Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.
Gvu trojaner winXP, blockiert den abgesicherten Modus
Hallo Zusammen, habe mir auf meinem alten WinXP den Bundestrojaner eingefangen und brauch Eure Hilfe.
Frst.exe geladen und im Abgesicherten mit Eingabeaufforderung gescant.
Hier das Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2014
Ran by CHEF (administrator) on ACER-1547BE99DA on 01-12-2014 17:14:10
Running from G:\
Loaded Profile: CHEF (Available profiles: CHEF & Diagnose & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-04] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [ATIPTA] => C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005-02-08] (ATI Technologies, Inc.)
HKLM\...\Run: [EPM-DM] => c:\acer\epm\epm-dm.exe [188416 2005-03-28] (Acer Inc)
HKLM\...\Run: [ePowerManagement] => C:\Acer\ePM\ePM.exe [2880512 2005-03-24] (Acer Value Labs, Taiwan)
HKLM\...\Run: [avgnt] => C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [266497 2008-07-20] (Avira GmbH)
HKLM\...\Run: [ControlCenter4] => C:\Programme\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Programme\QuickTime\qttask.exe [98304 2005-03-31] (Apple Computer, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Programme\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-14] (Client Connect LTD)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OnlineControl.lnk
ShortcutTarget: OnlineControl.lnk -> C:\Programme\OnlineControl\ocontrol.exe (T-Com Bereich Endgeräte)
Startup: C:\Dokumente und Einstellungen\CHEF\Startmenü\Programme\Autostart\n3bf9s.lnk
ShortcutTarget: n3bf9s.lnk -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2992199F9A\s9fb3n.cpp (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1728177984-2154991892-3872936928-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.ividi.org/?src=tbhp&id=320d180e0000000000000012f06429a7&affilt=3
HKU\S-1-5-21-1728177984-2154991892-3872936928-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://search.ividi.org/?q={searchTerms}&src=tbnt&id=320d180e0000000000000012f06429a7&affilt=3" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> DefaultScope {6D52A2AC-E163-4A6A-8AF8-D9176D024C8C} URL = hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=320d180e0000000000000012f06429a7&affilt=3&r=937
SearchScopes: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> {52228A04-1034-4E9B-A1F2-3D25D68D0CFF} URL = hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=320d180e0000000000000012f06429a7&affilt=3&r=937
SearchScopes: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> {6D52A2AC-E163-4A6A-8AF8-D9176D024C8C} URL = hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=320d180e0000000000000012f06429a7&affilt=3&r=937
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Programme\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {37B85A29-692B-4205-9CAD-2626E4993404} - No File
Toolbar: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> No Name - {37B85A29-692B-4205-9CAD-2626E4993404} - No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - No File
Hosts: Hosts file not detected in the default directory
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default
FF DefaultSearchEngine: BrowseToolE0191 Customized Web Search
FF SelectedSearchEngine: BrowseToolE0191 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?UM=1&ctid=CT2319825&SearchSource=13&CUI=UN06480264561526106
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&octid=CT2319825&CUI=UN06480264561526106&UM=1&SearchSource=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=0.7.1 -> "C:\Programme\VideoLAN\VLC\mozilla\npvlc.dll" No File
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npclntax.dll ()
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\NPMyGlSh.dll (My Global Search)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\ividi.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\browsetoole0191-customized-web-search.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\fcmdSrchFxt.xml
FF Extension: Google Toolbar for Firefox - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-06-11]
FF Extension: ST-de3 - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2014-04-23]
FF Extension: BBB002 - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} [2014-04-23]
FF Extension: DVDVideoSoftTB - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2014-04-23]
FF Extension: BrowseToolE0191 - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2014-04-23]
FF Extension: hosts - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com [2013-11-11]
FF Extension: preisspion.de - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\finder@meingutscheincode.de.xpi [2011-08-27]
FF Extension: User Agent Switcher - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012-08-05]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2014-02-18]
FF Extension: Google Toolbar for Firefox - C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2006-06-13]
FF HKLM\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\WINDOWS\system32\5024
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-18]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programme\Java\jre6\lib\deploy\jqs\ff [2014-02-18]
FF HKU\S-1-5-21-1728177984-2154991892-3872936928-1005\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\WINDOWS\system32\5024
Chrome:
=======
CHR Profile: C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default
CHR Extension: (iVidi Chrome Toolbar) - C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef [2013-09-16]
CHR HKLM\...\Chrome\Extension: [kpdhgpkkloealnjnmepfhanpcleldbef] - C:\Programme\Unitech LLC\ividi\1.8.23.0\ividi.crx [2013-07-25]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 anbmService; C:\Acer\eManager\anbmServ.exe [1287168 2004-08-16] (OSA Technologies Inc.) [File not signed]
S2 AntiVirScheduler; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [68865 2008-10-23] (Avira GmbH) [File not signed]
S2 AntiVirService; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-10-23] (Avira GmbH) [File not signed]
S2 AOL ACS; C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe [1135728 2004-04-08] (America Online, Inc.)
S2 CltMngSvc; C:\Programme\SearchProtect\Main\bin\CltMngSvc.exe [2496832 2014-05-14] (Client Connect LTD)
S2 EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [86016 2004-10-15] (Intel Corporation) [File not signed]
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-01-06] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-01-06] (Google Inc.)
S2 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194104 2011-10-06] (Google)
S2 JavaQuickStarterService; C:\Programme\Java\jre6\bin\jqs.exe [153376 2014-02-18] (Sun Microsystems, Inc.)
