|
Plagegeister aller Art und deren Bekämpfung: W32/Injector.AJAR!trWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.07.2013, 07:40 | #16 |
/// the machine /// TB-Ausbilder | W32/Injector.AJAR!tr Das sind jetzt nur noch Kontrollscans nach Resten
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.07.2013, 15:20 | #17 |
| W32/Injector.AJAR!trCode:
ATTFilter dauert noch an --> kommt später Code:
ATTFilter Results of screen317's Security Check version 0.99.70 Windows XP Service Pack 3 x86 Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Internet Security 2012 ESET Online Scanner v3 Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` Out of date Spybot installed! Out of date HijackThis installed! ewido anti-spyware 4.0 Spybot - Search & Destroy 1.5.2.20 Spybot - Search & Destroy HijackThis 2.0.2 TuneUp Utilities TuneUp Utilities Language Pack (de-DE) TuneUp Utilities Java(TM) 6 Update 29 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox (22.0) Mozilla Thunderbird (17.0.7) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe ESET ESET Online Scanner OnlineScannerApp.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2013 Ran by Hollstein (administrator) on 27-07-2013 16:17:40 Running from J:\trojner Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard Internet Explorer Version 7 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe () C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe () C:\Programme\CPUCooL\CooLSrv.exe (Anti-Malware Development a.s.) C:\Programme\ewido anti-spyware 4.0\guard.exe (Teruten) C:\WINDOWS\system32\FsUsbExService.Exe (AVM Berlin) C:\Programme\FRITZ!DSL\IGDCTRL.EXE (Sun Microsystems, Inc.) C:\Programme\Java\jre6\bin\jqs.exe () C:\WINDOWS\system32\PSIService.exe (Samsung Electronics Co., Ltd.) C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe () C:\Programme\ASUS\NB Probe\SPM\spmgr.exe (TuneUp Software) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (Canon Inc.) C:\Programme\Canon\CAL\CALMAIN.exe (ICSI) C:\WINDOWS\Dit.exe (ICSI) C:\WINDOWS\DitExp.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Alcor Micro, Corp.) C:\Programme\Multimedia Card Reader\shwicon2k.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe (SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIIJE.EXE (AVM Berlin) C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin) C:\Programme\FRITZ!DSL\StCenter.EXE (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (TuneUp Software) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe (ESET) C:\Programme\ESET\ESET Online Scanner\OnlineScannerApp.exe () C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe (Farbar) J:\trojner\FRST(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Dit] - C:\Windows\Dit.exe [86016 2003-07-16] (ICSI) HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [14477312 2005-05-25] (Realtek Semiconductor Corp.) HKLM\...\Run: [Sunkist2k] - C:\Programme\Multimedia Card Reader\shwicon2k.exe [139264 2005-10-27] (Alcor Micro, Corp.) HKLM\...\Run: [avgnt] - C:\Programme\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.) HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIIJE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION) HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe [ 2005-11-24] (Nero AG) HKU\All Users\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe [ 2005-11-24] (Nero AG) HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe [ 2005-11-24] (Nero AG) Startup: C:\Dokumente und Einstellungen\Hollstein\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin) SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm StartMenuInternet: IEXPLORE.EXE - "C:\Programme\Internet Explorer\iexplore.exe" SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - ShellExecuteHooks: CShellExecuteHookImpl Object - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Programme\ewido anti-spyware 4.0\shellexecutehook.dll [73728 2006-06-16] (Anti-Malware Development