|
Log-Analyse und Auswertung: Bka TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.10.2013, 10:54 | #16 |
/// the machine /// TB-Ausbilder | Bka TrojanerESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.10.2013, 13:01 | #17 |
| Bka Trojaner Hier der Log von Eset:
__________________ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=feb6c413425072438b0130476e4daa45 # engine=15587 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-10-22 07:59:45 # local_time=2013-10-22 09:59:45 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776573 100 100 7583 220004713 0 0 # scanned=171718 # found=0 # cleaned=0 # scan_time=7146 Hallo Schrauber, wenn ich secuitycheck starte, drück ich eine beliebige Taste. Danach öffnet sich ein Fenster : Security Check Editor und darin steht : UNSUPPORTED OPERATING SYSTEM! ABORTED! Was habe ich falsch gemacht ? |
23.10.2013, 15:40 | #18 |
/// the machine /// TB-Ausbilder | Bka Trojaner Ignorier das und mach FRST
__________________
__________________ |
23.10.2013, 16:31 | #19 |
| Bka Trojaner Hier der Frst LoG. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 Ran by Thomas (administrator) on THOMAS-PC on 23-10-2013 17:30:01 Running from C:\Users\Thomas\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Agere Systems) C:\Windows\system32\agrsmsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (O2Micro International) C:\Program Files\O2Micro\o2flash.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\Windows\system32\conime.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Farbar) C:\Users\Thomas\Downloads\FRST (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4390912 2007-02-15] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1021224 2007-09-15] (Synaptics, Inc.) HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG) HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1828136 2007-08-08] (Nero AG) HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.) HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.) HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-08-21] (Nero AG) HKCU\...\Run: [AVMUSBFernanschluss] - C:\Users\Thomas\AppData\Local\Apps\2.0\L3AJBWVZ.VA4\3L7MTQVK.CTY\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe [139264 2009-05-19] (AVM Berlin) HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess? HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION! MountPoints2: {c5af39d2-76d3-11df-a9de-0019dbeda763} - F:\LaunchU3.exe -a MountPoints2: {d31aa386-90a6-11dd-8993-0019dbeda763} - F:\huelsta_now.exe MountPoints2: {ed407d88-2453-11df-8a33-0019dbeda763} - E:\pushinst.exe HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0 CHR Extension: () - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software) S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 o2flash; C:\Program Files\O2Micro\o2flash.exe [65536 2007-02-12] (O2Micro International) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] () R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [101248 2009-02-04] (AVM Berlin) R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2011-04-26] (TuneUp Software) S2 Aspi32; No ImagePath S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-23 17:29 - 2013-10-23 17:29 - 01088127 _____ (Farbar) C:\Users\Thomas\Downloads\FRST (1).exe 2013-10-23 13:58 - 2013-10-23 13:58 - 00891167 _____ C:\Users\Thomas\Downloads\SecurityCheck.exe 2013-10-22 19:55 - 2013-10-22 19:55 - 00000000 ____D C:\Program Files\ESET 2013-10-22 19:53 - 2013-10-22 19:53 - 02347384 _____ (ESET) C:\Users\Thomas\Downloads\esetsmartinstaller_enu.exe 2013-10-20 20:21 - 2013-10-20 20:21 - 00012414 _____ C:\Users\Thomas\Downloads\Addition.txt 2013-10-20 20:20 - 2013-10-20 20:20 - 01087515 _____ (Farbar) C:\Users\Thomas\Downloads\FRST.exe 2013-10-20 20:11 - 2013-10-20 20:11 - 00000903 _____ C:\Users\Thomas\Desktop\JRT.txt 2013-10-20 20:05 - 2013-10-20 20:05 - 00000000 ____D C:\Windows\ERUNT 2013-10-20 20:04 - 2013-10-20 20:04 - 01033335 _____ (Thisisu) C:\Users\Thomas\Downloads\JRT.exe 2013-10-20 19:32 - 2013-10-20 19:32 - 01056666 _____ C:\Users\Thomas\Downloads\adwcleaner (1).exe 2013-10-20 19:30 - 2013-10-20 19:41 - 00000000 ____D C:\AdwCleaner 2013-10-20 19:29 - 2013-10-20 19:30 - 01056666 _____ C:\Users\Thomas\Downloads\adwcleaner.exe 2013-10-20 10:18 - 2013-10-20 10:18 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-20 10:18 - 2013-10-20 10:18 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Malwarebytes 2013-10-20 10:18 - 2013-10-20 10:18 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-20 10:18 - 2013-10-20 10:18 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-20 10:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-20 10:17 - 2013-10-11 21:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Desktop\mbam-setup-1.75.0.1300.exe 