| |
| |||||||
Mülltonne: (2x) Bundespolizei 100€ Trojaner noch+ keine antwort+Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
06.04.2012, 10:30
| #1 |
 |  (2x) Bundespolizei 100€ Trojaner noch+ keine antwort+ hallo seit 7 stunden versuche ich jetzt den bundespolizei virus vom pc zu bekommen habe sämtliche youtube videos gesehen den kapersky windows blogger 3 mal laufen lassen alles hat nixgebracht dann habe ich die system wiederherstellung 2 mal laufen lassen und mein pc geht wieder meine frage ist der virus jetzt weg und wenn nicht was kann ich machen bitte um hilfe kann mir kein neues laptop kaufen gruß kai ich nutze auch online banking gruß kai habe dann das gemacht .Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT .DDS Logfile: Code  DS Logfile:DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 24.11.2010 16:21:32
System Uptime: 05.04.2012 15:10:18 (0 hours ago)
.
Motherboard: LENOVO | | Base Board Product Name
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | CPU | 1858/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 254 GiB total, 213,289 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 27,797 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP274: 13.03.2012 08:18:15 - Windows Update
RP275: 14.03.2012 16:47:23 - Windows Update
RP276: 18.03.2012 06:56:05 - Removed HP Update
RP277: 18.03.2012 07:13:08 - Removed Scan
RP278: 18.03.2012 07:13:40 - Removed Destinations
RP279: 18.03.2012 07:14:08 - Installed Scan
RP280: 18.03.2012 07:14:49 - Installed Destinations
RP281: 18.03.2012 19:17:27 - Windows-Sicherung
RP282: 20.03.2012 13:30:09 - Windows Update
RP283: 25.03.2012 19:00:07 - Windows-Sicherung
RP284: 27.03.2012 08:40:13 - Windows Update
RP285: 01.04.2012 19:22:16 - Windows-Sicherung
RP286: 02.04.2012 20:04:52 - Wiederherstellungsvorgang
RP287: 02.04.2012 20:18:33 - Windows-Sicherung
RP288: 02.04.2012 20:33:19 - Windows Update
RP289: 05.04.2012 14:52:46 - Windows Update
.
==== Installed Programs ======================
.
1500
1500_Help
1500Trb
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3 - Deutsch
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Software Update
Avira Free Antivirus
Broadcom 802.11 Wireless Driver
BufferChm
Copy
CyberLink YouCam
Destinations
DeviceDiscovery
DocProc
Energy Management
Fax
Free YouTube Download version 3.0.19.1206
Garmin MapSource
Garmin Training Center
Garmin USB Drivers
Google Earth
Google Update Helper
GPBaseService2
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 29
Lenovo DirectShare
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
MarketResearch
Microsoft Office 2010
Microsoft Office Klick-und-Los 2010
Microsoft Office Starter 2010 - Deutsch
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 11.0 (x86 de)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
Onekey Theater
OpenOffice.org 3.3
posterXXL.de Bestellsoftware 4.60
Power2Go
Praetorians
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek USB 2.0 Card Reader
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spyware Terminator 2012
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
WebReg
Windows Live Mesh ActiveX control for remote connections
Windows Live Sync
Windows Media Player Firefox Plugin
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by cocco at 15:18:35 on 2012-04-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.2415 [GMT 2:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\PROGRAM FILES (X86)\CHECKPOINT\ZONEALARM\VSMON.EXE
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\ISWSVC.EXE
C:\PROGRAM FILES (X86)\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\SCHED.EXE
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE
C:\WINDOWS\SYSTEM32\TASKHOST.EXE
C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\FORCEFIELD.EXE
C:\WINDOWS\SYSTEM32\TASKENG.EXE
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEAPORT\SEAPORT.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE
C:\PROGRAM FILES (X86)\CHECKPOINT\ZONEALARM\ZATRAY.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGNT.EXE
C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVSHADOW.EXE
C:\WINDOWS\SYSTEM32\CONHOST.EXE
C:\windows\system32\svchost.exe -k HPService
C:\PROGRAM FILES (X86)\LAVASOFT\AD-AWARE\AAWTRAY.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORDATAMGRSVC.EXE
C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\UNS\UNS.EXE
C:\windows\System32\svchost.exe -k secsvcs
C:\WINDOWS\SERVICING\TRUSTEDINSTALLER.EXE
C:\windows\system32\svchost.exe -k SDRSVC
C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
C:\WINDOWS\SYSTEM32\DLLHOST.EXE
C:\WINDOWS\SYSTEM32\DLLHOST.EXE
C:\WINDOWS\SYSWOW64\CMD.EXE
C:\WINDOWS\SYSTEM32\CONHOST.EXE
C:\WINDOWS\SYSWOW64\CSCRIPT.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/#hl=de&cp=5&gs_id=m&xhr=t&q=ksk+calw&pf=p&sclient=psy-ab&site=&source=hp&pbx=1&oq=ksk+c&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.&fp=ad7ce3a3241bbebd&biw=1366&bih=653
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=C:\Windows\Sy
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{DC61E5D9-B1D5-40BE-A003-2DFDE213449C} : DhcpNameServer = 192.168.178.1
