager.dll
2013-03-19 21:59:28	67072	----a-w-	C:\Windows\SysWow64\packager.dll
2013-03-19 21:58:21	826880	----a-w-	C:\Windows\SysWow64\rdpcore.dll
2013-03-19 21:58:21	23552	----a-w-	C:\Windows\System32\drivers\tdtcp.sys
2013-03-19 21:58:21	1031680	----a-w-	C:\Windows\System32\rdpcore.dll
2013-03-19 21:52:36	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2013-03-19 21:52:29	99840	----a-w-	C:\Windows\System32\wudriver.dll
2013-03-19 21:52:23	36864	----a-w-	C:\Windows\System32\wuapp.exe
2013-03-19 21:52:23	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2013-03-19 20:02:02	--------	d-----w-	C:\Users\Vanessa\AppData\Roaming\Intel Corporation
2013-03-19 20:02:01	--------	d-----w-	C:\Users\Vanessa\AppData\Roaming\OEM
2013-03-19 20:02:01	--------	d-----w-	C:\Users\Vanessa\AppData\Local\EgisTec IPS
2013-03-19 19:59:55	--------	d-sh--we	C:\Programme
2013-03-19 19:59:55	--------	d-sh--we	C:\ProgramData\Vorlagen
2013-03-19 19:59:55	--------	d-sh--we	C:\ProgramData\Startmenü
2013-03-19 19:59:55	--------	d-sh--we	C:\ProgramData\Favoriten
2013-03-19 19:59:55	--------	d-sh--we	C:\ProgramData\Dokumente
2013-03-19 19:59:55	--------	d-sh--we	C:\ProgramData\Anwendungsdaten
2013-03-19 19:59:55	--------	d-sh--we	C:\Program Files\Gemeinsame Dateien
2013-03-19 19:59:55	--------	d-sh--we	C:\Dokumente und Einstellungen
2013-03-19 19:59:55	--------	d-sh--w-	C:\Recovery
2013-03-19 19:37:00	--------	d-----w-	C:\Windows\SysWow64\x64
2013-03-19 19:36:59	970752	----a-w-	C:\Windows\SysWow64\ismbun.exe
2013-03-19 19:36:56	--------	d-----w-	C:\Program Files (x86)\Common Files\Intel
2013-03-19 19:25:15	8192	----a-w-	C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-03-19 19:20:03	--------	d-----w-	C:\Program Files (x86)\Etron Technology
2013-03-19 19:19:57	--------	d-----w-	C:\ProgramData\EgisTec
2013-03-19 19:19:53	--------	d---a-w-	C:\book
2013-03-19 19:19:37	54784	----a-w-	C:\Windows\System32\drivers\EtronHub3.sys
2013-03-19 19:17:02	--------	d-----w-	C:\Program Files (x86)\NVIDIA Corporation
.
==================== Find3M  ====================
.
2013-03-20 04:06:49	2560	----a-w-	C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2013-03-20 04:06:41	5632	----a-w-	C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2013-03-20 04:06:41	2560	----a-w-	C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2013-03-20 04:06:36	51712	----a-w-	C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2013-03-20 04:06:35	29696	----a-w-	C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui
2013-03-20 04:06:35	16896	----a-w-	C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui
2013-03-19 22:45:42	9728	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-18 08:22:18	31080	----a-w-	C:\Windows\System32\nvhdap64.dll
2013-02-18 08:22:18	1472360	----a-w-	C:\Windows\System32\nvhdagenco6420103.dll
2013-02-18 08:22:16	189288	----a-w-	C:\Windows\System32\drivers\nvhda64v.sys
2013-02-12 05:45:24	135168	----a-w-	C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22	350208	----a-w-	C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22	308736	----a-w-	C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22	111104	----a-w-	C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31	474112	----a-w-	C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26	2176512	----a-w-	C:\Windows\apppatch\AcGenral.dll
2013-01-05 05:53:43	5553512	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15	3967848	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11	3913064	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09	215040	----a-w-	C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21	44032	----a-w-	C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48	3153408	----a-w-	C:\Windows\System32\win32k.sys
2013-01-04 02:47:35	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34	2048	----a-w-	C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54	1913192	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42	288088	----a-w-	C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 19:16:03,74 ===============
--- --- ---