a.s.) Winsock: Catalog5 05 C:\Programme\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog9 01 C:\Programme\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Programme\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog9 03 C:\Programme\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Programme\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog9 05 C:\Programme\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog9 10 C:\Programme\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 25 C:\Programme\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\Hollstein\Anwendungsdaten\Mozilla\Firefox\Profiles\zd5x42je.default FF SelectedSearchEngine: Google FF Homepage: hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin - C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll No File FF SearchPlugin: C:\Dokumente und Einstellungen\Hollstein\Anwendungsdaten\Mozilla\Firefox\Profiles\zd5x42je.default\searchplugins\searchplugins-backup FF Extension: No Name - C:\Dokumente und Einstellungen\Hollstein\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} FF Extension: No Name - C:\Dokumente und Einstellungen\Hollstein\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Deutsches Wörterbuch, erweitert für Österreich - C:\Dokumente und Einstellungen\Hollstein\Anwendungsdaten\Mozilla\Firefox\Profiles\zd5x42je.default\Extensions\de-AT@dictionaries.addons.mozilla.org FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\Hollstein\Anwendungsdaten\Mozilla\Firefox\Profiles\zd5x42je.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: No Name - C:\Dokumente und Einstellungen\Hollstein\Anwendungsdaten\Mozilla\Firefox\Profiles\zd5x42je.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF Extension: Default - C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [jqs@sun.com] C:\Programme\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Programme\Java\jre6\lib\deploy\jqs\ff ========================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AntiVirFirewallService; C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe [619472 2012-05-14] (Avira Operations GmbH & Co. KG) R2 AntiVirMailService; C:\Programme\Avira\AntiVir Desktop\avmailc.exe [375760 2012-05-14] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [86224 2012-05-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-14] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-14] (Avira Operations GmbH & Co. KG) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-09-15] () R2 CCALib8; C:\Programme\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) R2 CPUCooLServer; C:\Programme\CPUCooL\CooLSrv.exe [118784 2007-07-31] () S3 de_serv; C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [315392 2005-03-04] (AVM Berlin) R2 ewido anti-spyware 4.0 guard; C:\Programme\ewido anti-spyware 4.0\guard.exe [172032 2006-06-16] (Anti-Malware Development a.s.) S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2010-07-23] (Google Inc.) S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2010-07-23] (Google Inc.) S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) R2 IGDCTRL; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin) S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-07-04] (Mozilla Foundation) R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] () R2 SamsungAllShareV2.0; C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2011-12-16] (Samsung Electronics Co., Ltd.) S3 ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) S3 SimpleSlideShowServer; C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe [27584 2011-12-16] (Samsung Electronics Co., Ltd.) R2 spmgr; C:\Programme\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] () S3 TuneUp.Defrag; C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe [435016 2010-03-13] (TuneUp Software) R2 TuneUp.UtilitiesSvc; C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1047880 2010-02-25] (TuneUp