{0347C33E-8762-4905-BF09-768834316C61}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\cocco\AppData\Roaming\Mozilla\Firefox\Profiles\85ly5gs5.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/|hxxp://signin.ebay.de/ws/eBayISAPI.dll?SignOutConfirm&i=.0794001190006900076001200003500055000920005400022|hxxp://www.t-online.de/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
R1 avkmgr;avkmgr;C:\windows\system32\DRIVERS\avkmgr.sys --> C:\windows\system32\DRIVERS\avkmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-4-2 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-4-2 110032]
R2 avgntflt;avgntflt;C:\windows\system32\DRIVERS\avgntflt.sys --> C:\windows\system32\DRIVERS\avgntflt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-18 13336]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-16 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\windows\system32\DRIVERS\stflt.sys --> C:\windows\system32\DRIVERS\stflt.sys [?]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-4-2 1148632]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-6-18 2320920]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-1-22 17152]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbsmi;Lenovo EasyCamera;C:\windows\system32\DRIVERS\SMIksdrv.sys --> C:\windows\system32\DRIVERS\SMIksdrv.sys [?]
R3 wdmirror;wdmirror;C:\windows\system32\DRIVERS\WDMirror.sys --> C:\windows\system32\DRIVERS\WDMirror.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-8 136176]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 Bridge0;Bridge0;C:\windows\system32\drivers\WDBridge.sys --> C:\windows\system32\drivers\WDBridge.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-8 136176]
S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-6-18 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-6-18 579400]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2010-12-17 16448]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
.
=============== Created Last 30 ================
.
2012-04-04 05:58:27 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C8A73EC3-5647-4F3F-9DA9-28B28BC17C76}\mpengine.dll
2012-04-02 19:32:47 51496 ----a-w- C:\windows\System32\drivers\stflt.sys
2012-04-02 19:32:45 -------- d-----w- C:\Users\cocco\AppData\Roaming\Spyware Terminator
2012-04-02 19:32:45 -------- d-----w- C:\ProgramData\Spyware Terminator
2012-04-02 19:31:08 -------- d-----w- C:\Program Files (x86)\Spyware Terminator
2012-04-02 19:22:21 -------- d-----w- C:\Users\cocco\AppData\Roaming\Avira
2012-04-02 19:18:09 97312 ----a-w- C:\windows\System32\drivers\avgntflt.sys
2012-04-02 19:18:09 27760 ----a-w- C:\windows\System32\drivers\avkmgr.sys
2012-04-02 19:18:04 -------- d-----w- C:\ProgramData\Avira
2012-04-02 19:18:04 -------- d-----w- C:\Program Files (x86)\Avira
2012-04-02 18:36:47 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-03-18 05:54:54 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 05:54:54 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 15:50:37 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-14 15:50:35 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 15:50:34 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-14 10:17:38 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-14 10:17:30 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-14 10:17:30 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-14 10:16:22 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-14 10:16:22 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-14 10:16:22 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-14 10:16:19 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-14 10:16:18 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-14 10:16:18 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-14 10:16:18 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-12 15:00:00 -------- d-----w- C:\Program Files\iPod
2012-03-12 14:59:59 -------- d-----w- C:\Program Files\iTunes
2012-03-12 14:59:59 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-12 14:56:50 -------- d-----w- C:\Program Files\Bonjour
2012-03-12 14:56:50 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2012-02-23 07:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 15:20:02,24 ===============
--- --- --- --- --- --- GMER Logfile: Code: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-05 15:55:46
Windows 6.1.7601 Service Pack 1
Running: srnsb9b6.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
--- --- --- in der anlage die dateien wenn ich den baseline security analyzer ausführe kommen 4 benutzer konten +Administrator +gast +home group user (das kenne ich nicht) und meins +cocco hat das was zu bedeuten |
|
12.04.2012, 09:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | (2x) Bundespolizei 100€ Trojaner noch+ keine antwort+__________________
__________________ |
| Themen zu (2x) Bundespolizei 100€ Trojaner noch+ keine antwort+ |
| 100€ trojaner, anlage, bundespolizei, bundespolizei virus, ellung, kapersky, laptop, laufe, laufen, lenovo, neu, neues, notification, nutze, online, plug-in, stunde, system, system wiederherstellung, sämtliche, troja, trojaner, usb 2.0, videos, virus, wiederherstellung, windows, windows 7 home, youtube |