--- --- ---


Attach

Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume3
Install Date: 19.03.2013 20:59:57
System Uptime: 22.03.2013 19:12:14 (0 hours ago)
.
Motherboard: Acer |  | Predator G5910
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | CPU 1 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 300 GiB total, 211,679 GiB free.
D: is FIXED (NTFS) - 60 GiB total, 59,535 GiB free.
E: is FIXED (NTFS) - 617 GiB total, 614,78 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is FIXED (FAT32) - 466 GiB total, 48,686 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP12: 20.03.2013 22:45:39 - Installiert League of Legends
RP13: 21.03.2013 17:15:50 - Windows Update
RP14: 21.03.2013 17:46:19 - Windows Update
RP15: 21.03.2013 17:49:06 - TuneUp Utilities 2013 wird installiert
RP17: 21.03.2013 21:09:31 - TuneUp Utilities 2013 wird entfernt
RP18: 21.03.2013 21:10:00 - TuneUp Utilities Language Pack (de-DE) wird entfernt
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1 MUI
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
clear.fi
clear.fi Client
D3DX10
Etron USB3.0 Host Controller
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galeria fotogràfica del Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Guild Wars 2
Hotkey Utility
Identity Card
Intel Extreme Tuning Utility 2.1.408.41
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) SMBus
Intel® Watchdog Timer Driver (Intel® WDT)
Junk Mail filter update
League of Legends
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 19.0.2 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NVIDIA Grafiktreiber 267.85
NVIDIA HD-Audiotreiber 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 267.85
Pando Media Booster
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Shared C Run-time for x64
Shredder
TeamSpeak 3 Client
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Welcome Center
Windows Live
Windows Live ???
Windows Live ????
Windows Live Argazki Galeria
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
World of Warcraft
.
==== End Of File ===========================
__________________
 

Themen zu Trojaner Yontoo html/expkit.gen3
administrator, anti-malware, autostart, avira, code, dateien, explorer, folge, html/expkit.gen3, infiziert, install.exe, internet, internet explorer, internetseite, league of legends, malwarebytes, mcafee, msiinstaller, namen, neu, programme, recovery, richtlinie, safer networking, seiten, setup, spielen, suche, system, system neu, treiber, trojaner, trojaner-board, virus


« Ads not by this site - Werbung | TR\ATRAPS.GEN2 u. weiere »


Ähnliche Themen: Trojaner Yontoo html/expkit.gen3


  1. Windows 7: Verschiedene Virenmeldungen: ADWARE/FDealPly.I - HTML/FCrypted.Gen - HTML/FExpKit.Gen3
    Log-Analyse und Auswertung - 26.04.2015 (11)
  2. HTML/Infected.WebPage.Gen3 und Rechner langsam
    Plagegeister aller Art und deren Bekämpfung - 25.11.2014 (12)
  3. HTML/ExpKit.Gen3 aber Avira zeigt mir das immer nur Abends an
    Plagegeister aller Art und deren Bekämpfung - 23.11.2014 (11)
  4. Antivir HTML/RCE.Gen3 entdeckt. Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 28.09.2014 (11)
  5. TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3
    Log-Analyse und Auswertung - 14.06.2014 (13)
  6. Win 7: Problem mit HTML/ExpKit.Gen3
    Log-Analyse und Auswertung - 19.02.2014 (9)
  7. Win 7 Malware ExpKit.Gen3 lässt sich nicht entfernen
    Log-Analyse und Auswertung - 07.02.2014 (5)
  8. HTML/ExpKit.Gen3 wird beim Aufrufen einiger Webseiten von Avira gefunden
    Log-Analyse und Auswertung - 27.01.2014 (15)
  9. Antivir findet immer wieder TR/atraps.gen, TR/atraps.gen2 , HTML/expKit.Gen3
    Log-Analyse und Auswertung - 17.11.2013 (12)
  10. Win 7, Avira Fund: HTML/ExpKit.Gen3 [Virus], in: Temporary Internet Files
    Plagegeister aller Art und deren Bekämpfung - 16.09.2013 (9)
  11. Avira hat "HTML/Infected.WebPage.Gen3" auf meiner Homepage gefunden
    Log-Analyse und Auswertung - 27.05.2013 (19)
  12. HTML/ExpKit.Gen3 Virus ?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (2)
  13. HTML/Rce.Gen3 in Firefox Cache
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (4)
  14. HTML/Infected.WebPage.Gen3 Fund auf langsamem Labtop/ESET hängt
    Plagegeister aller Art und deren Bekämpfung - 09.03.2012 (12)
  15. Mehrere Viren eingefangen: TR/Trash.Gen, HTML/ExpKit.Gen2, EXP/Java.aqe etc.
    Log-Analyse und Auswertung - 23.05.2011 (37)
  16. TR/Dkdr.Karagany.A.388 + TR/Fakealert.NT später HTML/ExpKit.Gen2 + TR/Kazy.21978 + JAVA/Pesc.O
    Log-Analyse und Auswertung - 14.05.2011 (16)
  17. TAN-Abfrage beim Online-Banking: Java/Edoer.af + Openstream.L + TR/Kazy.17993.1 + HTML/Expkit.Gen2
    Plagegeister aller Art und deren Bekämpfung - 10.04.2011 (29)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner Yontoo html/expkit.gen3 - Vielen Dank für deine schnelle Hilfe. Schritt 1 : Habe alle Programme deinstalliert, die auf der Liste standen. (Allerdings habe ich nun kein Antivirus-Programm) Schritt 2: LOG AdwCleaner Code: Alles - Trojaner Yontoo html/expkit.gen3...
Archiv
Du betrachtest: Trojaner Yontoo html/expkit.gen3 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19