| |
| |||||||
Log-Analyse und Auswertung: Fedpol Trojaner Kobik CH-EditionWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.11.2013, 21:28
| #1 |
 |  Fedpol Trojaner Kobik CH-Edition Mein Bekannter hat sich den Bundestrojaner Fedpol (Kobik) in der Schweizer Edition eingefangen. Beim Aufstarten ist der Laptop gesperrt und nur die bekannte Seite erscheint, wo man aufgefordert wird, die 100.-- zu zahlen um der Sperrung zu entgehen. Es handelt sich um einen Laptop, Windows Vista 32bit Der abgesicherte Modus (ob ohne, oder mit Netzwerkerkennung, oder mit Eingabeaufforderung) funktioniert nicht. Konkret, der Laptop wird nach einem kurzen schwarzen Bildschirm neu gestartet. Also hab ich mich hier im Forum umgesehen und die FRST.exe 32bit heruntergeladen und nach Anleitung folgendes FRST.txt erzeugt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by SYSTEM on MINWINPC on 09-11-2013 20:37:11
Running from G:\
Windows Vista (TM) Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [729088 2006-10-09] (Motorola Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-13] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4390912 2007-03-09] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [176128 2007-04-24] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [159744 2007-02-13] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [50696 2007-03-12] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-11] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] - rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-09-06] (RealNetworks, Inc.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44128 2006-11-08] (soft thinks)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Meinname Muehsam\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Meinname Muehsam\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-02-20] (Google Inc.)
HKU\Meinname Muehsam\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Meinname Muehsam\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-10-02] (Skype Technologies S.A.)
AppInit_DLLs: APSHook.dll [ 2006-07-13] (Cognizance Corporation)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Users\Meinname Muehsam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfdrodq4.lnk
ShortcutTarget: lfdrodq4.lnk -> C:\PROGRA~2\4qdordfl.dss (Shirley Plantation Corporation)
========================== Services (Whitelisted) =================
S2 ASBroker; c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation)
S2 ASChannel; c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll [131584 2006-06-22] (Cognizance Corporation)
S2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243 2007-04-24] ()
S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [106593 2007-04-24] ()
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-01-09] (Hewlett-Packard Development Company, L.P.)
S2 gupdate1ca44ff123a0d00; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-10-04] (Google Inc.)
S2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 Winmgmt; C:\PROGRA~2\4qdordfl.dss [206848 2013-10-30] (Shirley Plantation Corporation)
S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [x]
==================== Drivers (Whitelisted) ====================
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140424 2007-03-28] (AuthenTec, Inc.)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131101.003\BHDrvx86.sys [1096280 2013-10-23] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-19] (Microsoft Corporation)
S1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-27] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20131107.001\IDSvix86.sys [393816 2013-10-28] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131108.002\NAVENG.SYS [93272 2013-11-08] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131108.002\NAVEX15.SYS [1612376 2013-11-08] (Symantec Corporation)
S3 SRTSP; C:\Windows\system32\drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-21] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2012-07-27] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\system32\drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-24] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-09 20:36 - 2013-11-09 20:36 - 00000000 ____D C:\FRST
2013-11-09 11:09 - 2013-11-09 11:09 - 00000000 ____D C:\Windows\pss
2013-11-08 22:32 - 2013-11-08 22:32 - 00001889 _____ C:\Users\Public\Desktop\Adobe Reader 8.lnk
2013-11-08 22:32 - 2013-11-08 22:32 - 00001889 _____ C:\ProgramData\Desktop\Adobe Reader 8.lnk
2013-10-30 17:45 - 2013-10-30 17:50 - 00000285 _____ C:\ProgramData\lfdrodq4.reg
2013-10-30 17:44 - 2013-11-09 19:49 - 95025368 ____T C:\ProgramData\lfdrodq4.bxx
2013-10-30 17:44 - 2013-11-09 19:49 - 00000000 _____ C:\ProgramData\lfdrodq4.fvv
2013-10-30 17:44 - 2013-10-30 17:44 - 00206848 _____ (Shirley Plantation Corporation) C:\ProgramData\4qdordfl.dss
2013-10-11 21:54 - 2013-09-22 11:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-11 21:54 - 2013-09-22 11:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-11 21:54 - 2013-09-22 11:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-11 21:54 - 2013-09-22 11:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-10-11 21:54 - 2013-09-22 11:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-11 21:54 - 2013-09-22 11:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-11 21:54 - 2013-09-22 11:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-10-11 21:54 - 2013-09-22 11:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-11 21:54 - 2013-09-22 11:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-10-11 21:54 - 2013-09-22 11:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-11 21:54 - 2013-09-22 11:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-10-11 21:54 - 2013-09-22 11:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-11 