Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Pc Nr.2 mit Virus (https://www.trojaner-board.de/136736-pc-nr-2-virus.html)

schrauber 21.06.2013 07:39
Schau mal nach. Das Log ist auf jeden Fall unvollständig. AUsserdem noch das machen:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST Log bitte.

reporter 21.06.2013 12:23
Code:
# AdwCleaner v2.303 - Datei am 21/06/2013 um 13:20:55 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Alex - COMP40
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Alex\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [9163 octets] - [15/06/2013 11:52:57]
AdwCleaner[R2].txt - [827 octets] - [15/06/2013 12:34:58]
AdwCleaner[R3].txt - [699 octets] - [21/06/2013 13:20:55]
AdwCleaner[S1].txt - [9017 octets] - [15/06/2013 11:53:16]
AdwCleaner[S2].txt - [888 octets] - [15/06/2013 12:35:23]

########## EOF - C:\AdwCleaner[R3].txt - [877 octets] ##########
Code:
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Alex on 21.06.2013 at 13:25:27,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft llc
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A33E5870-C65E-4C39-B198-AAAEA97B6268}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D63402F7-FB81-40FF-8C1E-25083BC06487}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\turegopt.exe"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\systweak"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.06.2013 at 13:28:06,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber 21.06.2013 13:29
Das frische FRST Log? :)

reporter 21.06.2013 13:38

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-06-2013 01
Ran by Alex (administrator) on 21-06-2013 14:37:39
Running from C:\Dokumente und Einstellungen\Alex\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Programme\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Acronis) C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe
(VIA Technologies, Inc.) C:\WINDOWS\system32\KaraokeSer.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Skype Technologies S.A.) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TuneUp Software) C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
(TuneUp Software) C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Renesas Electronics Corporation) C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(Adobe Systems Inc.) C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
(Alcor Micro Corp.) C:\Programme\AmIcoSingLun\AmIcoSinglun.exe
(Acronis) C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
(Hewlett-Packard) C:\Programme\HP\HP Software Update\HPWuSchd2.exe
(Nero AG) C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
() C:\Programme\phonostar-Player\phonostarTimer.exe
(Adobe Systems Incorporated) C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Nero AG) C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
(Hewlett-Packard Development Company, L.P.) C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
(VIA Technologies) C:\Programme\VIA\RAID\raid_tool.exe
(Hewlett-Packard Development Company, L.P.) C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Development Company, L.P.) C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
(phonostar) C:\Programme\phonostar-Player\phonostar.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Adobe Systems Incorporated) C:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
(Microsoft Corporation) C:\Programme\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Programme\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Programme\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Programme\internet explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe [24576 2003-12-30] ()
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [5513216 2005-01-10] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [86016 2005-01-10] (NVIDIA Corporation)
HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]
HKLM\...\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2213160 2007-12-03] (Nero AG)
HKLM\...\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [NUSB3MON] "C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [FreePDF Assistant] "C:\Programme\FreePDF_XP\fpassist.exe" [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
HKLM\...\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2012-03-09] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe [272984 2011-12-21] (Alcor Micro Corp.)
HKLM\...\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe [5082488 2009-09-12] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [357800 2009-09-12] (Acronis)
HKLM\...\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [1688872 2007-12-13] (Nero AG)
HKCU\...\Run: [phonostar-PlayerTimer] C:\Programme\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] ()
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {9BDA4705-BC1C-429d-9F12-2BD205054218} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -  No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\Programme\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Programme\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Programme\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Tcpip\..\Interfaces\{BE00D94D-672F-456F-A9FE-2A790FD28043}: [NameServer]192.168.2.1
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Programme\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [660936 2009-09-12] (Acronis)
R2 AdobeActiveFileMonitor11.0; C:\Programme\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 afcdpsrv; C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe [2326920 2012-06-07] (Acronis)
R2 AntiVirMailService; C:\Programme\Avira\AntiVir Desktop\avmailc.exe [375760 2012-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [86224 2012-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [110032 2012-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-06-03] (Avira Operations GmbH & Co. KG)
R2 KaraokeService; C:\Windows\system32\KaraokeSer.exe [88688 2012-02-17] (VIA Technologies, Inc.)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [869672 2007-12-03] (Nero AG)
R3 NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [447784 2007-12-13] (Nero AG)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
R2 Skype C2C Service; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 TuneUp.UtilitiesSvc; C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [x]