S2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-11-18] (Mozilla Foundation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation) [File not signed]
S2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75064 2009-11-17] ()
S2 RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [139264 2004-10-15] (Intel Corporation) [File not signed]
S2 S24EventMonitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [360521 2004-10-15] (Intel Corporation ) [File not signed]
S3 BrYNSvc; "C:\Programme\Browny02\BrYNSvc.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17119 2005-08-24] (Meetinghouse Data Communications) [File not signed]
S3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [449888 2005-01-10] (Atheros Communications, Inc.)
S3 ASPI; C:\WINDOWS\System32\DRIVERS\ASPI32.sys [16512 2002-07-17] (Adaptec) [File not signed]
S1 avgio; C:\Programme\AntiVir PersonalEdition Classic\avgio.sys [11608 2009-05-27] (Avira GmbH)
S3 avgntflt; C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys [52056 2009-05-27] (Avira GmbH)
S1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [75096 2009-05-27] (Avira GmbH)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CAMCAUD; C:\WINDOWS\System32\drivers\camcaud.sys [34048 2004-06-24] (Conexant Systems Inc.)
S3 CAMCHALA; C:\WINDOWS\System32\drivers\camchal.sys [276480 2004-06-24] (Conexant Systems Inc.)
S2 EpmPsd; C:\WINDOWS\system32\drivers\epm-psd.sys [4096 2004-07-19] (Acer Value Labs, USA) [File not signed]
S2 EpmShd; C:\WINDOWS\system32\drivers\epm-shd.sys [78208 2005-03-24] (Acer Value Labs, USA) [File not signed]
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [24177 2004-02-04] (FTDI Ltd.) [File not signed]
S3 FTSER2K; C:\WINDOWS\System32\drivers\ftser2k.sys [57372 2004-02-04] (FTDI Ltd.) [File not signed]
S3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [207616 2005-01-24] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1038208 2005-01-24] (Conexant Systems, Inc.)
S3 int15.sys; C:\Programme\acer\eRecovery\int15.sys [69632 2005-01-13] () [File not signed]
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MMRTKRNL; C:\WINDOWS\System32\drivers\mmrtkrnl.sys [94624 2008-12-02] (AlcaTech) [File not signed]
S3 MSIRCOMM; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [22016 2008-04-13] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [30336 2003-04-04] (Politecnico di Torino) [File not signed]
R3 NTIDrvr; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [6144 2005-03-31] (NewTech Infosystems, Inc.) [File not signed]
S1 oreans32; C:\WINDOWS\system32\drivers\oreans32.sys [33824 2006-11-02] () [File not signed]
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-12-05] (Padus, Inc.) [File not signed]
S3 PVUSB; C:\WINDOWS\System32\DRIVERS\CESG502.sys [40672 2002-06-12] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [File not signed]
S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
U3 rpcapd; No ImagePath
S2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11354 2004-10-15] (Intel Corporation) [File not signed]
S3 Ser2pl; C:\WINDOWS\System32\DRIVERS\ser2pl.sys [119424 2009-08-25] (Prolific Technology Inc.) [File not signed]
S3 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [21248 2008-04-21] (AVIRA GmbH) [File not signed]
S3 SymEvent; C:\Programme\Symantec\SYMEVENT.SYS [124016 2006-09-15] (Symantec Corporation)
R1 UBHelper; C:\WINDOWS\system32\Drivers\UBHelper.sys [13952 2004-12-17] () [File not signed]
S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [3222784 2004-10-29] (Intel® Corporation)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 cpuz132; \??\C:\DOKUME~1\CHEF\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
S3 ZOOM_R16MTR; system32\Drivers\zmr16usbaudio.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-01 17:13 - 2014-12-01 17:13 - 00000000 ____D () C:\FRST
2014-12-01 16:07 - 2014-12-01 16:07 - 00000000 ____H () C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Anwendungsdaten\BIT3.tmp
2014-12-01 16:06 - 2014-12-01 16:07 - 00000000 _____ () C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Anwendungsdaten\{87120A47-F718-42B8-A91A-CDDE02652B6B}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-01 16:17 - 2014-04-23 00:56 - 00007733 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-01 16:17 - 2012-10-10 18:36 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2014-12-01 16:17 - 2012-10-10 18:36 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-01 16:17 - 2005-03-31 01:54 - 00032640 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-01 16:17 - 2005-03-31 01:54 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-01 16:06 - 2005-03-31 01:33 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-01 16:02 - 2014-08-04 16:42 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfaff240d02ec8.job
2014-12-01 16:01 - 2005-03-31 01:40 - 00187408 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\atl.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\wmaudio.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\wmf9.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\wmpcdcs8.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\unwise.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\Quarantine.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\UEeN.dll
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\3R6v.dll
C:\Dokumente und Einstellungen\Diagnose\Lokale Einstellungen\Temp\nsz20.exe
C:\Dokumente und Einstellungen\Diagnose\Lokale Einstellungen\Temp\nss23.exe
C:\Dokumente und Einstellungen\Diagnose\Lokale Einstellungen\Temp\nst28.exe
C:\Dokumente und Einstellungen\Diagnose\Lokale Einstellungen\Temp\nsr2B.exe
C:\Dokumente und Einstellungen\Diagnose\Lokale Einstellungen\Temp\dskinengine.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Themen zu Gvu trojaner winXP, blockiert den abgesicherten Modus
Zum Thema Gvu trojaner winXP, blockiert den abgesicherten Modus - Hallo Zusammen, habe mir auf meinem alten WinXP den Bundestrojaner eingefangen und brauch Eure Hilfe.
Frst.exe geladen und im Abgesicherten mit Eingabeaufforderung gescant.
Hier das Logfile:
Code:
Alles auswählen Aufklappen - Gvu trojaner winXP, blockiert den abgesicherten Modus...
01.12.2014, 17:22
Baum-Darstellung