| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Interpol Trojaner auf Vista Rechner - eingeschränkte Möglichkeiten Daten zu sammeln wegen ipad und uraltrechnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.11.2013, 08:15
| #16 |
| /// the machine /// TB-Ausbilder    |  Interpol Trojaner auf Vista Rechner - eingeschränkte Möglichkeiten Daten zu sammeln wegen ipad und uraltrechner Downloade dir bitte Windows Repair (All In One) von hier.
Frisches FSS und FRST log bitte. Noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.11.2013, 23:14
| #17 |
| | Interpol Trojaner auf Vista Rechner - eingeschränkte Möglichkeiten Daten zu sammeln wegen ipad und uraltrechnerCode:
ATTFilter Farbar Service Scanner Version: 10-11-2013
Ran by alpha (administrator) on 25-11-2013 at 23:07:46
Running from "C:\Users\alpha\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 (ATTENTION: ====> FRST version is 53 days old and could be outdated)
Ran by alpha (administrator) on MANFREDMICHELS on 25-11-2013 23:09:08
Running from C:\Users\alpha\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) D:\Fitbit Connect\FitbitConnectService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Apple Inc.) D:\iTunesHelper.exe
(Fitbit, Inc.) D:\Fitbit Connect\Fitbit Connect.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - D:\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [Fitbit Connect] - D:\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKLM\...\Run: [20131121] - C:\Program Files\Alwil Software\Avast5\setup\emupdate\a8bdc0ad-0835-486d-91c9-52558c863ecf.exe [180184 2013-11-23] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Fitbit Connect] - D:\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\alpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\alpha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=704&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=704&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {FA70C508-92D6-40B5-8CC7-297A5E1B27CC} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKCU - {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=704&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKCU - {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms}
SearchScopes: HKCU - {FA70C508-92D6-40B5-8CC7-297A5E1B27CC} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: No Name - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
Toolbar: HKLM - No Name - {C424171E-592A-415a-9EB1-DFD6D95D3530} - No File
Toolbar: HKLM - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S4 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
S4 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
S4 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
S4 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49248 2007-01-12] (Symantec Corporation)
R2 Fitbit Connect; D:\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 NishService; C:\Program Files\System Control Manager\edd.exe [61440 2007-08-23] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2006-09-29] ()
S4 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1174664 2007-10-16] (Symantec Corporation)
S4 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [47712 2007-01-05] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2009-11-25] ()
S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [44544 2009-08-24] (AzureWave Technologies, Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [387384 2007-01-10] (Symantec Corporation)
S3 IDSvix86; C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [212280 2006-12-27] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2009-03-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MGHwCtrl; C:\Windows\system32\drivers\MGHwCtrl.sys [19456 2006-12-22] (Windows (R) Codename Longhorn DDK provider)
S3 mod7700; C:\Windows\System32\Drivers\mod7700.sys [819072 2008-06-26] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [13824 2007-10-19] (DiBcom S.A.)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [135400 2007-05-14] (Realtek Semiconductor Corp.)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [115000 2007-10-16] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27576 2007-01-09] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191544 2007-01-09] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-25 22:59 - 2013-11-25 22:59 - 00000000 _____ C:\Windows\setuperr.log
2013-11-25 22:59 - 2013-11-25 22:59 - 00000000 _____ C:\Windows\setupact.log
2013-11-25 22:02 - 2013-11-25 22:53 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-11-25 22:02 - 2013-11-25 22:02 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MANFREDMICHELS-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-11-25 22:00 - 2013-11-25 22:00 - 00000000 ___DC C:\RegBackup
2013-11-25 21:25 - 2013-11-25 21:25 - 02804572 _____ C:\Users\alpha\Desktop\tweaking.com_windows_repair_aio.zip
2013-11-23 11:03 - 2013-11-25 23:07 - 00002090 _____ C:\Users\alpha\Desktop\FSS.txt
2013-11-23 11:02 - 2013-11-23 11:02 - 00360775 _____ (Farbar) C:\Users\alpha\Desktop\FSS.exe
2013-11-23 10:32 - 2013-11-23 10:32 - 00448512 _____ (OldTimer Tools) C:\Users\alpha\Desktop\TFC.exe
2013-11-23 10:20 - 2013-11-23 10:20 - 00000000 ____D C:\Windows\Sun
2013-11-23 10:20 - 2013-11-23 10:20 - 00000000 ____D C:\ProgramData\Oracle
