Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Gesperrter Computer Vista 32 Business

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.07.2013, 12:04   #1
MikeE1
 
Gesperrter Computer Vista 32 Business - Standard

Gesperrter Computer Vista 32 Business



Hallo zusammen,

Ich habe das Problem, dass einer meiner Rechner sich eine Sperre eingefangen hat.
Das Tool HitmanPro.Kickstart habe ich schon probiert. Ergebnis: negativ
Nun habe ich das FRST-Tool installiert und folgendes Scan-Ergebnis erhalten:
Wäre toll, wenn ihr mir helfen könntet
Besten Dank
MikeE1
*
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013
Ran by SYSTEM on 03-07-2013 12:47:04
Running from G:\
Windows Vista (TM) Business (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [90112 2006-11-10] ()
HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: []  [x]
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2020968 2007-02-13] (Symantec Corporation)
HKLM\...\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [16384 2007-11-15] ( )
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\EUPROCON\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-18] (Microsoft Corporation)
HKU\EUPROCON\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\EUPROCON\...\Winlogon: [Shell] explorer.exe <==== ATTENTION 
Startup: C:\Users\EUPROCON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

========================== Services (Whitelisted) =================

S2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [194240 2006-11-08] (Symantec Corporation)
S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2541248 2006-11-08] (Symantec Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S2 Norton Save and Restore; C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2655848 2007-02-13] (Symantec Corporation)
S2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-18] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-12-31] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130702.001\IDSvix86.sys [386720 2013-04-25] (Symantec Corporation)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-09] (Logitech Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130702.021\NAVENG.SYS [93272 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130702.021\NAVEX15.SYS [1611992 2013-05-22] (Symantec Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [14112 2007-05-09] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [1276832 2007-05-09] (Logitech Inc.)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [10070016 2012-11-16] (Advanced Micro Devices, Inc.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [37864 2007-02-13] (Symantec Corporation)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [14072 2007-02-13] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-03 12:46 - 2013-07-03 12:46 - 00000000 ____D C:\FRST
2013-07-03 09:58 - 2013-07-03 09:58 - 00001036 ____A C:\Windows\System32\.crusader
2013-07-03 09:08 - 2013-07-03 09:58 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-03 06:59 - 2013-07-03 06:59 - 00393531 ____A C:\ProgramData\2433f433
2013-07-03 06:59 - 2013-07-03 06:59 - 00393512 ____A C:\Users\EUPROCON\AppData\Local\2433f433
2013-07-03 06:59 - 2013-07-03 06:59 - 00393480 ____A C:\Users\EUPROCON\AppData\Roaming\2433f433
2013-07-01 07:57 - 2013-07-01 07:57 - 00001894 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-07-01 07:57 - 2013-07-01 07:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-01 07:57 - 2013-07-01 07:57 - 00000000 ____D C:\Program Files\Adobe
2013-07-01 07:27 - 2013-07-01 07:27 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-20 06:47 - 2013-06-20 06:47 - 00000000 ____D C:\Program Files\GUM16FB.tmp
2013-06-20 06:46 - 2013-07-03 11:16 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-20 06:46 - 2013-07-03 09:51 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-20 06:45 - 2013-06-20 06:46 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Deployment
2013-06-20 06:45 - 2013-06-20 06:45 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Apps\2.0
2013-06-13 19:50 - 2013-05-17 00:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 19:50 - 2013-05-16 23:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 19:50 - 2013-05-16 23:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 19:50 - 2013-05-16 23:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 19:50 - 2013-05-16 23:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 19:50 - 2013-05-16 23:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 19:50 - 2013-05-16 23:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 19:50 - 2013-05-16 23:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 19:50 - 2013-05-16 23:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 19:50 - 2013-05-16 23:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 19:50 - 2013-05-16 23:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 19:50 - 2013-05-16 23:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 19:50 - 2013-05-16 23:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 19:50 - 2013-05-16 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 19:50 - 2013-05-16 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 19:50 - 2013-05-16 23:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 05:50 - 2013-05-08 05:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 05:50 - 2013-05-02 23:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-13 05:50 - 2013-05-02 23:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-13 05:50 - 2013-05-02 05:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 05:50 - 2013-05-02 05:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-13 05:50 - 2013-04-24 05:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 05:50 - 2013-04-24 05:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 05:50 - 2013-04-24 05:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 05:50 - 2013-04-24 05:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 05:50 - 2013-04-24 02:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 05:50 - 2013-04-17 13:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-07-03 12:46 - 2013-07-03 12:46 - 00000000 ____D C:\FRST
2013-07-03 11:34 - 2006-11-02 11:33 - 01601156 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 11:17 - 2008-01-26 12:45 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-07-03 11:17 - 2006-11-02 14:01 - 00032510 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-03 11:17 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-03 11:16 - 2013-06-20 06:46 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 11:15 - 2006-11-02 13:47 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 11:15 - 2006-11-02 13:47 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 11:10 - 2008-01-26 12:38 - 01882146 ____A C:\Windows\WindowsUpdate.log
2013-07-03 10:22 - 2013-01-08 08:32 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-03 09:58 - 2013-07-03 09:58 - 00001036 ____A C:\Windows\System32\.crusader
2013-07-03 09:58 - 2013-07-03 09:08 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-03 09:51 - 2013-06-20 06:46 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 08:01 - 2006-11-02 13:52 - 00026169 ____A C:\Windows\setupact.log
2013-07-03 06:59 - 2013-07-03 06:59 - 00393531 ____A C:\ProgramData\2433f433
2013-07-03 06:59 - 2013-07-03 06:59 - 00393512 ____A C:\Users\EUPROCON\AppData\Local\2433f433
2013-07-03 06:59 - 2013-07-03 06:59 - 00393480 ____A C:\Users\EUPROCON\AppData\Roaming\2433f433
2013-07-02 09:01 - 2013-01-01 13:41 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\SimpleSYN
2013-07-01 17:40 - 2006-11-02 14:00 - 00035488 ____A C:\Windows\PFRO.log
2013-07-01 08:02 - 2012-12-30 22:47 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Adobe
2013-07-01 07:57 - 2013-07-01 07:57 - 00001894 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-07-01 07:57 - 2013-07-01 07:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-01 07:57 - 2013-07-01 07:57 - 00000000 ____D C:\Program Files\Adobe
2013-07-01 07:57 - 2008-01-26 13:02 - 00000000 ____D C:\ProgramData\Adobe
2013-07-01 07:27 - 2013-07-01 07:27 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-20 06:49 - 2012-12-30 22:05 - 00000000 ____D C:\Users\EUPROCON\AppData\Roaming\Google
2013-06-20 06:47 - 2013-06-20 06:47 - 00000000 ____D C:\Program Files\GUM16FB.tmp
2013-06-20 06:47 - 2012-12-30 22:04 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Google
2013-06-20 06:46 - 2013-06-20 06:45 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Deployment
2013-06-20 06:46 - 2008-01-26 13:01 - 00000000 ____D C:\ProgramData\Google
2013-06-20 06:46 - 2008-01-26 13:01 - 00000000 ____D C:\Program Files\Google
2013-06-20 06:45 - 2013-06-20 06:45 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Apps\2.0
2013-06-19 05:49 - 2012-12-31 13:00 - 00000000 ____D C:\Windows\System32\Drivers\NIS
2013-06-19 05:36 - 2012-12-31 13:01 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-19 05:36 - 2012-12-31 13:01 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-14 08:57 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-06-14 08:40 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 19:51 - 2008-01-26 12:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 19:49 - 2006-11-02 11:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 16:23 - 2013-01-08 08:32 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 16:23 - 2013-01-08 08:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-12 10:26:31
Restore point made on: 2013-06-13 06:06:36
Restore point made on: 2013-06-13 19:48:08
Restore point made on: 2013-06-14 11:35:45
Restore point made on: 2013-06-17 07:57:18
Restore point made on: 2013-06-19 08:51:06
Restore point made on: 2013-06-20 06:26:03
Restore point made on: 2013-06-20 20:19:08
Restore point made on: 2013-06-21 09:37:51
Restore point made on: 2013-06-24 07:19:33
Restore point made on: 2013-06-25 10:31:32
Restore point made on: 2013-06-26 08:04:29
Restore point made on: 2013-06-27 09:04:46
Restore point made on: 2013-06-28 06:12:34
Restore point made on: 2013-07-01 06:27:09
Restore point made on: 2013-07-01 07:26:45
Restore point made on: 2013-07-02 09:40:45
Restore point made on: 2013-07-03 06:22:52