21:54 - 2013-09-22 11:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-11 21:54 - 2013-09-22 11:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-11 21:54 - 2013-09-22 11:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-10-11 21:54 - 2013-09-22 10:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-11 20:05 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-10-11 20:05 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-10-11 20:05 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-10-11 20:05 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-10-11 20:05 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-10-11 20:05 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-10-11 20:05 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-10-11 20:05 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-10-11 20:05 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-10-11 20:05 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-11 20:05 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-10-11 20:04 - 2013-08-29 08:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-11 20:04 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 20:03 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-11 20:03 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-11 20:03 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-11 20:03 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-11 20:03 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-11 20:03 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-11 20:02 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-11 20:02 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-11 20:01 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-11 20:01 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-11 20:01 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-11 19:59 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
==================== One Month Modified Files and Folders =======
2013-11-09 20:36 - 2013-11-09 20:36 - 00000000 ____D C:\FRST
2013-11-09 19:54 - 2009-12-04 16:12 - 00032726 _____ C:\ProgramData\nvModes.dat
2013-11-09 19:54 - 2009-12-04 16:12 - 00032726 _____ C:\ProgramData\nvModes.001
2013-11-09 19:54 - 2008-03-02 07:17 - 01413366 _____ C:\Windows\WindowsUpdate.log
2013-11-09 19:53 - 2010-01-14 14:42 - 00000000 ____D C:\Users\Meinname Muehsam\AppData\Local\CrashDumps
2013-11-09 19:53 - 2007-06-28 07:34 - 00000148 _____ C:\Users\Public\Documents\hpqp.ini
2013-11-09 19:50 - 2007-06-28 07:51 - 00000000 ____D C:\Windows\SMINST
2013-11-09 19:49 - 2013-10-30 17:44 - 95025368 ____T C:\ProgramData\lfdrodq4.bxx
2013-11-09 19:49 - 2013-10-30 17:44 - 00000000 _____ C:\ProgramData\lfdrodq4.fvv
2013-11-09 19:49 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-09 19:49 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-09 19:01 - 2008-05-03 19:24 - 00000680 _____ C:\Users\Meinname Muehsam\AppData\Local\d3d9caps.dat
2013-11-09 17:20 - 2008-03-02 07:17 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-11-09 16:14 - 2006-11-02 13:52 - 00076117 _____ C:\Windows\setupact.log
2013-11-09 15:49 - 2008-04-14 19:38 - 00000000 ____D C:\Users\Meinname Muehsam\AppData\Roaming\Skype
2013-11-09 11:09 - 2013-11-09 11:09 - 00000000 ____D C:\Windows\pss
2013-11-08 22:32 - 2013-11-08 22:32 - 00001889 _____ C:\Users\Public\Desktop\Adobe Reader 8.lnk
2013-11-08 22:32 - 2013-11-08 22:32 - 00001889 _____ C:\ProgramData\Desktop\Adobe Reader 8.lnk
2013-10-30 21:29 - 2010-10-12 20:04 - 00000000 ____D C:\Users\Meinname Muehsam\Documents\Sohn1
2013-10-30 21:27 - 2012-10-13 20:27 - 00000000 ____D C:\Users\Meinname Muehsam\Documents\Sohn2
2013-10-30 21:21 - 2009-05-29 10:55 - 00000000 ____D C:\Users\Meinname Muehsam\Documents\Sohn3
2013-10-30 17:50 - 2013-10-30 17:45 - 00000285 _____ C:\ProgramData\lfdrodq4.reg
2013-10-30 17:44 - 2013-10-30 17:44 - 00206848 _____ (Shirley Plantation Corporation) C:\ProgramData\4qdordfl.dss
2013-10-30 17:39 - 2011-12-17 22:49 - 00000000 ____D C:\Users\Meinname Muehsam\Documents\Stellenbewerbung Meinname
2013-10-30 17:36 - 2006-11-02 11:33 - 01559094 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-29 14:32 - 2007-06-28 07:27 - 00847276 _____ C:\Windows\PFRO.log
2013-10-17 20:16 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-17 12:47 - 2010-08-07 20:13 - 00000000 ___RD C:\Program Files\Skype
2013-10-17 12:47 - 2008-04-14 19:38 - 00000000 ____D C:\ProgramData\Skype
2013-10-12 15:27 - 2006-11-02 13:47 - 00379288 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-12 15:16 - 2009-10-11 15:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 22:02 - 2013-08-17 21:57 - 00000000 ____D C:\Windows\System32\MRT
2013-10-11 21:59 - 2006-11-02 11:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-10-10 20:41 - 2012-04-22 16:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-10-10 20:41 - 2011-05-17 12:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\ProgramData\4qdordfl.dss
C:\ProgramData\lfdrodq4.reg
C:\Users\Meinname Muehsam\ptw12.exe
Some content of TEMP:
====================
C:\Users\Meinname Muehsam\AppData\Local\Temp\ApnStub.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\contentDATs.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashLockV222.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\HPQSi.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\i4jdel0.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\install_flashplayer11x32axau_gtbp_chra_aih.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u13-windows-i586-p-iftw.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\msg50DD.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\msg9667.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\msgB56D.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\setup.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\stubhelper.dll