Software) S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation) S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x] R2 JavaQuickStarterService; "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== S3 61883; C:\Windows\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [77000 2007-03-16] (SlySoft, Inc.) R3 ASAPIW2K; C:\WINDOWS\system32\Drivers\asapiW2k.sys [11264 2005-02-23] (VOB Computersysteme GmbH) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12664 2006-10-19] () R1 aslm75; C:\WINDOWS\system32\drivers\aslm75.sys [6272 1997-04-22] () R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1723904 2006-08-23] (ATI Technologies Inc.) R1 atitray; C:\Programme\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\atitray.sys [13952 2006-09-27] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2006-12-25] () R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92008 2012-11-13] (Avira GmbH) R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [112584 2012-11-13] (Avira GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-14] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-14] (Avira GmbH) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-11] (Avira GmbH) S2 BulkUsb; C:\Windows\System32\DRIVERS\usbscan.sys [15104 2008-04-13] (Microsoft Corporation) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R2 CDRPDACC; C:\Programme\InfinaDyne\Shared\CDRPDACC.SYS [5273 2003-10-28] (Arrowkey) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-01-14] (SlySoft, Inc.) R2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [15440 2007-02-28] (Elaborate Bytes AG) R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [11984 2006-12-14] (Elaborate Bytes AG) R1 ewido anti-spyware 4.0 driver; C:\Programme\ewido anti-spyware 4.0\guard.sys [3968 2007-04-20] () R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-31] () R2 ghaio; C:\Programme\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] () R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider) R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [40560 2010-05-18] (Paragon Software Group) R3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) R0 ivicd; C:\Windows\System32\drivers\ivicd.sys [38784 2005-01-12] (InterVideo) S3 iviudf; C:\Windows\System32\drivers\IviUdf.sys [116224 2005-01-12] (InterVideo) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2006-12-25] () R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171008 2005-06-02] (Pinnacle Systems GmbH) S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R1 ntiopnp; C:\Windows\System32\Drivers\ntiopnp.sys [12800 2007-02-12] () R1 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) R3 Pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation) S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) S3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [38468 2005-10-27] (Alcor Micro Corp.) R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [76560 2007-01-12] (Trend Micro Inc.) R3 TuneUpUtilitiesDrv; C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2010-02-25] (TuneUp Software) U1 udffsrec; C:\Windows\System32\drivers\udffsrec.sys [5248 2004-12-19] () S3 USBVCD; C:\Windows\System32\drivers\USBVCD.sys [35584 2003-05-23] (Canon Inc) S3 VCIDRV; C:\Windows\System32\drivers\VCIdrv.sys [4224 2003-05-23] (Canon Inc) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) R3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [285952 2007-12-06] (Marvell) S3 catchme; \??