==================== Drivers (Whitelisted) ====================

S3 ALCXSENS; C:\Windows\System32\drivers\ALCXSENS.SYS [400384 2004-02-24] (Sensaura)
S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [613244 2004-03-19] (Realtek Semiconductor Corp.)
R1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [7586304 2012-03-09] (ATI Technologies Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [100368 2011-12-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-06-03] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-06-03] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-11] (Avira GmbH)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 GVCplDrv; C:\Windows\System32\Drivers\GVCplDrv.sys [23556 2005-01-24] ()
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
R3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49664 2006-04-13] (HP)
R3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2006-04-13] (HP)
R3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP)
R2 LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [12184 2011-09-02] (Logitech, Inc.)
S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-02] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [73344 2011-09-13] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [164736 2011-09-13] (Renesas Electronics Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [329960 2012-02-22] (Realtek Semiconductor Corporation                          )
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2012-06-07] (Acronis)
R3 TuneUpUtilitiesDrv; C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software)
R3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1506304 2008-10-13] (C-Media Electronics Inc)
S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1150880 2010-05-15] (VIA Technologies, Inc.)
R0 viasraid; C:\Windows\System32\DRIVERS\viasraid.sys [77312 2003-10-31] (VIA Technologies inc,.ltd)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [189568 2004-08-19] (Marvell)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S3 catchme; \??\C:\DOKUME~1\Alex\LOKALE~1\Temp\catchme.sys [x]
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-21 13:25 - 2013-06-21 13:25 - 00000000 ____D C:\Windows\ERUNT
2013-06-21 13:25 - 2013-06-21 13:25 - 00000000 ____D C:\JRT
2013-06-21 13:21 - 2013-06-21 13:21 - 00000000 ____D C:\Windows\LastGood
2013-06-21 13:20 - 2013-06-21 13:21 - 00000945 ____A C:\AdwCleaner[R3].txt
2013-06-20 18:05 - 2013-06-20 18:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2013-06-20 18:05 - 2013-06-20 18:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2013-06-20 18:03 - 2013-06-20 18:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-06-20 17:59 - 2013-06-20 17:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-06-20 17:42 - 2013-06-20 17:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2753842-v2$
2013-06-20 17:41 - 2013-06-20 17:41 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2013-06-20 17:40 - 2013-06-20 17:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-06-20 17:33 - 2013-06-20 17:33 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-06-20 17:32 - 2013-06-20 17:32 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2013-06-20 17:31 - 2013-06-20 17:31 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-06-20 17:23 - 2013-06-20 17:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-06-20 17:21 - 2013-06-20 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-06-20 17:17 - 2013-06-20 17:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-06-20 17:17 - 2013-06-20 17:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$
2013-06-20 16:50 - 2013-06-20 16:50 - 00000000 ____D C:\a707feda25729348992dfc2f9a0d68d4
2013-06-20 16:35 - 2005-01-24 06:15 - 00023556 ___RA C:\Windows\System32\Drivers\GVCplDrv.sys
2013-06-20 15:50 - 2013-06-20 16:17 - 00000000 ____D C:\ComboFix1
2013-06-20 15:09 - 2013-06-20 15:32 - 00000000 ____D C:\ComboFix
2013-06-20 13:32 - 2013-02-12 02:32 - 00012928 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usb8023x.sys
2013-06-19 15:50 - 2012-06-03 18:21 - 00000223 ____A C:\Boot.bak
2013-06-19 15:49 - 2013-06-19 15:50 - 00000000 RASHD C:\cmdcons
2013-06-19 15:49 - 2004-08-03 23:00 - 00262448 _RASH C:\cmldr
2013-06-19 15:45 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-19 15:45 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-19 15:45 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-19 15:45 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-19 15:45 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-19 15:45 - 2000-08-31 02:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-06-19 15:45 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-19 15:45 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-19 15:45 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-19 15:43 - 2013-06-19 15:45 - 00000000 ____D C:\Qoobox
2013-06-19 15:42 - 2013-06-20 16:07 - 00000000 ____D C:\Windows\erdnt
2013-06-17 13:40 - 2013-06-17 13:40 - 00000000 ____D C:\FRST
2013-06-16 13:30 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-15 12:35 - 2013-06-15 12:35 - 00000888 ____A C:\AdwCleaner[S2].txt
2013-06-15 12:34 - 2013-06-15 12:35 - 00000827 ____A C:\AdwCleaner[R2].txt
2013-06-15 12:06 - 2013-06-20 14:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-15 11:53 - 2013-06-15 11:53 - 00009017 ____A C:\AdwCleaner[S1].txt
2013-06-15 11:52 - 2013-06-15 11:53 - 00009163 ____A C:\AdwCleaner[R1].txt
2013-06-13 16:21 - 2013-06-13 16:21 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders ========