C:\Users\Meinname Muehsam\AppData\Local\Temp\symcdefsv5i32.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\SymLCSVC.EXE
C:\Users\Meinname Muehsam\AppData\Local\Temp\{B6FB8E67-4C38-4968-8D3A-F28243F6A827}-25.0.1364.97_24.0.1312.57_chrome_updater.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\~tmf2920084987192213550.dll
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
6
Restore point made on: 2013-08-27 20:50:55
Restore point made on: 2013-09-12 19:47:04
Restore point made on: 2013-09-12 21:07:30
Restore point made on: 2013-10-11 21:36:43
Restore point made on: 2013-10-30 23:53:50
Restore point made on: 2013-11-09 13:55:23
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 2045.81 MB
Available physical RAM: 1505.34 MB
Total Pagefile: 1775.55 MB
Available Pagefile: 1589.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.38 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:141.62 GB) (Free:61.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:149.05 GB) (Free:148.58 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:7.43 GB) (Free:2.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: F0CFFAAE)
Partition 1: (Active) - (Size=142 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: FA2A057A)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 124 MB) (Disk ID: 008497C9)
Partition 1: (Active) - (Size=124 MB) - (Type=0B)
LastRegBack: 2013-11-09 19:56
==================== End Of Log ============================
EDIT: Das FRST.exe konnte ich über Computer reparieren - Eingabeaufforderung ausführen. Wäre toll, wenn mir jemand helfen könnte. Vielen Dank schonmal. Geändert von jerryperry (09.11.2013 um 21:35 Uhr) |
|
10.11.2013, 02:24
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Fedpol Trojaner Kobik CH-Edition Hallo und
__________________ Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\Meinname Muehsam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfdrodq4.lnk
ShortcutTarget: lfdrodq4.lnk -> C:\PROGRA~2\4qdordfl.dss (Shirley Plantation Corporation)
S2 Winmgmt; C:\PROGRA~2\4qdordfl.dss [206848 2013-10-30] (Shirley Plantation Corporation)
C:\Users\Meinname Muehsam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfdrodq4.lnk
C:\Users\Meinname Muehsam\ptw12.exe
C:\ProgramData\4qdordfl.dss
C:\ProgramData\lfdrodq4.reg
C:\ProgramData\lfdrodq4.bxx
C:\ProgramData\lfdrodq4.fvv
C:\Users\Meinname Muehsam\AppData\Local\Temp\ApnStub.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\contentDATs.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashLockV222.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\HPQSi.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\i4jdel0.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\install_flashplayer11x32axau_gtbp_chra_aih.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u13-windows-i586-p-iftw.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\msg50DD.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\msg9667.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\msgB56D.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\setup.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\stubhelper.dll
C:\Users\Meinname Muehsam\AppData\Local\Temp\symcdefsv5i32.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\SymLCSVC.EXE
C:\Users\Meinname Muehsam\AppData\Local\Temp\{B6FB8E67-4C38-4968-8D3A-F28243F6A827}-25.0.1364.97_24.0.1312.57_chrome_updater.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\~tmf2920084987192213550.dll
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ |
|
10.11.2013, 09:08
| #3 |
| | Fedpol Trojaner Kobik CH-Edition Guten Morgen allerseits
__________________ Vielen Dank für deine Bemühungen. Ich habe die Fixlist ausgeführt und hier ist nun der Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-10-2013
Ran by SYSTEM at 2013-11-10 09:01:11 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
Startup: C:\Users\Meinname Muehsam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfdrodq4.lnk
ShortcutTarget: lfdrodq4.lnk -> C:\PROGRA~2\4qdordfl.dss (Shirley Plantation Corporation)
S2 Winmgmt; C:\PROGRA~2\4qdordfl.dss [206848 2013-10-30] (Shirley Plantation Corporation)
C:\Users\Meinname Muehsam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfdrodq4.lnk
C:\Users\Meinname Muehsam\ptw12.exe
C:\ProgramData\4qdordfl.dss
C:\ProgramData\lfdrodq4.reg
C:\ProgramData\lfdrodq4.bxx
C:\ProgramData\lfdrodq4.fvv
C:\Users\Meinname Muehsam\AppData\Local\Temp\ApnStub.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\contentDATs.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashLockV222.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\HPQSi.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\i4jdel0.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\install_flashplayer11x32axau_gtbp_chra_aih.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u13-windows-i586-p-iftw.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\msg50DD.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\msg9667.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\msgB56D.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\setup.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\stubhelper.dll
C:\Users\Meinname Muehsam\AppData\Local\Temp\symcdefsv5i32.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\SymLCSVC.EXE
C:\Users\Meinname Muehsam\AppData\Local\Temp\{B6FB8E67-4C38-4968-8D3A-F28243F6A827}-25.0.1364.97_24.0.1312.57_chrome_updater.exe
C:\Users\Meinname Muehsam\AppData\Local\Temp\~tmf2920084987192213550.dll
*****************
C:\Users\Meinname Muehsam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfdrodq4.lnk => Moved successfully.
C:\PROGRA~2\4qdordfl.dss => Moved successfully.
Winmgmt => Service restored successfully.
