Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Vista Rechner mit Interpol Trojaner befallen (https://www.trojaner-board.de/151231-windows-vista-rechner-interpol-trojaner-befallen.html)

sunshine1184 19.03.2014 11:07
Windows Vista Rechner mit Interpol Trojaner befallen
 
Hi liebes Trojaner Board,

mein Laptop mit Windows Vista is leider von einem Interpol Trojaner befallen ich hoffe ihr könnt mir dabei helfen ihn zu beseitigen.

mfg Sunshine


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by SYSTEM on MINWINPC on 19-03-2014 10:51:26
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-10] (Synaptics, Inc.)
HKLM\...\Run: [ISBMgr.exe] - C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317288 2008-12-18] (Sony Corporation)
HKLM\...\Run: [StartCCC] - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [lxdimon.exe] - C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe [435120 2007-03-06] ()
HKLM\...\Run: [lxdiamon] - C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe [20480 2007-03-05] (Lexmark)
HKLM\...\Run: [LXDICATS] - C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDItime.dll [102400 2007-02-26] (Lexmark International, Inc.)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [SymInstallStub] - C:\Users\Ronald\AppData\Local\Temp\SymInstallStub.exe /partnerid=realnw /productlist=nss /staging=false /delay=5 /affid=rplr /desktopshortcut=1 /startmenushortcut=1 /launchedby=3 [335776 2014-03-18] (Symantec Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [274432 2008-12-21] (Sony Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [274432 2008-12-21] (Sony Corporation)
HKU\Ronald\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\Ronald\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\Ronald\...\Run: [Browser Infrastructure Helper] - C:\Users\Ronald\AppData\Local\Smartbar\Application\Smartbar.exe [21536 2014-02-09] (Smartbar)
Startup: C:\Users\Ronald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Ronald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\obnfwlxv.lnk
ShortcutTarget: obnfwlxv.lnk -> C:\ProgramData\vxlwfnbo.cpp (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-02-26] (Cherished Technololgy LIMITED)
S2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe [546112 2014-01-27] ()
S2 LPTSystemUpdater; C:\Program Files\LPT\srpts.exe [32288 2014-02-09] ()
S2 lxdi_device; C:\Windows\system32\lxdicoms.exe [517040 2007-03-06] ( )
S2 NSUService; C:\Program Files\sony\Network Utility\NSUService.exe [303104 2008-12-21] (Sony Corporation)
S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-01-20] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-01-20] (Sony Corporation)
S2 Update EnhanceTronic; C:\Program Files\EnhanceTronic\updateEnhanceTronic.exe [348968 2014-03-17] ()
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation)
S2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [203624 2009-01-19] (Sony Corporation)
S2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [415592 2008-12-19] (Sony Corporation)
S2 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [394536 2009-01-19] (Sony Corporation)
S3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation)
S2 Winmgmt; C:\ProgramData\vxlwfnbo.cpp [204297 2014-03-18] (Microsoft Corporation)
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-03-09] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-05] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-19 10:51 - 2014-03-19 10:51 - 00000000 ____D () C:\FRST
2014-03-18 09:46 - 2014-03-18 09:46 - 00000562 _____ () C:\Windows\PFRO.log
2014-03-18 09:44 - 2014-03-18 09:45 - 95027928 ____T () C:\ProgramData\obnfwlxv.fee
2014-03-18 09:43 - 2014-03-18 09:43 - 00204297 _____ (Microsoft Corporation) C:\ProgramData\vxlwfnbo.cpp
2014-03-18 09:42 - 2014-03-18 09:42 - 00000000 ____D () C:\Program Files\Lightspark 0.5.3-git
2014-03-18 09:41 - 2014-03-18 09:41 - 00000000 ____D () C:\Program Files\PriceGong
2014-03-18 09:40 - 2014-03-18 09:41 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-03-18 09:39 - 2014-03-18 09:41 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Weather It Up
2014-03-18 09:38 - 2014-03-18 09:39 - 00000000 ____D () C:\Program Files\Weather It Up
2014-03-18 09:37 - 2014-03-18 09:46 - 00000000 ____D () C:\Program Files\EnhanceTronic
2014-03-18 09:36 - 2014-03-18 09:36 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\RealNetworks