2013-10-17 18:48 - 2013-10-17 18:48 - 00000000 ____D C:\FRST 2013-10-13 11:59 - 2013-10-16 04:52 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-10-10 03:14 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-10 03:14 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-10 03:14 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-10 03:14 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-10-10 03:14 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-10 03:14 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-10 03:14 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-10-10 03:14 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-10 03:14 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-10-10 03:14 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-10 03:14 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-10-10 03:14 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-10 03:14 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-10 03:14 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-10 03:14 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-10-10 03:14 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-09 17:18 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2013-10-09 17:18 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2013-10-09 17:18 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-10-09 17:18 - 2013-08-27 03:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-10-09 17:17 - 2013-08-29 09:56 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys 2013-10-09 17:17 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-09 17:17 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2013-10-09 17:17 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2013-10-09 17:17 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2013-10-09 17:17 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2013-10-09 17:17 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2013-10-09 17:17 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-09 17:17 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2013-10-09 17:17 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 17:17 - 2013-07-12 11:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2013-10-09 17:17 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-09 17:17 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-09 17:17 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-09 17:17 - 2013-06-29 04:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-09 17:17 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-09 17:17 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-09 17:17 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-09 17:17 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-09 17:17 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-09 17:17 - 2011-05-05 15:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-09 17:16 - 2013-07-03 04:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-03 06:49 - 2013-10-03 06:49 - 00001918 _____ C:\Users\Public\Desktop\Free System Utilities.lnk 2013-10-03 06:49 - 2013-10-03 06:49 - 00000000 ____D C:\ProgramData\FreeSystemUtilities 2013-10-03 06:49 - 2013-10-03 06:49 - 00000000 ____D C:\Program Files\Covus Freemium 2013-10-03 06:41 - 2013-10-03 06:41 - 00000000 ____D C:\Users\Thomas\AppData\Local\Software Updater ==================== One Month Modified Files and Folders ======= 2013-10-23 17:29 - 2013-10-23 17:29 - 01088127 _____ (Farbar) C:\Users\Thomas\Downloads\FRST (1).exe 2013-10-23 17:28 - 2006-11-02 12:33 - 00005764 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-23 17:23 - 2012-08-26 15:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-23 17:23 - 2007-09-21 14:13 - 01072121 _____ C:\Windows\WindowsUpdate.log 2013-10-23 15:50 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-23 15:50 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-23 13:58 - 2013-10-23 13:58 - 00891167 _____ C:\Users\Thomas\Downloads\SecurityCheck.exe 2013-10-22 19:55 - 2013-10-22 19:55 - 00000000 ____D C:\Program Files\ESET 2013-10-22 19:53 - 2013-10-22 19:53 - 02347384 _____ (ESET) C:\Users\Thomas\Downloads\esetsmartinstaller_enu.exe 2013-10-20 20:21 - 2013-10-20 20:21 - 00012414 _____ C:\Users\Thomas\Downloads\Addition.txt 2013-10-20 20:20 - 2013-10-20 20:20 - 01087515 _____ (Farbar) C:\Users\Thomas\Downloads\FRST.exe 2013-10-20 20:11 - 2013-10-20 20:11 - 00000903 _____ C:\Users\Thomas\Desktop\JRT.txt 2013-10-20 20:05 - 2013-10-20 20:05 - 00000000 ____D C:\Windows\ERUNT 2013-10-20 20:04 - 2013-10-20 20:04 - 01033335 _____ (Thisisu) C:\Users\Thomas\Downloads\JRT.exe 2013-10-20 19:58 - 2007-11-03 08:51 - 00049416 _____ C:\Users\Thomas\AppData\Roaming\nvModes.001 2013-10-20 19:56 - 2009-08-18 12:38 