"C:\Users\Meinname Muehsam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfdrodq4.lnk" => File/Directory not found.
C:\Users\Meinname Muehsam\ptw12.exe => Moved successfully.
"C:\ProgramData\4qdordfl.dss" => File/Directory not found.
C:\ProgramData\lfdrodq4.reg => Moved successfully.
C:\ProgramData\lfdrodq4.bxx => Moved successfully.
C:\ProgramData\lfdrodq4.fvv => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\ApnStub.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashLockV222.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate01.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate02.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate03.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate04.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\FlashPlayerUpdate05.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\HPQSi.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\install_flashplayer11x32axau_gtbp_chra_aih.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u13-windows-i586-p-iftw.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\msg50DD.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\msg9667.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\msgB56D.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\SearchWithGoogleUpdate.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\symcdefsv5i32.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\SymLCSVC.EXE => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\{B6FB8E67-4C38-4968-8D3A-F28243F6A827}-25.0.1364.97_24.0.1312.57_chrome_updater.exe => Moved successfully.
C:\Users\Meinname Muehsam\AppData\Local\Temp\~tmf2920084987192213550.dll => Moved successfully.
==== End of Fixlog ====
Viele Grüsse jerry |
|
10.11.2013, 16:25
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fedpol Trojaner Kobik CH-Edition Ok, startet Windows wie normal?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.11.2013, 16:43
| #5 |
| | Fedpol Trojaner Kobik CH-Edition Ja, die Sperre ist weg. War's das bereits? |
|
10.11.2013, 16:54
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fedpol Trojaner Kobik CH-Edition Nein weiter gehts  Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Fedpol Trojaner Kobik CH-Edition |
|
10.11.2013, 18:37
| #7 |
| | Fedpol Trojaner Kobik CH-Edition So die Scans sind durch. Nach dem ersten Scan wurden 2 Malware gefundenHier der passende Log dazu: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
Database version: v2013.11.10.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Meinname Muehsam :: xxxxx [administrator]
10.11.2013 17:12:00
mbar-log-2013-11-10 (17-12-00).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 219803
Time elapsed: 30 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\Meinname Muehsam\AppData\Local\Temp\4qdordfl.dss (Trojan.Ransom.ED) -> Delete on reboot.
C:\Windows\Temp\4qdordfl.dss (Trojan.Ransom.ED) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
Database version: v2013.11.10.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Meinname Muehsam :: xxxxx [administrator]
10.11.2013 17:55:20
mbar-log-2013-11-10 (17-55-20).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 219295
Time elapsed: 23 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Norton meldete während des ersten Scans von Malewarebytes den Trojaner "Trojan.Ransomlock!g63." gefunden zu haben. Nach dem Cleanup und dem Neustart kam dann die Meldung von Norton, dass dieser nun erfolgreich entfernt wurde. Was soll ich nun weiter machen? Danke nochmals für die Hilfe |
|
11.11.2013, 00:46
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fedpol Trojaner Kobik CH-Edition Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.11.2013, 07:08
| #9 |
| | Fedpol Trojaner Kobik CH-Edition Ich werde diese Schritte leider erst am Abend ausführen können und danach die logs hier posten. Wie ist das, wird der Notebook nach diesen und vermutlich noch ein paar weiteren Schritten wieder clean sein? Ich frage, weil ich weiss, dass mein Bekannter jeweils Online Banking darüber macht. Oder sollte man dann den Notebook neu aufsetzen / formatieren? Viele Grüße jerry |
|
11.11.2013, 08:58
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fedpol Trojaner Kobik CH-EditionZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.11.2013, 19:47
| #11 |
| | Fedpol Trojaner Kobik CH-Edition Dann bin ich ja beruhigt Hier die gewünschte logfiles. AdwCleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.012 - Bericht erstellt am 11/11/2013 um 18:59:48
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Meinname Muehsam - xxxxx
# Gestartet von : C:\Users\Meinname Muehsam\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Meinname Muehsam\AppData\LocalLow\AskToolbar
Datei Gelöscht : C:\Windows\Uninstall.exe
Datei Gelöscht : C:\Users\Meinname Muehsam\AppData\Roaming\Mozilla\Firefox\Profiles\4sa3mcyc.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C41DEE4-4EA2-4CBF-AD6B-D8EB3BDB6723}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C41DEE4-4EA2-4CBF-AD6B-D8EB3BDB6723}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16514
-\\ Mozilla Firefox v7.0.1 (de)
[ Datei : C:\Users\Meinname Muehsam\AppData\Roaming\Mozilla\Firefox\Profiles\4sa3mcyc.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=47B16BEE-8932-49B8-B5A5-5B92CECDFBA2&apn_ptnrs=&apn_sauid=6E5F46BF-B242-414A-ADE6-050620BBD94B&ap[...]