2014-03-18 09:35 - 2014-03-18 09:35 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-18 09:34 - 2014-03-18 09:39 - 00000000 ____D () C:\Program Files\Real
2014-03-18 09:33 - 2014-03-18 09:39 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\Real
2014-03-18 09:33 - 2014-03-18 09:33 - 00001970 _____ () C:\Users\Ronald\Desktop\Norton Product Installer.lnk
2014-03-18 09:33 - 2014-03-18 09:33 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Real
2014-03-18 09:30 - 2014-03-18 09:39 - 00000000 ____D () C:\ProgramData\Real
2014-03-15 14:28 - 2014-03-15 14:28 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-13 18:08 - 2014-03-13 18:10 - 00000000 ____D () C:\Program Files\LPT
2014-03-13 18:06 - 2014-03-13 18:07 - 00000000 ____D () C:\Users\Ronald\AppData\Local\LPT
2014-03-13 18:06 - 2014-03-13 18:07 - 00000000 ____D () C:\Program Files\hdvideo
2014-03-13 18:06 - 2014-03-13 18:06 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Smartbar
2014-03-13 18:05 - 2014-03-13 18:05 - 00402320 _____ () C:\Users\Ronald\Downloads\Setup.exe
2014-03-13 09:33 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-03-13 09:33 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-13 09:33 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-03-13 09:33 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-13 09:33 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-03-13 09:33 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-13 09:32 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-13 09:32 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-13 09:32 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-13 09:32 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-13 09:32 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-13 09:32 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-03-13 09:32 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-03-13 09:32 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-13 09:32 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-03-13 09:32 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-12 10:39 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-12 10:39 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-12 10:39 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2014-03-12 10:39 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-03-09 07:08 - 2014-03-09 07:08 - 00000000 ____D () C:\Users\Ronald\Documents\Optimizer Pro
2014-03-09 07:06 - 2014-03-09 07:06 - 00000584 _____ () C:\Users\Ronald\AppData\Roaming\aps.scan.quick.results
2014-03-09 07:06 - 2014-03-09 07:06 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Tuguu_SL
2014-03-09 07:04 - 2014-03-09 07:04 - 00000000 ____D () C:\Program Files\media enhance
2014-03-09 07:03 - 2014-03-09 07:06 - 00000000 ____D () C:\Program Files\AnyProtectEx
2014-03-09 07:03 - 2014-03-09 07:03 - 01122960 _____ (AnyProtect.com) C:\Users\Ronald\AppData\Local\nsa79E3.tmp
2014-03-09 07:03 - 2014-03-09 07:03 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\VOPackage
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\SupTab
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\awesomehp
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\ProgramData\WPM
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\Program Files\SupTab
2014-03-09 07:00 - 2014-03-13 18:04 - 00000000 _____ () C:\END
2014-03-09 07:00 - 2014-03-09 07:00 - 00000000 ____D () C:\Users\Ronald\AppData\Local\SearchProtect
2014-02-26 12:52 - 2014-02-26 12:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-26 12:41 - 2014-02-26 12:41 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-26 12:41 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2014-02-26 12:41 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2014-02-26 12:41 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2014-02-26 12:41 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2014-02-26 12:39 - 2014-02-26 12:41 - 00005921 _____ () C:\Windows\System32\jupdate-1.7.0_51-b13.log
2014-02-25 14:48 - 2014-02-26 12:22 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\systweak
2014-02-25 14:48 - 2014-02-25 14:50 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\Advanced System Protector
2014-02-25 14:48 - 2014-01-21 17:28 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot.exe
2014-02-25 07:57 - 2014-02-25 07:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-25 07:55 - 2014-02-25 07:55 - 00000000 ____D () C:\Program Files\Level Quality Watcher