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2013-10-20 19:55 - 2009-01-14 20:14 - 00000202 _____ C:\Windows\system32\PSLOG 2013-10-20 19:55 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-20 19:54 - 2007-11-02 23:00 - 00071762 _____ C:\Windows\PFRO.log 2013-10-20 19:42 - 2007-08-06 13:06 - 00000012 _____ C:\Windows\bthservsdp.dat 2013-10-20 19:42 - 2006-11-02 15:01 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-20 19:41 - 2013-10-20 19:30 - 00000000 ____D C:\AdwCleaner 2013-10-20 19:32 - 2013-10-20 19:32 - 01056666 _____ C:\Users\Thomas\Downloads\adwcleaner (1).exe 2013-10-20 19:30 - 2013-10-20 19:29 - 01056666 _____ C:\Users\Thomas\Downloads\adwcleaner.exe 2013-10-20 19:20 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\MSAgent 2013-10-20 10:18 - 2013-10-20 10:18 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-20 10:18 - 2013-10-20 10:18 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Malwarebytes 2013-10-20 10:18 - 2013-10-20 10:18 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-20 10:18 - 2013-10-20 10:18 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-20 08:53 - 2011-06-17 13:23 - 00000000 ____D C:\Users\Thomas\AppData\Local\Htc 2013-10-17 18:48 - 2013-10-17 18:48 - 00000000 ____D C:\FRST 2013-10-16 04:52 - 2013-10-13 11:59 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-10-11 21:01 - 2013-10-20 10:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Desktop\mbam-setup-1.75.0.1300.exe 2013-10-11 20:29 - 2007-11-03 00:28 - 00000000 ____D C:\Users\Thomas 2013-10-10 03:57 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-10 03:47 - 2006-11-02 14:47 - 00407320 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-10 03:20 - 2013-08-16 03:16 - 00000000 ____D C:\Windows\system32\MRT 2013-10-10 03:17 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-10-08 19:52 - 2012-08-26 15:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-08 19:52 - 2012-08-26 15:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-10-06 12:29 - 2011-08-24 15:59 - 00000000 ____D C:\Users\Thomas\Desktop\ebay 2013-10-06 10:11 - 2007-11-03 08:30 - 00049416 _____ C:\Users\Thomas\AppData\Roaming\nvModes.dat 2013-10-04 07:42 - 2007-11-09 21:38 - 00029696 _____ C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-04 07:05 - 2008-11-19 16:34 - 00000000 ____D C:\Users\Thomas\Desktop\Foto Ordner 2013-10-03 12:54 - 2007-08-06 14:18 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-10-03 12:53 - 2007-08-06 14:20 - 00090468 _____ C:\Windows\DPINST.LOG 2013-10-03 12:46 - 2007-08-06 17:12 - 00000000 _____ C:\Windows\lgcenter.ini 2013-10-03 06:50 - 2013-05-28 11:28 - 00000000 ____D C:\ProgramData\Package Cache 2013-10-03 06:49 - 2013-10-03 06:49 - 00001918 _____ C:\Users\Public\Desktop\Free System Utilities.lnk 2013-10-03 06:49 - 2013-10-03 06:49 - 00000000 ____D C:\ProgramData\FreeSystemUtilities 2013-10-03 06:49 - 2013-10-03 06:49 - 00000000 ____D C:\Program Files\Covus Freemium 2013-10-03 06:41 - 2013-10-03 06:41 - 00000000 ____D C:\Users\Thomas\AppData\Local\Software Updater 2013-10-03 06:33 - 2006-11-02 12:23 - 00002577 _____ C:\Windows\system32\config.nt Files to move or delete: ==================== C:\Users\Thomas\setup_Mueller_Fotowelt.exe Some content of TEMP: ==================== C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-20 20:04 ==================== End Of Log ============================ |
24.10.2013, 08:39 | #20 |
/// the machine /// TB-Ausbilder | Bka Trojaner Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess? HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION! Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.10.2013, 19:55 | #21 |
| Bka Trojaner Hier das Log von Frst: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-10-2013 01 Ran by Thomas at 2013-10-24 20:54:17 Run:2 Running from E:\ Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess? HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION! ***************** HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully. HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion. ==== End of Fixlog ==== |
25.10.2013, 10:42 | #22 |
/// the machine /// TB-Ausbilder | Bka Trojaner fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.10.2013, 11:06 | #23 |
| Bka Trojaner Hallo Schrauber, einfach nur Super !!!! Ganz großes Lob. Vielen Dank Tommi |
25.10.2013, 11:36 | #24 |
/// the machine /// TB-Ausbilder | Bka Trojaner Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Bka Trojaner |
adobe, antivirus, association, avast, defender, desktop, dll, explorer, farbar, farbar recovery scan tool, home, installation, kaspersky, log, log file, problem, realtek, registry, rundll, services.exe, software, svchost.exe, system, thomas, trojaner, vista, windows, windows xp, winlogon.exe |