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
-\\ Google Chrome v30.0.1599.101
[ Datei : C:\Users\Meinname Muehsam\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7602 octets] - [11/11/2013 18:54:49]
AdwCleaner[S0].txt - [7545 octets] - [11/11/2013 18:59:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7605 octets] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Meinname Muehsam on 11.11.2013 at 19:18:34.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2F718B82-C94C-4CAE-B3B4-7112EF9060F1}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Meinname Muehsam\AppData\Roaming\mozilla\firefox\profiles\4sa3mcyc.default\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.11.2013 at 19:22:20.63
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Meinname Muehsam (administrator) on xxxxx on 11-11-2013 19:24:56
Running from C:\Users\Meinname Muehsam\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Symantec Corporation) C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\cltLMH.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [729088 2006-10-09] (Motorola Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-13] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4390912 2007-03-09] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [176128 2007-04-24] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [159744 2007-02-13] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [50696 2007-03-12] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-11] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] - rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-09-06] (RealNetworks, Inc.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44128 2006-11-08] (soft thinks)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-20] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20474528 2013-10-02] (Skype Technologies S.A.)
MountPoints2: {babd3ef3-e1fb-11e0-bf50-001e37031ac1} - H:\LaunchU3.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
AppInit_DLLs: APSHook.dll [ 2006-07-13] (Cognizance Corporation)
Lsa: [Notification Packages] scecli ASWLNPkg
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/de/email/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {DD66228F-B8BA-4103-A0DB-C0144DA2ADBB} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.ch/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPEB_de
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.ch/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPEB_de
SearchScopes: HKCU - {DD66228F-B8BA-4103-A0DB-C0144DA2ADBB} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/_2_1_3/ActiveX/IfolorUploader_chkr.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} hxxp://www.facebook.com/controls/contactx.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Meinname Muehsam\AppData\Roaming\Mozilla\Firefox\Profiles\4sa3mcyc.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Meinname Muehsam\AppData\Roaming\Mozilla\Firefox\Profiles\4sa3mcyc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (RealDownloader) - C:\Users\MeinnameS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Skype Click to Call) - C:\Users\MeinnameS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Norton Identity Protection) - C:\Users\MeinnameS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.2.10_0
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
========================== Services (Whitelisted) =================
R2 ASBroker; c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation)
R2 ASChannel; c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll [131584 2006-06-22] (Cognizance Corporation)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243 2007-04-24] ()
S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [106593 2007-04-24] ()
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-01-09] (Hewlett-Packard Development Company, L.P.)
S2 gupdate1ca44ff123a0d00; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-10-04] (Google Inc.)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [x]
==================== Drivers (Whitelisted) ====================
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140424 2007-03-28] (AuthenTec, Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131101.003\BHDrvx86.sys [1096280 2013-10-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-19] (Microsoft Corporation)
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-27] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20131108.001\IDSvix86.sys [393816 2013-10-28] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131109.006\NAVENG.SYS [93272 2013-11-08] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131109.006\NAVEX15.SYS [1612376 2013-11-08] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2012-07-27] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-24] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-11 19:23 - 2013-11-09 20:01 - 01089445 _____ (Farbar) C:\Users\Meinname Muehsam\Desktop\FRST.exe
2013-11-11 19:22 - 2013-11-11 19:22 - 00001246 _____ C:\Users\Meinname Muehsam\Desktop\JRT.txt
2013-11-11 19:13 - 2013-11-11 19:13 - 00000000 ____D C:\Windows\ERUNT
2013-11-11 19:08 - 2013-11-11 19:08 - 01034531 _____ (Thisisu) C:\Users\Meinname Muehsam\Desktop\JRT.exe
2013-11-11 18:54 - 2013-11-11 18:59 - 00000000 ____D C:\AdwCleaner
