![]() |
|
Plagegeister aller Art und deren Bekämpfung: Laptop verpilztWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #16 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Laptop verpilzt das frische FRST log fehlt noch ![]()
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
![]() | #17 |
![]() ![]() | ![]() Laptop verpilzt Hallo Schrauber,
__________________bin leider beruflich sehr am rumhetzen und komme nicht regelmäßig zu den eigenen Sahen aber hier der frische FRST Log nach dem Fix run - ich hoffe das hatte ich richtig verstanden Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2015 Ran by Dagobert at 2015-02-01 17:47:21 Run:2 Running from C:\Users\Dagobert\Desktop Loaded Profiles: Dagobert (Available profiles: Dagobert) Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-3480060575-1528594488-178791877-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION Emptytemp: ***************** "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKU\S-1-5-21-3480060575-1528594488-178791877-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. EmptyTemp: => Removed 714.2 MB temporary data. The system needed a reboot. ==== End of Fixlog 17:50:28 ==== |
![]() | #18 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Laptop verpilzt Das ist das Fixlog, ich hätte gerne nen frisches Scanlog mit FRST
__________________![]()
__________________ |
![]() | #19 |
![]() ![]() | ![]() Laptop verpilzt Hallo Schrauber, ists das? FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015 Ran by Dagobert (administrator) on DAGOBERT-PC on 01-02-2015 22:56:09 Running from C:\Users\Dagobert\Desktop Loaded Profiles: Dagobert (Available profiles: Dagobert) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2008-01-24] (Synaptics, Inc.) HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [518656 2008-02-25] (Egis Incorporated) HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-10-10] (CyberLink) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-11-22] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2008-01-24] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-01-24] (Realtek Semiconductor Corp.) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [707080 2008-01-02] (Dritek System Inc.) HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [200704 2008-01-22] (CyberLink Corp.) HKLM\...\Run: [PLFSet] => rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5082488 2009-09-12] (Acronis) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [357800 2009-09-12] (Acronis) HKLM\...\Run: [UIExec] => C:\Program Files\1&1 Surf-Stick\UIExec.exe [139088 2010-09-30] () HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION) HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION) HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-3480060575-1528594488-178791877-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3480060575-1528594488-178791877-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE () Startup: C:\Users\Dagobert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Dagobert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe () ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3480060575-1528594488-178791877-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3480060575-1528594488-178791877-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-3480060575-1528594488-178791877-1000 -> DefaultScope {186703CC-8476-4BB5-95DE-666833FA8BD6} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3480060575-1528594488-178791877-1000 -> {186703CC-8476-4BB5-95DE-666833FA8BD6} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3480060575-1528594488-178791877-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/gallery/components/axts5we.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\wbs9dap2.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\blekko-ssl.xml FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml FF Extension: HTTPS-Everywhere - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2014-03-23] FF Extension: Cookie Monster - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2014-03-23] FF Extension: DownloadHelper - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-23] FF Extension: JonDoFox - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2014-03-19] FF Extension: NoScript - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-19] FF Extension: Adblock Plus - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-19] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-05-21] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://google.com/ CHR Profile: C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21] CHR Extension: (Google Drive) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-21] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04] CHR Extension: (YouTube) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18] CHR Extension: (Google-Suche) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18] CHR Extension: (Security Plus) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkcmflbdogcbjahoblehnlonjedkmoh [2014-12-29] CHR Extension: (Avira Browserschutz) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-06] CHR Extension: (Ghostery) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-03-04] CHR Extension: (Google Wallet) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30] CHR Extension: (Google Mail) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660936 2009-09-12] (Acronis) S2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2010-07-04] (Acronis) S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [491008 2008-02-25] (Egis Incorporated) [File not signed] S2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed] S2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed] S4 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [547968 2012-06-14] (SEIKO EPSON CORPORATION) S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed] S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed] S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed] S4 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed] S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-12-04] () [File not signed] S2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) S2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-17] (Malwarebytes Corporation) R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-25] (NewTech Infosystems, Inc.) [File not signed] S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] () R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2010-07-04] (Acronis) R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-03-11] (TeamViewer GmbH) S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2008-01-24] (Winbond Electronics Corporation) S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [80744 2006-09-19] (Wasay) S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 Bulk3052i; System32\Drivers\Bulk3052.sys [X] S3 catchme; \??\C:\Users\Dagobert\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 pmem; \??\C:\Users\Dagobert\AppData\Local\Temp\_MEI11282\drivers\winpmem32.sys [X] S2 pmp3052v; System32\Drivers\pmp3052v.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-25 21:56 - 2015-01-25 21:56 - 00852504 _____ () C:\Users\Dagobert\Desktop\SecurityCheck.exe 2015-01-25 17:25 - 2015-01-25 17:25 - 02347384 _____ (ESET) C:\Users\Dagobert\Desktop\esetsmartinstaller_deu (1).exe 2015-01-25 17:19 - 2015-02-01 17:47 - 00000000 ____D () C:\Users\Dagobert\Desktop\FRST-OlderVersion 2015-01-23 00:26 - 2015-01-23 00:27 - 00010074 _____ () C:\Users\Dagobert\22012015.ods 2015-01-19 21:20 - 2015-02-01 17:47 - 01122304 _____ (Farbar) C:\Users\Dagobert\Desktop\FRST.exe 2015-01-17 18:18 - 2015-01-17 18:18 - 00000983 _____ () C:\Users\Dagobert\Desktop\JRT.txt 2015-01-17 18:14 - 2015-01-17 18:14 - 00000000 ____D () C:\Windows\ERUNT 2015-01-17 18:10 - 2015-01-17 18:12 - 01707939 _____ (Thisisu) C:\Users\Dagobert\Desktop\JRT.exe 2015-01-17 17:52 - 2015-01-17 17:55 - 00000000 ____D () C:\AdwCleaner 2015-01-17 17:51 - 2015-01-17 17:51 - 02186752 _____ () C:\Users\Dagobert\Desktop\AdwCleaner_4.108.exe 2015-01-17 15:21 - 2015-01-17 17:42 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-17 15:21 - 2015-01-17 15:21 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-17 15:21 - 2015-01-17 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-17 15:21 - 2015-01-17 15:21 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-01-17 15:21 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-17 15:21 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-17 15:21 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-17 14:14 - 2015-01-17 14:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Dagobert\Desktop\mbam-setup-2.0.4.1028.exe 2015-01-16 20:37 - 2015-01-16 20:37 - 00010805 _____ () C:\ComboFix.txt 2015-01-16 16:43 - 2015-01-16 18:33 - 00000000 ____D () C:\OETemp 2015-01-16 16:29 - 2015-01-16 16:29 - 05609736 ____R (Swearware) C:\Users\Dagobert\Downloads\ComboFix.exe 2015-01-15 21:27 - 2015-01-15 21:27 - 05609736 ____R (Swearware) C:\Users\Dagobert\Desktop\ComboFix.exe 2015-01-15 13:19 - 2015-01-15 13:19 - 00000000 ____D () C:\Users\Dagobert\AppData\Local\HomeMedia 2015-01-15 13:19 - 2015-01-15 13:19 - 00000000 ____D () C:\Users\Dagobert\AppData\Local\CyberLink 2015-01-13 20:25 - 2015-01-13 20:25 - 00000013 _____ () C:\Users\Dagobert\Desktop\Michael\Documents\o2 Telefonnummer.txt 2015-01-13 20:23 - 2008-01-24 03:25 - 00192512 _____ (Intel Corporation) C:\Windows\system32\igfxres.dll 2015-01-13 14:03 - 2015-01-13 15:46 - 00000000 ____D () C:\Users\Dagobert\Desktop\mbar 2015-01-13 14:02 - 2015-01-13 14:03 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Dagobert\Downloads\mbar-1.08.2.1001.exe 2015-01-12 20:03 - 2015-01-12 20:03 - 00000000 ____D () C:\Dagobert 2015-01-12 17:30 - 2015-01-12 17:31 - 00033279 _____ () C:\Users\Dagobert\Desktop\Addition.txt 2015-01-12 17:29 - 2015-02-01 22:56 - 00000000 ____D () C:\FRST 2015-01-12 17:29 - 2015-02-01 22:56 - 00000000 _____ () C:\Users\Dagobert\Desktop\FRST.txt 2015-01-11 13:58 - 2015-01-11 15:55 - 00000000 ____D () C:\EEK 2015-01-11 11:47 - 2015-01-11 11:54 - 00002303 _____ () C:\rapport.txt 2015-01-10 21:07 - 2015-01-10 21:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox(29) ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-01 22:51 - 2013-03-23 13:31 - 03783728 _____ () C:\Windows\PFRO.log 2015-02-01 22:42 - 2010-05-22 23:22 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\Skype 2015-02-01 21:54 