==================== One Month Modified Files and Folders =======

2014-03-19 10:51 - 2014-03-19 10:51 - 00000000 ____D () C:\FRST
2014-03-18 10:14 - 2013-08-25 18:45 - 01375101 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 10:08 - 2011-09-15 18:11 - 00079664 _____ () C:\Users\Ronald\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 10:06 - 2006-11-02 13:47 - 00331392 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-18 10:05 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 10:05 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 09:46 - 2014-03-18 09:46 - 00000562 _____ () C:\Windows\PFRO.log
2014-03-18 09:46 - 2014-03-18 09:37 - 00000000 ____D () C:\Program Files\EnhanceTronic
2014-03-18 09:45 - 2014-03-18 09:44 - 95027928 ____T () C:\ProgramData\obnfwlxv.fee
2014-03-18 09:43 - 2014-03-18 09:43 - 00204297 _____ (Microsoft Corporation) C:\ProgramData\vxlwfnbo.cpp
2014-03-18 09:42 - 2014-03-18 09:42 - 00000000 ____D () C:\Program Files\Lightspark 0.5.3-git
2014-03-18 09:41 - 2014-03-18 09:41 - 00000000 ____D () C:\Program Files\PriceGong
2014-03-18 09:41 - 2014-03-18 09:40 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-03-18 09:41 - 2014-03-18 09:39 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Weather It Up
2014-03-18 09:39 - 2014-03-18 09:38 - 00000000 ____D () C:\Program Files\Weather It Up
2014-03-18 09:39 - 2014-03-18 09:34 - 00000000 ____D () C:\Program Files\Real
2014-03-18 09:39 - 2014-03-18 09:33 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\Real
2014-03-18 09:39 - 2014-03-18 09:30 - 00000000 ____D () C:\ProgramData\Real
2014-03-18 09:36 - 2014-03-18 09:36 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\RealNetworks
2014-03-18 09:35 - 2014-03-18 09:35 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-18 09:34 - 2003-03-18 19:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2014-03-18 09:33 - 2014-03-18 09:33 - 00001970 _____ () C:\Users\Ronald\Desktop\Norton Product Installer.lnk
2014-03-18 09:33 - 2014-03-18 09:33 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Real
2014-03-15 15:02 - 2013-12-18 09:39 - 00013312 _____ () C:\Users\Ronald\Documents\stunden2014.xlr
2014-03-15 15:02 - 2011-09-17 11:05 - 00001036 _____ () C:\Users\Ronald\AppData\Roaming\wklnhst.dat
2014-03-15 14:58 - 2011-09-17 11:04 - 00002505 _____ () C:\Users\Ronald\Desktop\Microsoft Works-Tabellenkalkulation.lnk
2014-03-15 14:28 - 2014-03-15 14:28 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-13 18:14 - 2013-08-17 06:35 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-13 18:10 - 2014-03-13 18:08 - 00000000 ____D () C:\Program Files\LPT
2014-03-13 18:10 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-03-13 18:07 - 2014-03-13 18:06 - 00000000 ____D () C:\Users\Ronald\AppData\Local\LPT
2014-03-13 18:07 - 2014-03-13 18:06 - 00000000 ____D () C:\Program Files\hdvideo
2014-03-13 18:06 - 2014-03-13 18:06 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Smartbar
2014-03-13 18:05 - 2014-03-13 18:05 - 00402320 _____ () C:\Users\Ronald\Downloads\Setup.exe
2014-03-13 18:04 - 2014-03-09 07:00 - 00000000 _____ () C:\END
2014-03-13 10:05 - 2011-09-17 12:29 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-03-13 09:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-13 09:32 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\de-DE
2014-03-09 07:08 - 2014-03-09 07:08 - 00000000 ____D () C:\Users\Ronald\Documents\Optimizer Pro
2014-03-09 07:06 - 2014-03-09 07:06 - 00000584 _____ () C:\Users\Ronald\AppData\Roaming\aps.scan.quick.results
2014-03-09 07:06 - 2014-03-09 07:06 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Tuguu_SL
2014-03-09 07:06 - 2014-03-09 07:03 - 00000000 ____D () C:\Program Files\AnyProtectEx
2014-03-09 07:04 - 2014-03-09 07:04 - 00000000 ____D () C:\Program Files\media enhance
2014-03-09 07:03 - 2014-03-09 07:03 - 01122960 _____ (AnyProtect.com) C:\Users\Ronald\AppData\Local\nsa79E3.tmp
2014-03-09 07:03 - 2014-03-09 07:03 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\VOPackage
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\SupTab
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\awesomehp
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\ProgramData\WPM
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\Program Files\SupTab
2014-03-09 07:00 - 2014-03-09 07:00 - 00000000 ____D () C:\Users\Ronald\AppData\Local\SearchProtect
2014-03-05 07:19 - 2012-09-14 06:55 - 00000000 ___RD () C:\Program Files\Skype
2014-03-05 07:19 - 2011-09-15 18:34 - 00000000 ____D () C:\ProgramData\Skype
2014-03-02 10:41 - 2013-08-31 10:35 - 00000000 ____D () C:\Program Files\Opera Next
2014-03-02 10:06 - 2008-01-21 08:16 - 01565124 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-01 07:53 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-26 12:52 - 2014-02-26 12:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-26 12:41 - 2014-02-26 12:41 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-26 12:41 - 2014-02-26 12:39 - 00005921 _____ () C:\Windows\System32\jupdate-1.7.0_51-b13.log
2014-02-26 12:41 - 2013-08-25 18:56 - 00000000 ____D () C:\Program Files\Java
2014-02-26 12:22 - 2014-02-25 14:48 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\systweak
2014-02-25 14:50 - 2014-02-25 14:48 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\Advanced System Protector
2014-02-25 07:57 - 2014-02-25 07:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-25 07:55 - 2014-02-25 07:55 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-02-23 06:50 - 2014-03-13 09:32 - 12347904 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-23 06:47 - 2014-03-13 09:32 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-23 06:43 - 2014-03-13 09:32 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-23 06:41 - 2014-03-13 09:32 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-23 06:40 - 2014-03-13 09:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-23 06:39 - 2014-03-13 09:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-23 06:38 - 2014-03-13 09:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-23 06:38 - 2014-03-13 09:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-23 06:38 - 2014-03-13 09:32 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-02-23 06:37 - 2014-03-13 09:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-23 06:37 - 2014-03-13 09:32 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-23 06:37 - 2014-03-13 09:32 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-02-23 06:37 - 2014-03-13 09:32 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-23 06:36 - 2014-03-13 09:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-23 06:36 - 2014-03-13 09:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-02-23 06:35 - 2014-03-13 09:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