2013-11-11 18:51 - 2013-11-11 18:51 - 01085542 _____ C:\Users\Meinname Muehsam\Desktop\adwcleaner.exe
2013-11-10 17:11 - 2013-11-10 17:55 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-10 17:11 - 2013-11-10 17:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-10 17:10 - 2013-11-10 17:54 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-10 17:08 - 2013-11-10 18:20 - 00000000 ____D C:\Users\Meinname Muehsam\Desktop\mbar
2013-11-10 17:06 - 2013-11-10 17:06 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Meinname Muehsam\Desktop\mbar-1.07.0.1007.exe
2013-11-09 20:36 - 2013-11-09 20:36 - 00000000 ____D C:\FRST
2013-11-09 11:09 - 2013-11-09 11:09 - 00000000 ____D C:\Windows\pss
2013-11-08 22:32 - 2013-11-08 22:32 - 00001889 _____ C:\Users\Public\Desktop\Adobe Reader 8.lnk
==================== One Month Modified Files and Folders =======
2013-11-11 19:23 - 2006-11-02 11:33 - 01559094 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-11 19:22 - 2013-11-11 19:22 - 00001246 _____ C:\Users\Meinname Muehsam\Desktop\JRT.txt
2013-11-11 19:21 - 2008-03-02 07:17 - 01490800 _____ C:\Windows\WindowsUpdate.log
2013-11-11 19:19 - 2008-04-14 19:38 - 00000000 ____D C:\Users\Meinname Muehsam\AppData\Roaming\Skype
2013-11-11 19:18 - 2009-12-04 16:12 - 00032726 _____ C:\ProgramData\nvModes.001
2013-11-11 19:18 - 2007-06-28 07:51 - 00000000 ____D C:\Windows\SMINST
2013-11-11 19:18 - 2007-06-28 07:34 - 00000148 _____ C:\Users\Public\Documents\hpqp.ini
2013-11-11 19:16 - 2009-12-04 16:12 - 00032726 _____ C:\ProgramData\nvModes.dat
2013-11-11 19:16 - 2009-10-04 15:44 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-11 19:16 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-11 19:16 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-11 19:16 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-11 19:15 - 2008-03-02 07:17 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-11-11 19:15 - 2006-11-02 14:01 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-11 19:13 - 2013-11-11 19:13 - 00000000 ____D C:\Windows\ERUNT
2013-11-11 19:08 - 2013-11-11 19:08 - 01034531 _____ (Thisisu) C:\Users\Meinname Muehsam\Desktop\JRT.exe
2013-11-11 18:59 - 2013-11-11 18:54 - 00000000 ____D C:\AdwCleaner
2013-11-11 18:51 - 2013-11-11 18:51 - 01085542 _____ C:\Users\Meinname Muehsam\Desktop\adwcleaner.exe
2013-11-11 18:45 - 2009-10-04 15:44 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-10 21:41 - 2012-04-22 16:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-10 18:25 - 2006-11-02 13:52 - 00076913 _____ C:\Windows\setupact.log
2013-11-10 18:20 - 2013-11-10 17:08 - 00000000 ____D C:\Users\Meinname Muehsam\Desktop\mbar
2013-11-10 17:55 - 2013-11-10 17:11 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-10 17:54 - 2013-11-10 17:10 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-10 17:48 - 2007-06-28 07:27 - 00847838 _____ C:\Windows\PFRO.log
2013-11-10 17:11 - 2013-11-10 17:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-10 17:06 - 2013-11-10 17:06 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Meinname Muehsam\Desktop\mbar-1.07.0.1007.exe
2013-11-10 09:01 - 2008-03-01 19:39 - 00000000 ____D C:\Users\Meinname Muehsam
2013-11-09 20:36 - 2013-11-09 20:36 - 00000000 ____D C:\FRST
2013-11-09 20:01 - 2013-11-11 19:23 - 01089445 _____ (Farbar) C:\Users\Meinname Muehsam\Desktop\FRST.exe
2013-11-09 19:53 - 2010-01-14 14:42 - 00000000 ____D C:\Users\Meinname Muehsam\AppData\Local\CrashDumps
2013-11-09 19:01 - 2008-05-03 19:24 - 00000680 _____ C:\Users\Meinname Muehsam\AppData\Local\d3d9caps.dat
2013-11-09 11:09 - 2013-11-09 11:09 - 00000000 ____D C:\Windows\pss
2013-11-08 22:32 - 2013-11-08 22:32 - 00001889 _____ C:\Users\Public\Desktop\Adobe Reader 8.lnk
2013-10-30 21:29 - 2010-10-12 20:04 - 00000000 ____D C:\Users\Meinname Muehsam\Documents\Sohn1
2013-10-30 21:27 - 2012-10-13 20:27 - 00000000 ____D C:\Users\Meinname Muehsam\Documents\Sohn2
2013-10-30 21:21 - 2009-05-29 10:55 - 00000000 ____D C:\Users\Meinname Muehsam\Documents\Sohn3
2013-10-30 17:39 - 2011-12-17 22:49 - 00000000 ____D C:\Users\Meinname Muehsam\Documents\Stellen Meinname
2013-10-17 20:16 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-17 12:47 - 2010-08-07 20:13 - 00000000 ___RD C:\Program Files\Skype
2013-10-17 12:47 - 2008-04-14 19:38 - 00000000 ____D C:\ProgramData\Skype
2013-10-12 15:27 - 2006-11-02 13:47 - 00379288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 15:16 - 2009-10-11 15:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
Some content of TEMP:
====================
C:\Users\Meinname Muehsam\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-11 19:23
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Meinname Muehsam at 2013-11-11 19:26:18
Running from C:\Users\Meinname Muehsam\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader 8.1.4 - Deutsch (Version: 8.1.4)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.7.0.62)
Bing Bar (Version: 7.0.850.0)
Bonjour (Version: 3.0.0.10)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.6.0.12)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.2.7)
Canon MOV Decoder (Version: 1.1.0.31)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC (Version: 7.3.0.4)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Digital Photo Professional 3.6 (Version: 3.6.0.0)
Canon Utilities MyCamera (Version: 7.1.0.1)