\C:\DOKUME~1\HOLLST~1\LOKALE~1\Temp\catchme.sys [x] S4 InCDFs; system32\drivers\InCDFs.sys [x] S1 InCDPass; system32\drivers\InCDPass.sys [x] S1 InCDRm; system32\drivers\InCDRm.sys [x] S4 IntelIde; No ImagePath S3 NETFWDSL; system32\DRIVERS\NETFWDSL.SYS [x] S3 Pcouffin; System32\Drivers\Pcouffin.sys [x] U3 TlntSvr; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-27 16:02 - 2013-07-27 12:36 - 00891062 _____ C:\Dokumente und Einstellungen\Hollstein\Desktop\SecurityCheck.exe 2013-07-27 15:48 - 2013-07-27 15:48 - 00000000 ____D C:\Programme\ESET 2013-07-24 17:32 - 2013-07-24 17:32 - 00001187 _____ C:\Dokumente und Einstellungen\Hollstein\Desktop\JRT.txt 2013-07-24 17:27 - 2013-07-24 17:27 - 00000000 ____D C:\WINDOWS\ERUNT 2013-07-24 17:22 - 2013-07-24 17:22 - 00006496 _____ C:\Dokumente und Einstellungen\Hollstein\Desktop\AdwCleaner[S1].txt 2013-07-24 17:18 - 2013-07-24 17:19 - 00006496 _____ C:\AdwCleaner[S1].txt 2013-07-22 22:25 - 2013-07-22 22:25 - 00034114 _____ C:\ComboFix.txt 2013-07-22 21:56 - 2013-07-22 21:56 - 00090112 _____ C:\WINDOWS\Minidump\Mini072213-02.dmp 2013-07-22 21:34 - 2013-07-22 21:34 - 00090112 _____ C:\WINDOWS\Minidump\Mini072213-01.dmp 2013-07-22 21:22 - 2013-07-22 21:22 - 00000000 _RSHD C:\cmdcons 2013-07-22 21:22 - 2007-01-03 21:43 - 00000211 _____ C:\Boot.bak 2013-07-22 21:22 - 2004-08-03 23:00 - 00262448 __RSH C:\cmldr 2013-07-22 21:18 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe 2013-07-22 21:18 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe 2013-07-22 21:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2013-07-22 21:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2013-07-22 21:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2013-07-22 21:18 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2013-07-22 21:18 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe 2013-07-22 21:18 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe 2013-07-22 21:18 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe 2013-07-22 21:17 - 2013-07-22 22:25 - 00000000 ____D C:\Qoobox 2013-07-22 21:17 - 2013-07-22 22:22 - 00000000 ____D C:\WINDOWS\erdnt 2013-07-22 21:11 - 2013-07-22 21:12 - 05091940 ____R (Swearware) C:\Dokumente und Einstellungen\Hollstein\Desktop\ComboFix.exe 2013-07-21 23:09 - 2013-07-21 23:09 - 00035664 _____ C:\Dokumente und Einstellungen\Hollstein\Desktop\Addition.txt 2013-07-21 23:08 - 2013-07-24 17:49 - 00029035 _____ C:\Dokumente und Einstellungen\Hollstein\Desktop\FRST.txt 2013-07-21 23:01 - 2013-07-21 23:01 - 00000000 ____D C:\FRST 2013-07-17 18:58 - 2013-07-17 18:58 - 00000000 ____D C:\Dokumente und Einstellungen\Hollstein\Desktop\Lennart Bilder Babysmile 2013-07-14 00:28 - 2013-07-14 00:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-07-14 00:27 - 2013-07-14 00:28 - 00007690 _____ C:\WINDOWS\KB2834886.log 2013-07-14 00:27 - 2013-07-14 00:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$ 2013-07-14 00:27 - 2013-07-14 00:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-07-13 22:33 - 2013-07-14 00:27 - 00014045 _____ C:\WINDOWS\KB2850851.log 2013-07-13 22:33 - 2013-07-14 00:27 - 00012727 _____ C:\WINDOWS\KB2845187.log 2013-07-11 22:57 - 2013-07-11 22:57 - 00004635 _____ C:\WINDOWS\KB2834904.log 2013-07-11 22:57 - 2013-07-11 22:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$ 2013-07-11 12:28 - 2013-07-11 13:44 - 00107884 _____ C:\WINDOWS\KB2846071-IE7.log 2013-07-07 19:23 - 2013-07-07 19:25 - 00000000 ____D C:\Dokumente und Einstellungen\Hollstein\Desktop\LENNART 2013-07-04 18:58 - 2013-07-04 19:36 - 00000000 ____D C:\Programme\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-07-27 16:09 - 2010-07-23 09:23 - 00001096 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-27 15:51 - 2006-02-02 12:05 - 01807217 _____ C:\WINDOWS\WindowsUpdate.log 2013-07-27 15:49 - 2012-06-10 21:38 - 141187870 _____ C:\Dokumente und Einstellungen\Hollstein\DesktopStCenter.txt 2013-07-27 15:49 - 2006-02-05 13:06 - 00000000 ____D C:\Dokumente und Einstellungen\Hollstein\Anwendungsdaten\FRITZ! 