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 2045.56 MB
Available physical RAM: 1767.99 MB
Total Pagefile: 1979.2 MB
Available Pagefile: 1831.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.5 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:216 GB) (Free:144.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DELL BACKUP) (Fixed) (Total:72.03 GB) (Free:43.5 GB) NTFS
Drive f: (SecureDrive) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: (Transcend) (Removable) (Total:14.94 GB) (Free:14.94 GB) FAT32
Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:1.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=216 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=72 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)


LastRegBack: 2013-07-03 11:37

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 03.07.2013, 12:11   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Gesperrter Computer Vista 32 Business - Standard

Gesperrter Computer Vista 32 Business



Hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
HKU\EUPROCON\...\Winlogon: [Shell] explorer.exe <==== ATTENTION 
2013-07-03 06:59 - 2013-07-03 06:59 - 00393531 ____A C:\ProgramData\2433f433
2013-07-03 06:59 - 2013-07-03 06:59 - 00393512 ____A C:\Users\EUPROCON\AppData\Local\2433f433
2013-07-03 06:59 - 2013-07-03 06:59 - 00393480 ____A C:\Users\EUPROCON\AppData\Roaming\2433f433
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________

__________________

Alt 03.07.2013, 12:24   #3
MikeE1
 
Gesperrter Computer Vista 32 Business - Standard

Gesperrter Computer Vista 32 Business



Hallo Schrauber,

hier der Fixlog-Eintrag
*
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-07-2013
Ran by SYSTEM at 2013-07-03 13:23:11 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

HKU\EUPROCON\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\EUPROCON\AppData\Local\2433f433 => Moved successfully.
C:\Users\EUPROCON\AppData\Roaming\2433f433 => Moved successfully.