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-01 21:54 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-01 21:49 - 2014-02-21 18:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-01 21:48 - 2014-07-16 12:30 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-01 21:43 - 2011-03-10 19:59 - 00000000 ___RD () C:\Users\Dagobert\Desktop\Michael 2015-02-01 19:48 - 2014-07-16 12:30 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-01 19:37 - 2013-03-23 10:27 - 01501457 _____ () C:\Windows\WindowsUpdate.log 2015-02-01 17:54 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-01 17:53 - 2006-11-02 14:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-27 12:00 - 2014-07-16 12:32 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-25 00:49 - 2013-02-26 21:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-25 00:49 - 2013-02-26 21:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-23 00:27 - 2010-04-03 14:56 - 00000000 ____D () C:\Users\Dagobert 2015-01-18 22:14 - 2013-03-23 04:22 - 00000680 _____ () C:\Users\Dagobert\AppData\Local\d3d9caps.dat 2015-01-18 20:18 - 2012-08-01 15:40 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\Jitsi 2015-01-16 20:37 - 2013-04-08 14:36 - 00000000 ____D () C:\Qoobox 2015-01-16 20:34 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini 2015-01-16 18:36 - 2012-07-11 10:59 - 00000000 ____D () C:\ProgramData\Avira 2015-01-15 21:22 - 2013-04-04 23:35 - 00000000 ____D () C:\Program Files\Virusbefall Helpkit 2015-01-13 15:46 - 2014-07-20 13:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-13 02:21 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2015-01-13 02:20 - 2006-11-02 11:22 - 47448064 _____ () C:\Windows\system32\config\software_previous 2015-01-13 02:20 - 2006-11-02 11:22 - 30932992 _____ () C:\Windows\system32\config\components_previous 2015-01-13 02:20 - 2006-11-02 11:22 - 19398656 _____ () C:\Windows\system32\config\system_previous 2015-01-13 02:20 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous 2015-01-13 02:20 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2015-01-13 02:20 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2015-01-13 02:19 - 2014-07-20 13:18 - 00000000 ____D () C:\Users\Dagobert\Mbam Anti Rootkit 2015-01-13 02:19 - 2014-07-16 14:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-13 02:19 - 2014-03-23 14:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-13 02:19 - 2012-06-26 21:17 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\vlc 2015-01-13 02:19 - 2011-10-19 17:31 - 00000000 ____D () C:\Program Files\1&1 Surf-Stick 2015-01-13 02:19 - 2010-04-03 15:20 - 00000000 ____D () C:\Users\Dagobert\AppData\Local\PlayMovie 2015-01-13 02:19 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool 2015-01-11 13:17 - 2010-06-19 23:45 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\VSO 2015-01-11 06:17 - 2012-08-23 23:08 - 00482089 _____ () C:\Users\Dagobert\AppData\Local\census.cache 2015-01-11 06:17 - 2012-08-23 23:07 - 00233766 _____ () C:\Users\Dagobert\AppData\Local\ars.cache ==================== Files in the root of some directories ======= 2012-05-08 13:15 - 2012-05-08 13:15 - 0000005 _____ () C:\Program Files\basis-link 2012-08-13 10:08 - 2012-08-13 10:08 - 0014217 _____ () C:\Program Files\readme.html 2012-08-13 10:08 - 2012-08-13 10:08 - 0013944 _____ () C:\Program Files\readme.txt 2010-04-03 23:00 - 2014-08-25 13:49 - 0002596 _____ () C:\Users\Dagobert\AppData\Roaming\wklnhst.dat 2012-08-23 23:07 - 2015-01-11 06:17 - 0233766 _____ () C:\Users\Dagobert\AppData\Local\ars.cache 2012-08-23 23:08 - 2015-01-11 06:17 - 0482089 _____ () C:\Users\Dagobert\AppData\Local\census.cache 2013-03-23 04:22 - 2015-01-18 22:14 - 0000680 _____ () C:\Users\Dagobert\AppData\Local\d3d9caps.dat 2012-02-04 21:19 - 2014-03-13 17:51 - 0005120 _____ () C:\Users\Dagobert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-07-10 15:59 - 2011-07-10 15:59 - 0000036 _____ () C:\Users\Dagobert\AppData\Local\housecall.guid.cache 2010-05-22 23:33 - 2010-05-22 23:33 - 0000056 ____H () C:\ProgramData\ezsidmv.dat Some content of TEMP: ==================== C:\Users\Dagobert\AppData\Local\temp\RtkBtMnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-01 18:00 ==================== End Of Log ============================ Leider war der Computer wieder das Internate ausgeschaltet, eingefroren und beim Hardstart ist er nicht mehr hochgefahren sondern die Platte war nach etwas rödeln still und es zeigte sich ein Black screen. Ich habe es dann im abgesicherten Modus nach zwei Anläufen geschafft. Oh Mann Liebe Grüße Mischa |
![]() | #20 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Laptop verpilzt Sichere erstmal deine Daten, ich glaub die Hardware hat nen Schuss. Lege bitte mal einen neuen Benutzer mit Adminrechten an, boote in diesen. Dort auch schwarzer bildschirm? Java, Adobe und Firefox updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Dagobert\Desktop\Michael\wz185gev-32.msi Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
![]() |
Themen zu Laptop verpilzt |
abgesicherten, adresse, angeblich, befall, curser, dateien, einzelne, gelaufen, gelöscht, java, langsam, laptop, löschen, malwarebytes, min, modus, netzwerk, neues, nicht mehr, nichts, quarantäne, spam, tool, total, virus, virus total |