2013-07-27 15:48 - 2013-07-27 15:48 - 00000000 ____D C:\Programme\ESET 2013-07-27 15:48 - 2006-02-02 11:58 - 00000000 ___RD C:\Programme 2013-07-27 15:46 - 2013-06-12 21:19 - 00014919 _____ C:\WINDOWS\setupapi.log 2013-07-27 15:44 - 2010-07-23 09:23 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-27 15:44 - 2006-02-02 12:31 - 00000000 ____D C:\WINDOWS\system32\Lang 2013-07-27 15:43 - 2006-02-02 12:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-07-27 15:43 - 2006-02-02 12:00 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-07-27 15:43 - 2006-02-02 12:00 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-07-27 15:43 - 2004-08-04 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2013-07-27 12:36 - 2013-07-27 16:02 - 00891062 _____ C:\Dokumente und Einstellungen\Hollstein\Desktop\SecurityCheck.exe 2013-07-25 20:07 - 2009-05-05 18:39 - 00327680 _____ C:\WINDOWS\system32\config\TuneUp.evt 2013-07-25 20:07 - 2006-02-02 12:10 - 00032458 _____ C:\WINDOWS\SchedLgU.Txt 2013-07-24 18:36 - 2012-10-01 19:24 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-07-24 18:23 - 2006-03-19 15:03 - 00000000 ___RD C:\Dokumente und Einstellungen\Hollstein\Desktop\urs 2013-07-24 18:23 - 2006-02-06 02:21 - 00000000 ____D C:\Dokumente und Einstellungen\Hollstein\Startmenü\Programme\xp-AntiSpy 2013-07-24 17:49 - 2013-07-21 23:08 - 00029035 _____ C:\Dokumente und Einstellungen\Hollstein\Desktop\FRST.txt 2013-07-24 17:32 - 2013-07-24 17:32 - 00001187 _____ C:\Dokumente und Einstellungen\Hollstein\Desktop\JRT.txt 2013-07-24 17:27 - 2013-07-24 17:27 - 00000000 ____D C:\WINDOWS\ERUNT 2013-07-24 17:22 - 2013-07-24 17:22 - 00006496 _____ C:\Dokumente und Einstellungen\Hollstein\Desktop\AdwCleaner[S1].txt 2013-07-24 17:19 - 2013-07-24 17:18 - 00006496 _____ C:\AdwCleaner[S1].txt 2013-07-22 22:33 - 2006-02-02 11:58 - 00850554 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-07-22 22:31 - 2006-02-02 12:10 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService 2013-07-22 22:31 - 2006-02-02 12:09 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService 2013-07-22 22:28 - 2006-02-02 12:11 - 00000190 __SHC C:\Dokumente und Einstellungen\Hollstein\ntuser.ini 2013-07-22 22:25 - 2013-07-22 22:25 - 00034114 _____ C:\ComboFix.txt 2013-07-22 22:25 - 2013-07-22 21:17 - 00000000 ____D C:\Qoobox 2013-07-22 22:22 - 2013-07-22 21:17 - 00000000 ____D C:\WINDOWS\erdnt 2013-07-22 22:22 - 2004-08-04 14:00 - 00000227 _____ C:\WINDOWS\system.ini 2013-07-22 22:20 - 2006-02-02 12:51 - 00000000 ____D C:\WINDOWS\system 2013-07-22 22:20 - 2006-02-02 12:11 - 00000000 ____D C:\Dokumente und Einstellungen\Hollstein 2013-07-22 21:56 - 2013-07-22 21:56 - 00090112 _____ C:\WINDOWS\Minidump\Mini072213-02.dmp 2013-07-22 21:56 - 2006-02-19 15:12 - 00000000 ____D C:\WINDOWS\Minidump 2013-07-22 21:34 - 2013-07-22 21:34 - 00090112 _____ C:\WINDOWS\Minidump\Mini072213-01.dmp 2013-07-22 21:22 - 2013-07-22 21:22 - 00000000 _RSHD C:\cmdcons 2013-07-22 21:22 - 2006-02-02 12:56 - 00000327 __RSH C:\boot.ini 2013-07-22 21:12 - 2013-07-22 21:11 - 05091940 ____R (Swearware) C:\Dokumente und Einstellungen\Hollstein\Desktop\ComboFix.exe 2013-07-22 01:39 - 2010-03-26 17:43 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2013-07-21 23:09 - 2013-07-21 23:09 - 00035664 _____ C:\Dokumente und Einstellungen\Hollstein\Desktop\Addition.txt 2013-07-21 23:01 - 2013-07-21 23:01 - 00000000 ____D C:\FRST 2013-07-21 22:15 - 2006-02-02 12:04 - 00000000 ____D C:\WINDOWS\Registration 2013-07-17 18:58 - 2013-07-17 18:58 - 00000000 ____D C:\Dokumente und Einstellungen\Hollstein\Desktop\Lennart Bilder Babysmile 2013-07-16 22:55 - 2011-09-21 18:17 - 00000276 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2013-07-14 08:45 - 2006-02-02 11:57 - 00137256 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-07-14 00:28 - 2013-07-14 00:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-07-14 00:28 - 2013-07-14 00:27 - 00007690 _____ C:\WINDOWS\KB2834886.log 2013-07-14 00:28 - 2009-06-12 19:11 - 01514752 _____ C:\WINDOWS\FaxSetup.log 2013-07-14 00:28 - 2009-06-12 19:11 - 00724194 _____ C:\WINDOWS\ocgen.log 2013-07-14 00:28 - 2009-06-12 19:11 - 00577955 _____ C:\WINDOWS\tsoc.log 2013-07-14 00:28 - 2009-06-12 19:11 - 00502096 _____ C:\WINDOWS\comsetup.log 2013-07-14 00:28 - 2009-06-12 19:11 - 00304610 _____ C:\WINDOWS\ntdtcsetup.log 2013-07-14 00:28 - 2009-06-12 