|
Plagegeister aller Art und deren Bekämpfung: Provider meldet VirusbefallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.01.2015, 13:14 | #16 |
| Provider meldet VirusbefallCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=2c7703b6d1e41e4785656fa64e2d25a3 # engine=22130 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-01-24 09:20:00 # local_time=2015-01-24 10:20:00 (+0100, Westeuropäische Normalzeit) # country="Germany" # lang=1031 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 21664 287557690 0 0 # scanned=82483 # found=1 # cleaned=0 # scan_time=4699 sh=F9C7CB5AA0481B09BA09DDF9A578CE4C105125E5 ft=1 fh=aefe8993c44303dd vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Beul\Eigene Dateien\CyberLink\Download\Nero-8.1.1.0b_deu_trial.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.93 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Avira Free Antivirus Avira eTrust Registration Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 7 Update 7 Java version 32-bit out of Date! Adobe Reader 7 Adobe Reader out of Date! Mozilla Firefox (2.0.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01 Ran by Beul (administrator) on COMPUTERNAME on 25-01-2015 13:12:19 Running from C:\Dokumente und Einstellungen\Beul\Desktop Loaded Profiles: Beul (Available profiles: Beul & Administrator) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe (Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Apple Computer, Inc.) C:\Programme\QuickTime\qttask.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [PPort11reminder] => C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM\...\Run: [avgnt] => C:\Programme\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-08] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [QuickTime Task] => C:\Programme\QuickTime\qttask.exe [155648 2006-05-16] (Apple Computer, Inc.) HKLM\...\Run: [Avira Systray] => C:\Programme\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-3143356383-4098776177-3215239415-1006\...\Run: [swg] => C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-06-18] (Google Inc.) Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Programme\WISO\Steuersoftware 2014\mshaktuell.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3143356383-4098776177-3215239415-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3143356383-4098776177-3215239415-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/ HKU\S-1-5-21-3143356383-4098776177-3215239415-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3143356383-4098776177-3215239415-1006\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3143356383-4098776177-3215239415-1006 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} SearchScopes: HKU\S-1-5-21-3143356383-4098776177-3215239415-1006 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms} SearchScopes: HKU\S-1-5-21-3143356383-4098776177-3215239415-1006 -> {E08477E0-DA8D-4FF1-9073-A176A0A55DFB} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Programme\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-3143356383-4098776177-3215239415-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} hxxp://sat1.king.de/ctl/kingcomie.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120030355312 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122285756359 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.178.40:180/codebase/DVM_IPCam2.ocx DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\Beul\Anwendungsdaten\Mozilla\Firefox\Profiles\tl2nmkt0.default FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2240 -> C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.2.2298 -> C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1348 -> C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npmidas.dll (Midasplayer Ltd) FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npnul32.dll (mozilla.org) FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom) FF SearchPlugin: C:\Dokumente und Einstellungen\Beul\Anwendungsdaten\Mozilla\Firefox\Profiles\tl2nmkt0.default\searchplugins\siteadvisor.xml FF Extension: Microsoft Choice Guard - C:\Dokumente und Einstellungen\Beul\Anwendungsdaten\Mozilla\Firefox\Profiles\tl2nmkt0.default\Extensions\ChoiceGuard@Microsoft [2009-08-21] FF Extension: Google Toolbar for Firefox - C:\Dokumente und Einstellungen\Beul\Anwendungsdaten\Mozilla\Firefox\Profiles\tl2nmkt0.