Canon Utilities MyCamera DC (Version: 7.1.0.4)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities ZoomBrowser EX (Version: 6.2.1.31)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.0.9)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ESU for Microsoft Vista (Version: 2.0.3.1)
EuroTalk Talk Now Multi-Language (Version: 1.6.6.1)
Fisc2011 (Version: 1.0.0.0)
Fisc2012 (Version: 1.0.0.0)
Google Chrome (Version: 30.0.1599.101)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.21.165)
Hewlett-Packard Active Check (Version: 1.1.7.0)
Hewlett-Packard Asset Agent (Version: 2.0.58.0)
HP Active Support Library (Version: 2.0.9.1)
HP Active Support Library 32 bit components (Version: 1.0.9)
HP Customer Experience Enhancements (Version: 5.1.0.2278)
HP Doc Viewer (Version: 1.01.0005)
HP Easy Setup - Frontend (Version: 5.1.0.2279)
HP Help and Support (Version: 1.1.0)
HP Integrated Module with Bluetooth wireless technology (Version: 6.0.1.3700)
HP Photosmart Essential 2.0 (Version: 2.0)
HP Photosmart Essential2.5 (Version: 1.00.0000)
HP Quick Launch Buttons 6.20 B1 (Version: 6.20 B1)
HP QuickPlay 3.2
HP Update (Version: 4.000.011.006)
HP User Guides 0056 (Version: 1.02.0000)
HP Wireless Assistant (Version: 3.00 F1)
Intel Matrix Storage Manager
iTunes (Version: 11.0.4.4)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 33 (Version: 6.0.330)
Java(TM) SE Runtime Environment 6 (Version: 1.6.0.0)
Junk Mail filter update (Version: 14.0.8117.416)
LG USB Modem driver (Version: 1.0)
LG_Mobile Sync (Version: 1.00.0000)
LightScribe 1.4.136.1 (Version: 1.4.136.1)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Works (Version: 08.05.0822)
Motorola SM56 Data Fax Modem
Mozilla Firefox 7.0.1 (x86 de) (Version: 7.0.1)
MSCU for Microsoft Vista (Version: 1.0.1.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton Bootable Recovery Tool Wizard (Version: 5.1.0.26)
Norton Internet Security (Version: 20.4.0.40)
NVIDIA Drivers (Version: 1.10)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PDFCreator (Version: 0.9.6)
Private Tax 2009 (Version: 1.0.3.530)
Private Tax 2010 (Version: 1.1.2.583)
Private Tax 2011 1.5 (Version: 1.5)
Private Tax 2012 2.5 (Version: 2.5)
PSSWCORE (Version: 2.00.5000)
PVSonyDll (Version: 1.00.0001)
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
Realtek High Definition Audio Driver (Version: 6.0.1.5384)
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.4.0)
Roxio Creator Basic v9 (Version: 3.4.0)
Roxio Creator Copy (Version: 3.4.0)
Roxio Creator Data (Version: 3.4.0)
Roxio Creator EasyArchive (Version: 3.4.0)
Roxio Creator Tools (Version: 3.4.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.0.551)
Skype Click to Call (Version: 6.3.11079)
Skype™ 6.9 (Version: 6.9.106)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
steuern.lu.2009 nP 5.0.1
Stöck Wyys Stich Platinum
Synaptics Pointing Device Driver (Version: 9.1.11.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
VeriSoft Access Manager (Version: 2.1.2.880.15)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
==================== Restore Points =========================
27-08-2013 19:50:30 Windows Update
12-09-2013 18:45:24 Windows Update
12-09-2013 20:06:52 Windows Update
11-10-2013 20:35:40 Windows Update
30-10-2013 22:53:34 Geplanter Prüfpunkt
09-11-2013 12:55:02 Geplanter Prüfpunkt
10-11-2013 16:43:48 Malwarebytes Anti-Rootkit Restore Point
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0EF16A4A-C90F-44F4-BED8-7AD1A903126E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {22D0D2BA-43A7-4813-9430-56C6060518E8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2323883502-2741049629-4279754682-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {312C2AFE-9BE7-4356-8539-DAB3A54B7CFC} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12] (Hewlett-Packard)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {47DA73BD-2510-4692-8E8F-7D3D65483DDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-04] (Google Inc.)
Task: {4B6002D6-A81C-4FBD-B23B-07E758BA1C39} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {5498778F-0E2B-4E56-9907-5A08D1D578AA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2323883502-2741049629-4279754682-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {6DC7819E-DF53-4F1B-AF6F-14F68211C2EC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {82540800-BCF7-4F2B-82B7-85D35A8B4E3E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2323883502-2741049629-4279754682-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {85B49C33-1988-463C-B41C-3D2E0A5F9F3D} - System32\Tasks\Microsoft\Office Genuine Advantage\OGALogon => C:\Windows\System32\OGAEXEC.exe [2009-08-03] ()
Task: {9D47F6AD-0BBF-4CC0-ABCF-7AAAE5450313} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {9D8A8D76-A9BF-476D-8BE7-BD246611C3F4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2323883502-2741049629-4279754682-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9EB53168-E955-4B99-AC58-1E1D09CBCED7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {B07AD0BF-C224-4421-BF50-95A967C1D005} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Meinname Muehsam => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {D4977322-A9CF-4E4D-80C2-C012873FBF9F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {DF992804-C745-44E0-9959-1FDEFAF7FC2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-04] (Google Inc.)