Files to move or delete:
====================
C:\Users\Ronald\AppData\Roaming\desktop.ini
C:\ProgramData\obnfwlxv.fee


Some content of TEMP:
====================
C:\Users\Ronald\AppData\Local\Temp\avgnt.exe
C:\Users\Ronald\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ronald\AppData\Local\Temp\ShoppinHelper2.exe
C:\Users\Ronald\AppData\Local\Temp\SymInstallStub.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-02-25 14:52:50
Restore point made on: 2014-02-26 08:35:16
Restore point made on: 2014-02-26 12:39:23
Restore point made on: 2014-02-27 06:48:53
Restore point made on: 2014-02-28 08:03:22
Restore point made on: 2014-03-01 07:16:11
Restore point made on: 2014-03-02 08:57:20
Restore point made on: 2014-03-03 16:09:36
Restore point made on: 2014-03-04 08:13:39
Restore point made on: 2014-03-05 07:18:28
Restore point made on: 2014-03-08 08:09:46
Restore point made on: 2014-03-09 08:50:19
Restore point made on: 2014-03-11 12:30:22
Restore point made on: 2014-03-12 11:15:09
Restore point made on: 2014-03-13 09:31:07
Restore point made on: 2014-03-13 18:10:19
Restore point made on: 2014-03-13 18:50:26
Restore point made on: 2014-03-15 15:41:49
Restore point made on: 2014-03-16 08:47:46
Restore point made on: 2014-03-18 09:19:52

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 4062.13 MB
Available physical RAM: 3614.86 MB
Total Pagefile: 3817.55 MB
Available Pagefile: 3666.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.22 GB) (Free:207.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Recovery) (Fixed) (Total:9.87 GB) (Free:0.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:3.76 GB) (Free:3.66 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 19C1D40E)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: C2A8B134)

Partition: GPT Partition Type.


LastRegBack: 2014-03-18 10:12

==================== End Of Log ============================
--- --- ---

--- --- ---


hier schonmal meine frst log file.

schrauber 19.03.2014 11:14
hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Startup: C:\Users\Ronald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\obnfwlxv.lnk
ShortcutTarget: obnfwlxv.lnk -> C:\ProgramData\vxlwfnbo.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\vxlwfnbo.cpp [204297 2014-03-18] (Microsoft Corporation)
2014-03-18 09:44 - 2014-03-18 09:45 - 95027928 ____T () C:\ProgramData\obnfwlxv.fee
2014-03-18 09:43 - 2014-03-18 09:43 - 00204297 _____ (Microsoft Corporation) C:\ProgramData\vxlwfnbo.cpp
C:\Users\Ronald\AppData\Roaming\desktop.ini
C:\ProgramData\obnfwlxv.fee
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.




Rechner normal starten.

sunshine1184 19.03.2014 11:17
Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by SYSTEM at 2014-03-19 11:16:16 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Startup: C:\Users\Ronald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\obnfwlxv.lnk
ShortcutTarget: obnfwlxv.lnk -> C:\ProgramData\vxlwfnbo.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\vxlwfnbo.cpp [204297 2014-03-18] (Microsoft Corporation)
2014-03-18 09:44 - 2014-03-18 09:45 - 95027928 ____T () C:\ProgramData\obnfwlxv.fee
2014-03-18 09:43 - 2014-03-18 09:43 - 00204297 _____ (Microsoft Corporation) C:\ProgramData\vxlwfnbo.cpp
C:\Users\Ronald\AppData\Roaming\desktop.ini
C:\ProgramData\obnfwlxv.fee
*****************

C:\Users\Ronald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\obnfwlxv.lnk => Moved successfully.
C:\ProgramData\vxlwfnbo.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\obnfwlxv.fee => Moved successfully.
"C:\ProgramData\vxlwfnbo.cpp" => File/Directory not found.
C:\Users\Ronald\AppData\Roaming\desktop.ini => Moved successfully.
"C:\ProgramData\obnfwlxv.fee" => File/Directory not found.

==== End of Fixlog ====

schrauber 20.03.2014 09:45
startet der Rechner normal?


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131