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-10-31] FF Extension: Talkback - C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2007-11-11] FF Extension: Google Toolbar for Firefox - C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-11-11] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-06-12] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [431920 2015-01-08] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-08] (Avira Operations GmbH & Co. KG) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-05-03] () [File not signed] R2 Avira.OE.ServiceHost; C:\Programme\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S3 BrYNSvc; C:\Programme\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [107912 2015-01-08] (Google Inc.) S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [107912 2015-01-08] (Google Inc.) S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-21] (Google) S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [161768 2012-10-07] (Oracle Corporation) S3 ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed] S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies) R2 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2314560 2005-03-25] (Realtek Semiconductor Corp.) S1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43008 2005-06-28] (Advanced Micro Devices) [File not signed] R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-10-26] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-10-26] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-12-08] (Avira Operations GmbH & Co. KG) S3 CardReaderFilter; C:\WINDOWS\system32\Drivers\USBCRFT.SYS [17408 2012-08-05] (ICSI Technology Ltd.) [File not signed] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation) R3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [42496 2005-03-18] (VIA Technologies, Inc. ) S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36640 2009-12-22] () [File not signed] R2 hwpsgt; C:\WINDOWS\System32\DRIVERS\hwpsgt.sys [137344 2006-04-16] () [File not signed] R2 lemsgt; C:\WINDOWS\System32\DRIVERS\lemsgt.sys [9472 2006-04-16] () [File not signed] S3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 PRISM_A00; C:\WINDOWS\System32\DRIVERS\PRISMA00.sys [380736 2004-01-16] () R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-05-09] (Sonic Solutions) [File not signed] S3 QCMerced; C:\WINDOWS\System32\DRIVERS\LVCM.sys [1317152 2005-05-27] () R1 SSHDRV86; C:\WINDOWS\system32\drivers\SSHDRV86.sys [81408 2006-04-08] () [File not signed] R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 ss_bbus; C:\WINDOWS\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI) S3 ss_bmdfl; C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation) S3 ss_bmdm; C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation) S3 ss_bserd; C:\WINDOWS\System32\DRIVERS\ss_bserd.sys [100224 2009-09-19] (MCCI Corporation) S3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [26912 2007-11-16] (RapidSolution Software AG) R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [60928 2005-06-20] (VIA Technologies inc,.ltd) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S4 IntelIde; No ImagePath S3 NSNDIS5; \??\C:\WINDOWS\system32\NSNDIS5.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 TlntSvr; No ImagePath S3 wanatw; system32\DRIVERS\wanatw4.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-25 13:11 - 2015-01-25 13:11 - 00000901 _____ () C:\Dokumente und Einstellungen\Beul\Desktop\checkup.txt 2015-01-25 13:09 - 2015-01-25 13:09 - 00852504 _____ () C:\Dokumente und Einstellungen\Beul\Desktop\SecurityCheck.exe 2015-01-24 22:36 - 2015-01-24 22:36 - 00000812 _____ () C:\Dokumente und Einstellungen\Beul\Desktop\Verknüpfung mit esetslog.txt.lnk 2015-01-24 20:57 - 2015-01-24 20:57 - 02347384 _____ (ESET) C:\Dokumente und Einstellungen\Beul\Desktop\esetsmartinstaller_deu.exe 2015-01-24 20:57 - 2015-01-24 20:57 - 00000000 ____D () C:\Programme\ESET 2015-01-24 16:59 - 2015-01-24 16:59 - 00027878 _____ () C:\Dokumente und Einstellungen\Beul\Desktop\FRST1.txt 2015-01-24 16:58 - 2015-01-24 16:58 - 00000871 _____ () C:\Dokumente und Einstellungen\Beul\Desktop\JRT1.txt 2015-01-24 16:58 - 2015-01-24 16:58 - 00000000 ____D () C:\Dokumente und Einstellungen\Beul\Desktop\FRST-OlderVersion 2015-01-24 16:57 - 2015-01-24 16:57 - 00000871 _____ () C:\Dokumente und Einstellungen\Beul\Desktop\JRT.txt 2015-01-24 