2013-11-23 10:19 - 2013-11-23 10:19 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-23 10:19 - 2013-11-23 10:18 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-23 10:18 - 2013-11-23 10:18 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-23 10:18 - 2013-11-23 10:18 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-23 10:18 - 2013-11-23 10:18 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-16 08:47 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-16 08:47 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-16 08:47 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-16 08:47 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-16 08:47 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-16 08:47 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-16 08:47 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-16 08:47 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-16 08:47 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-16 08:47 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-16 08:47 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-16 08:47 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-16 08:47 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-16 08:47 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-16 08:47 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-16 08:47 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-16 08:22 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-16 08:22 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-16 08:22 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-16 08:22 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-16 08:22 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-10-27 10:28 - 2013-10-12 14:18 - 01087213 _____ (Farbar) C:\Users\alpha\Desktop\FRST.exe
2013-10-27 10:25 - 2013-10-27 10:33 - 00000304 _____ C:\Users\alpha\Desktop\Addition.txt
==================== One Month Modified Files and Folders =======
2013-11-25 23:07 - 2013-11-23 11:03 - 00002090 _____ C:\Users\alpha\Desktop\FSS.txt
2013-11-25 23:01 - 2012-02-29 14:35 - 02006987 _____ C:\Windows\WindowsUpdate.log
2013-11-25 23:01 - 2006-11-02 11:33 - 01445352 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-25 23:00 - 2013-10-09 15:14 - 00000000 ____D C:\Users\alpha\AppData\Roaming\Dropbox
2013-11-25 22:59 - 2013-11-25 22:59 - 00000000 _____ C:\Windows\setuperr.log
2013-11-25 22:59 - 2013-11-25 22:59 - 00000000 _____ C:\Windows\setupact.log
2013-11-25 22:59 - 2013-10-09 15:18 - 00000000 ___RD C:\Users\alpha\Dropbox
2013-11-25 22:56 - 2010-07-01 19:27 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-25 22:56 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-25 22:55 - 2013-01-05 18:12 - 00002968 _____ C:\Windows\PFRO.log
2013-11-25 22:55 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-25 22:55 - 2006-11-02 13:47 - 00390456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-25 22:55 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-25 22:54 - 2006-11-02 14:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-25 22:53 - 2013-11-25 22:02 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-11-25 22:13 - 2012-08-10 18:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-25 22:02 - 2013-11-25 22:02 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MANFREDMICHELS-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-11-25 22:00 - 2013-11-25 22:00 - 00000000 ___DC C:\RegBackup
2013-11-25 21:55 - 2010-07-01 19:27 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-25 21:25 - 2013-11-25 21:25 - 02804572 _____ C:\Users\alpha\Desktop\tweaking.com_windows_repair_aio.zip
2013-11-23 11:02 - 2013-11-23 11:02 - 00360775 _____ (Farbar) C:\Users\alpha\Desktop\FSS.exe
2013-11-23 10:32 - 2013-11-23 10:32 - 00448512 _____ (OldTimer Tools) C:\Users\alpha\Desktop\TFC.exe
2013-11-23 10:20 - 2013-11-23 10:20 - 00000000 ____D C:\Windows\Sun
2013-11-23 10:20 - 2013-11-23 10:20 - 00000000 ____D C:\ProgramData\Oracle
2013-11-23 10:19 - 2013-11-23 10:19 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-23 10:18 - 2013-11-23 10:19 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-23 10:18 - 2013-11-23 10:18 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-23 10:18 - 2013-11-23 10:18 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-23 10:18 - 2013-11-23 10:18 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-23 10:18 - 2010-09-03 21:48 - 00000000 ____D C:\Program Files\Java
2013-11-23 09:29 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-23 09:10 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-16 08:45 - 2013-08-17 09:56 - 00000000 ____D C:\Windows\system32\MRT
2013-11-16 08:40 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-11 05:50 - 2010-06-20 12:17 - 00230048 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-10-27 10:33 - 2013-10-27 10:25 - 00000304 _____ C:\Users\alpha\Desktop\Addition.txt
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-25 23:05
==================== End Of Log ============================
Die Windows Repair version die du angegeben hast ist nicht mehr die Neueste. Ich hab in der aktuellen nur an den Stellen Haken gesetzt, die du auch in der alten hatest. Gruß Simon |
|
26.11.2013, 12:47
| #18 |
| /// the machine /// TB-Ausbilder | Interpol Trojaner auf Vista Rechner - eingeschränkte Möglichkeiten Daten zu sammeln wegen ipad und uraltrechner Perfekt. Noch Probleme?
__________________
__________________ |
|
| Themen zu Interpol Trojaner auf Vista Rechner - eingeschränkte Möglichkeiten Daten zu sammeln wegen ipad und uraltrechner |
| avast, booten, daten, download, euro, files, freundin, hinweis, hängt, kaspersky, modus, neustart, nichts, rechner, startet, startet nicht, stick, taskmanager, tastatur, trojaner, unlocker, usb, usb stick, vista, xp-rechner, zugriff |
Linear-Darstellung
