Windows Vista Trojaner

jonnywayne · 16.09.2013, 16:01

Hallo
Habe vom Rechner einer Freundin ein Scan mit FRST erstellt. Ich hoffe es ist richtig so und es kann mir geholfen werden. Vielen dank

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013
Ran by SYSTEM on MINWINPC on 16-09-2013 16:07:56
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [ALaunch] - C:\Acer\ALaunch\AlaunchClient.exe
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4669440 2007-07-05] (Realtek Semiconductor)
HKLM\...\Run: [eDataSecurity Loader] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [Acer Tour] - [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-03-07] (Adobe Systems Incorporated)
HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\LManager.exe [768520 2007-07-15] (Dritek System Inc.)
HKLM\...\Run: [PlayMovie] - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [206952 2007-05-24] (CyberLink Corp.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [159744 2007-06-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [eRecoveryService] - [x]
HKLM\...\Run: [Acer Tour Reminder] - C:\Acer\AcerTour\Reminder.exe [151552 2007-05-22] (Acer Inc.)
HKLM\...\Run: [WarReg_PopUp] - C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [SetPanel] - C:\Acer\APanel\APanel.cmd
HKLM\...\Run: [PAC7311_Monitor] - C:\Windows\PixArt\PAC7311\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [144784 2008-02-21] (Sun Microsystems, Inc.)
HKLM\...\Run: [Symantec PIF AlertEng] - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1226608 2010-12-09] ()
HKLM\...\Run: [DivX Download Manager] - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe [63360 2010-12-08] (DivX, LLC)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-04-26] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-04-26] ()
HKU\vanessa\...\Run: [Acer Tour Reminder] - [x]
HKU\vanessa\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\vanessa\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-06-16] (Google Inc.)
HKU\vanessa\...\Run: [T-Online_Software_6\WLAN-Access Finder] - C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe [ 2008-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKU\vanessa\...\Run: [4E3E0230AEBB4E96] - C:\Recycle.Bin\Recycle.Bin.exe
HKU\vanessa\...\Run: [Userinit] - C:\Users\vanessa\AppData\Roaming\appconf32.exe
HKU\vanessa\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-18] (Microsoft Corporation)
HKU\vanessa\...\Winlogon: [Shell] explorer.exe,C:\Users\vanessa\AppData\Roaming\skype.dat [ 2011-11-18] () <==== ATTENTION 

========================== Services (Whitelisted) =================

S2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] ()
S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT)
S2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-03-14] (Acer Inc.)
S2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-05-22] (Acer Inc.)
S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-02-12] (Acer Inc.)
S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-05-10] ()
S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll [537992 2008-04-10] (Symantec Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] ()
S2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [163840 2007-05-16] (acer)
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
S2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

==================== Drivers (Whitelisted) ====================

S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
S1 DritekPortIO; C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
S3 MTOnlPktAlyX; C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [17536 2006-10-09] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [449024 2007-03-14] (PixArt Imaging Inc.)
S0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
S0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
S0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
S3 SE27bus; C:\Windows\System32\DRIVERS\SE27bus.sys [61600 2006-05-15] (MCCI)
S3 SE27mdfl; C:\Windows\System32\DRIVERS\SE27mdfl.sys [9360 2006-05-15] (MCCI)
S3 SE27mdm; C:\Windows\System32\DRIVERS\SE27mdm.sys [97184 2006-05-15] (MCCI)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 16:07 - 2013-09-16 16:07 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2013-09-16 16:07 - 2013-09-16 16:07 - 00000000 ____D C:\FRST
2013-09-16 05:52 - 2013-07-08 08:14 - 00000004 _____ C:\Users\vanessa\AppData\Roaming\skype.ini
2013-09-16 05:51 - 2008-11-15 03:38 - 00005972 _____ C:\Users\vanessa\AppData\Local\d3d9caps.dat
2013-09-16 05:51 - 2006-11-02 04:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-16 05:51 - 2006-11-02 04:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-16 05:45 - 2006-11-02 04:52 - 00071016 _____ C:\Windows\setupact.log
2013-09-16 05:39 - 2007-12-06 06:00 - 01924884 _____ C:\Windows\WindowsUpdate.log
2013-09-16 05:17 - 2006-11-02 02:33 - 01493246 _____ C:\Windows\System32\PerfStringBackup.INI

Files to move or delete:
====================
C:\Users\vanessa\AppData\Roaming\skype.dat
C:\Users\vanessa\AppData\Roaming\skype.ini


Some content of TEMP:
====================
C:\Users\vanessa\AppData\Local\Temp\718631~1.exe
C:\Users\vanessa\AppData\Local\Temp\AMPing.exe
C:\Users\vanessa\AppData\Local\Temp\AskSLib.dll
C:\Users\vanessa\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\vanessa\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\vanessa\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\vanessa\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\vanessa\AppData\Local\Temp\GLFDF1E.tmp.tbElf_.dll
C:\Users\vanessa\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\vanessa\AppData\Local\Temp\msg8BFB.exe
C:\Users\vanessa\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\vanessa\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\vanessa\AppData\Local\Temp\SkypeSetupFull(6.1.73.129)(Trackable457)trackable.exe
C:\Users\vanessa\AppData\Local\Temp\SkypeSetupFull(6.3.73.105)(Trackable457)trackable.exe
C:\Users\vanessa\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\vanessa\AppData\Local\Temp\ycomp_setup.exe
C:\Users\vanessa\AppData\Local\Temp\{7A46C83A-EACC-423B-8105-BDFF6B664D11}-GoogleUpdateSetup.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-05 06:43:52
Restore point made on: 2013-06-11 06:44:26
Restore point made on: 2013-06-14 13:58:08
Restore point made on: 2013-06-16 20:01:43
Restore point made on: 2013-06-20 07:16:15
Restore point made on: 2013-06-22 14:30:51
Restore point made on: 2013-06-25 06:11:42
Restore point made on: 2013-06-28 07:17:04
Restore point made on: 2013-07-03 05:52:19
Restore point made on: 2013-09-16 05:24:17

==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 2037.45 MB
Available physical RAM: 1781.2 MB
Total Pagefile: 1969.27 MB
Available Pagefile: 1843.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.72 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:69.77 GB) (Free:18.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:66.64 GB) NTFS
Drive f: (MILOSTICK) (Removable) (Total:7.33 GB) (Free:7.31 GB) FAT32
Drive x: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:1.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 61D39622)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=70 GB) - (Type=06)
Partition 3: (Not Active) - (Size=70 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 985FDA10)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-09-16 05:17

==================== End Of Log ============================

Windows Vista Trojaner

Log-Analyse und Auswertung: Windows Vista Trojaner

Windows Vista Trojaner

Ähnliche Themen: Windows Vista Trojaner