16:53 - 2015-01-24 16:53 - 01707939 _____ (Thisisu) C:\Dokumente und Einstellungen\Beul\Desktop\JRT.exe 2015-01-24 16:53 - 2015-01-24 16:53 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-24 16:50 - 2015-01-24 16:50 - 00005309 _____ () C:\Dokumente und Einstellungen\Beul\Desktop\AdwCleaner[S0].txt 2015-01-24 16:15 - 2015-01-24 16:47 - 00000000 ____D () C:\AdwCleaner 2015-01-24 16:13 - 2015-01-24 16:13 - 02194432 _____ () C:\Dokumente und Einstellungen\Beul\Desktop\AdwCleaner_4.109.exe 2015-01-23 21:56 - 2015-01-23 21:56 - 00001198 _____ () C:\Dokumente und Einstellungen\Beul\Desktop\mbam.txt 2015-01-23 21:21 - 2015-01-23 21:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\Beul\Desktop\mbam-setup-2.0.4.1028.exe 2015-01-23 18:24 - 2015-01-23 18:24 - 00022798 _____ () C:\ComboFix.txt 2015-01-23 18:24 - 2015-01-23 18:24 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp 2015-01-23 18:24 - 2015-01-23 18:24 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp 2015-01-23 18:24 - 2015-01-23 18:24 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen\temp 2015-01-23 18:11 - 2015-01-25 13:12 - 00000000 ____D () C:\Dokumente und Einstellungen\Beul\Lokale Einstellungen\temp 2015-01-23 18:02 - 2015-01-23 18:02 - 00000000 _RSHD () C:\cmdcons 2015-01-23 18:02 - 2013-12-08 19:48 - 00000211 _____ () C:\Boot.bak 2015-01-23 18:02 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr 2015-01-23 17:58 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2015-01-23 17:58 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2015-01-23 17:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2015-01-23 17:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2015-01-23 17:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2015-01-23 17:58 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2015-01-23 17:58 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2015-01-23 17:58 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2015-01-23 17:58 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2015-01-23 17:52 - 2015-01-23 18:24 - 00000000 ____D () C:\Qoobox 2015-01-23 17:52 - 2015-01-23 18:22 - 00000000 ____D () C:\WINDOWS\erdnt 2015-01-23 17:51 - 2015-01-23 17:51 - 05609462 ____R (Swearware) C:\Dokumente und Einstellungen\Beul\Desktop\ComboFix.exe 2015-01-23 15:58 - 2015-01-23 15:58 - 00000000 ____D () C:\Dokumente und Einstellungen\Beul\Desktop\Neuer Ordner 2015-01-23 15:07 - 2015-01-23 15:07 - 04197016 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\Beul\Desktop\tdsskiller.exe 2015-01-23 15:01 - 2015-01-23 15:01 - 00001205 _____ () C:\Dokumente und Einstellungen\Beul\Desktop\Malware-txt.txt 2015-01-23 14:30 - 2015-01-23 14:30 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\16C204E1.sys 2015-01-23 12:45 - 2015-01-23 21:55 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-23 12:42 - 2015-01-23 21:23 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware 2015-01-23 12:42 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-23 12:36 - 2015-01-23 12:36 - 13786977 _____ () C:\Dokumente und Einstellungen\Beul\Desktop\mbar-1.01.0.1021.zip 2015-01-22 18:43 - 2015-01-22 18:44 - 00058747 _____ () C:\Dokumente und Einstellungen\Beul\Desktop\Addition.txt 2015-01-22 18:40 - 2015-01-25 13:12 - 00017868 _____ () C:\Dokumente und Einstellungen\Beul\Desktop\FRST.txt 2015-01-20 14:00 - 2015-01-20 14:00 - 00380416 _____ () C:\Dokumente und Einstellungen\Beul\Desktop\Gmer-19357.exe 2015-01-20 13:55 - 2015-01-25 13:12 - 00000000 ____D () C:\FRST 2015-01-20 13:54 - 2015-01-24 16:58 - 01120768 _____ (Farbar) C:\Dokumente und Einstellungen\Beul\Desktop\FRST.exe 2015-01-20 13:47 - 2015-01-20 13:47 - 00000000 _____ () C:\Dokumente und Einstellungen\Beul\defogger_reenable 2015-01-20 13:46 - 2015-01-20 13:46 - 00050477 _____ () C:\Dokumente und Einstellungen\Beul\Desktop\Defogger.exe 2015-01-08 21:56 - 2015-01-08 21:56 - 00000838 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Avira.