2013-06-21 14:20 - 2012-06-04 19:13 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-21 14:20 - 2012-06-03 16:19 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-21 13:27 - 2008-11-25 20:23 - 01805970 ____N C:\Windows\WindowsUpdate.log
2013-06-21 13:25 - 2013-06-21 13:25 - 00000000 ____D C:\Windows\ERUNT
2013-06-21 13:25 - 2013-06-21 13:25 - 00000000 ____D C:\JRT
2013-06-21 13:21 - 2013-06-21 13:21 - 00000000 ____D C:\Windows\LastGood
2013-06-21 13:21 - 2013-06-21 13:20 - 00000945 ____A C:\AdwCleaner[R3].txt
2013-06-21 13:10 - 2004-08-04 14:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-21 13:09 - 2008-11-25 19:52 - 04761800 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-21 13:07 - 2008-11-25 21:00 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-21 13:07 - 2008-11-25 19:55 - 00000159 ____N C:\Windows\wiadebug.log
2013-06-21 13:07 - 2008-11-25 19:55 - 00000050 ____N C:\Windows\wiaservc.log
2013-06-20 18:36 - 2012-06-06 22:29 - 00131072 ____A C:\Windows\System32\config\TuneUp.evt
2013-06-20 18:36 - 2012-06-03 16:41 - 00196608 ____A C:\Windows\System32\config\ACEEvent.evt
2013-06-20 18:36 - 2008-11-25 21:00 - 00032460 ____N C:\Windows\SchedLgU.Txt
2013-06-20 18:33 - 2008-11-25 19:53 - 01034224 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-20 18:05 - 2013-06-20 18:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2013-06-20 18:05 - 2013-06-20 18:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2013-06-20 18:05 - 2008-11-27 17:13 - 00226120 ____A C:\Windows\System32\TZLog.log
2013-06-20 18:03 - 2013-06-20 18:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-06-20 17:59 - 2013-06-20 17:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-06-20 17:44 - 2004-08-04 14:00 - 00000638 ____A C:\Windows\win.ini
2013-06-20 17:42 - 2013-06-20 17:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2753842-v2$
2013-06-20 17:42 - 2008-11-26 00:14 - 00000000 ___HD C:\Windows\$hf_mig$
2013-06-20 17:41 - 2013-06-20 17:41 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2013-06-20 17:40 - 2013-06-20 17:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-06-20 17:33 - 2013-06-20 17:33 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-06-20 17:32 - 2013-06-20 17:32 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2013-06-20 17:31 - 2013-06-20 17:31 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-06-20 17:23 - 2013-06-20 17:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-06-20 17:21 - 2013-06-20 17:21 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-06-20 17:19 - 2012-06-04 19:34 - 00000000 ____D C:\Windows\ie8updates
2013-06-20 17:17 - 2013-06-20 17:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-06-20 17:17 - 2013-06-20 17:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$
2013-06-20 16:50 - 2013-06-20 16:50 - 00000000 ____D C:\a707feda25729348992dfc2f9a0d68d4
2013-06-20 16:17 - 2013-06-20 15:50 - 00000000 ____D C:\ComboFix1
2013-06-20 16:07 - 2013-06-19 15:42 - 00000000 ____D C:\Windows\erdnt
2013-06-20 16:06 - 2004-08-04 14:00 - 00000227 ____A C:\Windows\system.ini
2013-06-20 15:32 - 2013-06-20 15:09 - 00000000 ____D C:\ComboFix
2013-06-20 14:56 - 2013-06-15 12:06 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-19 15:50 - 2013-06-19 15:49 - 00000000 RASHD C:\cmdcons
2013-06-19 15:50 - 2008-11-25 20:51 - 00000339 _RASH C:\boot.ini
2013-06-19 15:45 - 2013-06-19 15:43 - 00000000 ____D C:\Qoobox
2013-06-17 14:55 - 2008-11-25 19:53 - 00000000 ___RD C:\Programme
2013-06-17 13:40 - 2013-06-17 13:40 - 00000000 ____D C:\FRST
2013-06-15 12:35 - 2013-06-15 12:35 - 00000888 ____A C:\AdwCleaner[S2].txt
2013-06-15 12:35 - 2013-06-15 12:34 - 00000827 ____A C:\AdwCleaner[R2].txt
2013-06-15 11:53 - 2013-06-15 11:53 - 00009017 ____A C:\AdwCleaner[S1].txt
2013-06-15 11:53 - 2013-06-15 11:52 - 00009163 ____A C:\AdwCleaner[R1].txt
2013-06-13 16:22 - 2012-06-04 19:13 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-13 16:22 - 2012-06-04 19:13 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-13 16:21 - 2013-06-13 16:21 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-06-02 17:21 - 2008-11-27 17:10 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-01 11:51 - 2012-06-04 17:50 - 00000000 ____D C:\Windows\System32\NtmsData
2013-06-01 11:50 - 2008-11-25 20:21 - 00000000 ____D C:\Windows\Registration

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e

C:\Windows\System32\winlogon.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a

C:\Windows\System32\svchost.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366

C:\Windows\System32\services.exe
[2008-04-14 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc

C:\Windows\System32\User32.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd

C:\Windows\System32\userinit.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106

C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 14:00] - [2008-04-14 14:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d


==================== End Of Log ===================
--- --- ---

schrauber 21.06.2013 19:16

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log. Noch Probleme?


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:08 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27