19:11 - 00241963 _____ C:\WINDOWS\iis6.log 2013-07-14 00:28 - 2009-06-12 19:11 - 00083790 _____ C:\WINDOWS\ocmsn.log 2013-07-14 00:28 - 2009-06-12 19:11 - 00075705 _____ C:\WINDOWS\msgsocm.log 2013-07-14 00:28 - 2009-06-12 19:11 - 00001374 _____ C:\WINDOWS\imsins.log 2013-07-14 00:27 - 2013-07-14 00:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$ 2013-07-14 00:27 - 2013-07-14 00:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-07-14 00:27 - 2013-07-13 22:33 - 00014045 _____ C:\WINDOWS\KB2850851.log 2013-07-14 00:27 - 2013-07-13 22:33 - 00012727 _____ C:\WINDOWS\KB2845187.log 2013-07-14 00:27 - 2008-11-09 14:13 - 00001374 _____ C:\WINDOWS\imsins.BAK 2013-07-13 23:32 - 2006-02-02 12:11 - 00000000 ___RD C:\Dokumente und Einstellungen\Hollstein\Startmenü 2013-07-13 22:56 - 2006-02-02 12:44 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-07-11 22:57 - 2013-07-11 22:57 - 00004635 _____ C:\WINDOWS\KB2834904.log 2013-07-11 22:57 - 2013-07-11 22:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$ 2013-07-11 13:44 - 2013-07-11 12:28 - 00107884 _____ C:\WINDOWS\KB2846071-IE7.log 2013-07-11 13:44 - 2009-06-12 19:11 - 00148736 _____ C:\WINDOWS\updspapi.log 2013-07-11 13:44 - 2008-11-09 14:18 - 00000000 ____D C:\WINDOWS\system32\de-de 2013-07-11 13:44 - 2007-07-23 16:41 - 75699896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-07-11 13:43 - 2008-11-09 14:46 - 00000000 ____D C:\WINDOWS\ie7updates 2013-07-11 13:28 - 2011-09-21 17:16 - 00000000 ____D C:\WINDOWS\system32\XPSViewer 2013-07-11 13:26 - 2006-02-19 15:11 - 00000116 _____ C:\WINDOWS\NeroDigital.ini 2013-07-07 19:25 - 2013-07-07 19:23 - 00000000 ____D C:\Dokumente und Einstellungen\Hollstein\Desktop\LENNART 2013-07-07 18:07 - 2012-06-26 21:35 - 00000000 ____D C:\Programme\Mozilla Maintenance Service 2013-07-04 19:36 - 2013-07-04 18:58 - 00000000 ____D C:\Programme\Mozilla Firefox 2013-07-03 21:02 - 2006-02-10 16:57 - 00000000 ____D C:\Dokumente und Einstellungen\Hollstein\Anwendungsdaten\OpenOffice.org2 2013-06-30 19:51 - 2010-11-18 14:08 - 00000000 ____D C:\Dokumente und Einstellungen\Hollstein\Desktop\Tel.Oma Waltraud 2013-06-27 18:05 - 2013-06-26 19:57 - 00000000 ____D C:\Programme\Mozilla Thunderbird ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-04 14:00] - [2008-04-14 04:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e C:\Windows\System32\winlogon.exe [2004-08-04 14:00] - [2008-04-14 04:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a C:\Windows\System32\svchost.exe [2004-08-04 14:00] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 C:\Windows\System32\services.exe [2004-08-04 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc C:\Windows\System32\User32.dll [2004-08-04 14:00] - [2008-04-14 04:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd C:\Windows\System32\userinit.exe [2004-08-04 14:00] - [2008-04-14 04:23] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 14:00] - [2008-04-14 03:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d ==================== End Of Log ============================ und lässt sich schon sagen ob es clean ist??? |
27.07.2013, 18:08 | #18 |
/// the machine /// TB-Ausbilder | W32/Injector.AJAR!tr Java updaten. Sieht gut aus, warten wir noch auf ESET.
__________________
__________________ |
27.07.2013, 19:33 | #19 |
| W32/Injector.AJAR!trCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=c3d4e8e93920af409bc3c733ce23573b # engine=14551 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-27 04:32:11 # local_time=2013-07-27 06:32:11 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1801 16775165 100 100 264718 196239987 257464 0 # scanned=226560 # found=0 # cleaned=0 # scan_time=9091 |
28.07.2013, 07:07 | #20 |
/// the machine /// TB-Ausbilder | W32/Injector.AJAR!tr Dann sind wir fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu W32/Injector.AJAR!tr |
angezeigt, datei, email, gescannt, heute, hilfe, hochladen, online, troja, vermute |