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-25 13:07 - 2013-09-05 20:05 - 01605855 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-25 13:03 - 2004-08-04 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2015-01-25 13:02 - 2013-09-05 20:06 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-01-25 13:02 - 2013-09-05 20:06 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-01-25 13:01 - 2013-10-21 19:44 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cece8d8b87f2ee.job 2015-01-25 13:01 - 2005-06-28 12:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-24 22:36 - 2014-09-09 20:05 - 00136400 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat 2015-01-24 22:36 - 2013-09-05 20:06 - 00032602 _____ () C:\WINDOWS\SchedLgU.Txt 2015-01-24 22:36 - 2006-04-07 12:54 - 00000300 ___SH () C:\Dokumente und Einstellungen\Beul\ntuser.ini 2015-01-24 21:56 - 2010-01-29 22:26 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-24 20:57 - 2005-06-28 13:02 - 00000000 ___RD () C:\Programme 2015-01-24 16:47 - 2006-04-07 12:54 - 00000000 ____D () C:\Dokumente und Einstellungen\Beul 2015-01-23 21:23 - 2013-10-22 18:26 - 00000753 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-23 18:16 - 2004-08-04 13:00 - 00000227 _____ () C:\WINDOWS\system.ini 2015-01-23 18:02 - 2005-06-28 14:00 - 00000327 __RSH () C:\boot.ini 2015-01-23 15:02 - 2011-01-31 20:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2443105$ 2015-01-23 14:26 - 2008-12-27 23:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954600$ 2015-01-23 14:25 - 2013-09-06 22:06 - 00000000 ____D () C:\Dokumente und Einstellungen\Beul\Anwendungsdaten\Onowpi 2015-01-23 14:25 - 2013-09-04 21:05 - 00000000 ____D () C:\Dokumente und Einstellungen\Beul\Anwendungsdaten\Ytub 2015-01-23 14:25 - 2013-09-04 21:03 - 00000000 ____D () C:\Dokumente und Einstellungen\Beul\Anwendungsdaten\Zyquo 2015-01-23 12:58 - 2013-09-04 21:03 - 00000000 ____D () C:\Dokumente und Einstellungen\Beul\Anwendungsdaten\Nirao 2015-01-23 12:42 - 2009-08-23 14:48 - 00000000 ____D () C:\Programme\Malwarebytes' Anti-Malware 2015-01-23 12:42 - 2009-08-23 14:48 - 00000000 ____D () C:\Dokumente und Einstellungen\Beul\Anwendungsdaten\Malwarebytes 2015-01-23 12:42 - 2009-08-23 14:48 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2015-01-20 17:14 - 2013-09-07 15:58 - 00000000 ____D () C:\Dokumente und Einstellungen\Beul\Anwendungsdaten\Ryqyko 2015-01-20 16:52 - 2005-07-25 14:39 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2015-01-20 15:17 - 2005-06-28 12:14 - 00000000 ____D () C:\WINDOWS\Registration 2015-01-20 14:36 - 2014-02-03 22:19 - 00011406 _____ () C:\WINDOWS\setupapi.log 2015-01-20 13:25 - 2014-09-09 19:04 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache 2015-01-08 21:56 - 2012-12-17 18:20 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira 2015-01-08 21:56 - 2012-12-17 18:18 - 00000000 ____D () C:\Programme\Avira 2015-01-08 21:56 - 2006-08-29 17:20 - 00000000 ____D () C:\Dokumente und Einstellungen\Beul\Eigene Dateien\Bewerbung 2015-01-08 21:52 - 2005-06-28 13:02 - 01160370 _____ () C:\WINDOWS\system32\PerfStringBackup.INI ==================== Files in the root of some directories ======= 2009-03-14 21:50 - 2009-03-14 21:51 - 4157440 _____ () C:\Programme\fritz.box_fon_wlan_7050.14.04.33.image 2011-06-12 19:19 - 2011-06-12 19:19 - 0002528 _____ () C:\Dokumente und Einstellungen\Beul\Anwendungsdaten\$_hpcst$.hpc 2007-10-29 19:25 - 2012-01-28 16:03 - 0000085 ___SH () C:\Dokumente und Einstellungen\Beul\Anwendungsdaten\.zreglib 2006-08-29 16:42 - 2013-01-20 14:06 - 0000208 _____ () C:\Dokumente und Einstellungen\Beul\Anwendungsdaten\wklnhst.dat 2006-05-11 21:54 - 2014-02-10 11:25 - 0024576 _____ () C:\Dokumente und Einstellungen\Beul\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2006-04-07 12:54 - 2007-07-11 16:56 - 0000137 _____ () C:\Dokumente und Einstellungen\Beul\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat Some content of TEMP: ==================== C:\Dokumente und Einstellungen\Beul\Lokale Einstellungen\temp\avgnt.exe C:\Dokumente und Einstellungen\Beul\Lokale Einstellungen\temp\Quarantine.exe C:\Dokumente und Einstellungen\Beul\Lokale Einstellungen\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ --- --- --- |
25.01.2015, 15:59 | #17 |
/// the machine /// TB-Ausbilder | Provider meldet Virusbefall Java, Adobe und Firefox updaten.
__________________Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ |
25.01.2015, 17:37 | #18 |
| Provider meldet Virusbefall habe alles erledigt, vielen Dank!!!
__________________ |
25.01.2015, 19:09 | #19 |
/// the machine /// TB-Ausbilder | Provider meldet Virusbefall Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Provider meldet Virusbefall |
alten, melde, meldet, provider, virusbefall |