Task: {E16B751D-E4C1-4F67-8E9E-1DA4A8521D6D} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-03] (Symantec Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-07-21 20:42 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2006-10-09 21:43 - 2006-10-09 21:43 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56fra.dll
2006-10-09 21:43 - 2006-10-09 21:43 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56brz.dll
2006-10-09 21:43 - 2006-10-09 21:43 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56chs.dll
2006-10-09 21:43 - 2006-10-09 21:43 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56cht.dll
2006-10-09 21:43 - 2006-10-09 21:43 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56ger.dll
2006-10-09 21:43 - 2006-10-09 21:43 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56ita.dll
2006-10-09 21:43 - 2006-10-09 21:43 - 00057344 _____ () C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll
2006-10-09 21:43 - 2006-10-09 21:43 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56esp.dll
2006-10-09 21:43 - 2006-10-09 21:43 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56kor.dll
2006-10-09 21:43 - 2006-10-09 21:43 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll
2007-06-28 07:34 - 2007-04-24 02:11 - 00114787 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2007-06-28 07:34 - 2007-04-24 02:11 - 00032768 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2007-06-28 07:34 - 2007-04-24 02:11 - 00237673 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2007-06-28 07:34 - 2007-04-24 02:11 - 00339968 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-12-20 12:00 - 2006-12-20 12:00 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL
2006-12-20 12:18 - 2006-12-20 12:18 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2007-06-28 07:33 - 2007-04-24 02:10 - 00061440 _____ () C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-11-11 19:25:37.721
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-11 19:25:37.449
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-11 19:25:37.184
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-11 19:25:36.882
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-11 19:25:36.576
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-11 19:25:36.274
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-11 19:25:35.973
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-11 19:25:35.668
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-10 18:01:41.965
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\SMR322\Archive\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-10 18:01:41.667
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\SMR322\Archive\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 2045.68 MB
Available physical RAM: 991.45 MB
Total Pagefile: 4328.39 MB
Available Pagefile: 3152.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.5 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:141.62 GB) (Free:60.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:149.05 GB) (Free:148.58 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:7.43 GB) (Free:2.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: F0CFFAAE)
Partition 1: (Active) - (Size=142 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: FA2A057A)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
11.11.2013, 23:04
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fedpol Trojaner Kobik CH-Edition Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.11.2013, 07:06
| #13 |
| | Fedpol Trojaner Kobik CH-Edition Vielen Dank für den super Support. Hier mal der Log des Quick Scans MBAM Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.12.13 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Meinname Muehsam :: xxxxx [Administrator] 12.11.2013 20:51:13 mbam-log-2013-11-12 (20-51-13).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 217130 Laufzeit: 13 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Und hier noch der ESET Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3edb8353545cd24593927fa75beb53d5
# engine=15859
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-12 10:32:59
# local_time=2013-11-12 11:32:59 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3591 16777213 100 93 1242003 146920963 0 0
# compatibility_mode=5892 16776574 100 100 96002512 221828307 0 0
# scanned=199637
# found=3
# cleaned=0
# scan_time=8076
sh=66E79AC233B7FF731821E7BC3DA588546D2C4EC9 ft=1 fh=041b15b76eaff434 vn="Win32/Reveton.V trojan" ac=I fn="C:\FRST\Quarantine\4qdordfl.dss"
sh=66E79AC233B7FF731821E7BC3DA588546D2C4EC9 ft=1 fh=041b15b76eaff434 vn="Win32/Reveton.V trojan" ac=I fn="C:\FRST\Quarantine\~tmf2920084987192213550.dll"
sh=C83B5C22374E372AD036B0233965AAA0AC6B6FCA ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\Meinname Muehsam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZSJ5LF40\show_ads[1].htm"
|
|
13.11.2013, 10:15
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fedpol Trojaner Kobik CH-Edition Nur Fund ein der Q und in TEMP Bitte TFC ausführen: TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.11.2013, 19:34
| #15 |
| | Fedpol Trojaner Kobik CH-Edition Ich habe nun den TFC ausgeführt. Was mir auffällt seit dem MBAM / ESET Schritt, dass der Notebook lange zum Aufstarten braucht. Der Windows Willkommensbildschirm kommt in etwa zu ordentlicher Zeit. Doch danach bleibt der Notebook mehr als eine Minute schwarz bis der Desktop erscheint. Eine weitere Frage, in der Q von FRST sind ja jetzt zwei infizierte Dateien. Wenn ich das FRST lösche, löscht es die Viren dann auch richtig weg? Vielen Dank nochmals für deine tollen Bemühungen. |
|
| Themen zu Fedpol Trojaner Kobik CH-Edition |
| adobe, association, bildschirm, defender, desktop, downloader, explorer, farbar, farbar recovery scan tool, fedpol, gesperrt, google, home, launch, netzwerkerkennung, realtek, registry, security, services.exe, software, svchost.exe, symantec, system, temp, trojan.ransom.ed, trojaner, windows, windows xp, winlogon.exe |
Linear-Darstellung