==== End of Fixlog ====
__________________

Alt 03.07.2013, 12:44   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Gesperrter Computer Vista 32 Business - Standard

Gesperrter Computer Vista 32 Business



Neu booten?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.07.2013, 12:50   #5
MikeE1
 
Gesperrter Computer Vista 32 Business - Standard

Gesperrter Computer Vista 32 Business



Hallo Schrauber,

leider immer noch der gleiche Sperrbildschirm, sorry

Gruß
MikeE1


Alt 03.07.2013, 13:41   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Gesperrter Computer Vista 32 Business - Standard

Gesperrter Computer Vista 32 Business



Bitte ein frisches FRST log aus der Recovery.
__________________
--> Gesperrter Computer Vista 32 Business

Alt 03.07.2013, 14:20   #7
MikeE1
 
Gesperrter Computer Vista 32 Business - Standard

Gesperrter Computer Vista 32 Business



Hallo Schrauber,

bin dran am log, hatte nur einige neue Schwierigkeiten. Im Abgesicherten Modus mit Eingabeaufforderung hat der Rechner sofort über "Abmelden" Wondows beendet. über einige Versuche habe ich herausgefunden, dass der Stick jetzt H:, ist zuvor war er G:???

und hier sind die logs.
zunächst FRST.txt:
#
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013
Ran by EUPROCON (administrator) on 03-07-2013 15:06:49
Running from H:\
Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [90112 2006-11-10] ()
HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: []  [x]
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2020968 2007-02-13] (Symantec Corporation)
HKLM\...\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [16384 2007-11-15] ( )
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKCU\...\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-06-20] (Google Inc.)
Startup: C:\Users\EUPROCON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19
SearchScopes: HKCU - {CD7ECDF3-9763-4584-B167-C4A61247BCF5} URL = hxxp://search.softonic.com/MOY00030/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=541
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Tcpip\..\Interfaces\{312A21D2-F4E4-4219-A452-933C43BD8FA7}: [NameServer]192.168.100.7,192.168.100.17

========================== Services (Whitelisted) =================

S2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [194240 2006-11-08] (Symantec Corporation)
S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2541248 2006-11-08] (Symantec Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S2 Norton Save and Restore; C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2655848 2007-02-13] (Symantec Corporation)
S2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-18] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-12-31] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130702.001\IDSvix86.sys [386720 2013-04-25] (Symantec Corporation)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-09] (Logitech Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130702.021\NAVENG.SYS [93272 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130702.021\NAVEX15.SYS [1611992 2013-05-22] (Symantec Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [14112 2007-05-09] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [1276832 2007-05-09] (Logitech Inc.)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [10070016 2012-11-16] (Advanced Micro Devices, Inc.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [37864 2007-02-13] (Symantec Corporation)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [14072 2007-02-13] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-03 13:46 - 2013-07-03 13:46 - 00000000 ____D C:\FRST
2013-07-03 10:58 - 2013-07-03 10:58 - 00001036 ____A C:\Windows\System32\.crusader
2013-07-03 10:08 - 2013-07-03 10:58 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-01 08:57 - 2013-07-01 08:57 - 00001894 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-07-01 08:57 - 2013-07-01 08:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-01 08:57 - 2013-07-01 08:57 - 00000000 ____D C:\Program Files\Adobe
2013-07-01 08:27 - 2013-07-01 08:27 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-20 07:47 - 2013-06-20 07:47 - 00000000 ____D C:\Program Files\GUM16FB.tmp
2013-06-20 07:46 - 2013-07-03 14:32 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-20 07:46 - 2013-07-03 13:51 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-20 07:45 - 2013-06-20 07:46 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Deployment
2013-06-20 07:45 - 2013-06-20 07:45 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Apps\2.0
2013-06-13 20:50 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 20:50 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 20:50 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 20:50 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 20:50 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 20:50 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 20:50 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 20:50 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 20:50 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 20:50 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 20:50 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 20:50 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 20:50 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 20:50 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 20:50 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 20:50 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 06:50 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 06:50 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-13 06:50 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-13 06:50 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 06:50 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-13 06:50 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 06:50 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 06:50 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 06:50 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 06:50 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 06:50 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-07-03 15:01 - 2008-01-26 13:45 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-07-03 15:01 - 2006-11-02 15:01 - 00032510 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-03 15:01 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-03 15:00 - 2006-11-02 14:47 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 15:00 - 2006-11-02 14:47 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 14:32 - 2013-06-20 07:46 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 13:51 - 2013-06-20 07:46 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 13:51 - 2008-01-26 13:38 - 01887564 ____A C:\Windows\WindowsUpdate.log
2013-07-03 13:46 - 2013-07-03 13:46 - 00000000 ____D C:\FRST
2013-07-03 12:34 - 2006-11-02 12:33 - 01601156 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 11:22 - 2013-01-08 09:32 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-03 10:58 - 2013-07-03 10:58 - 00001036 ____A C:\Windows\System32\.crusader
2013-07-03 10:58 - 2013-07-03 10:08 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-03 09:01 - 2006-11-02 14:52 - 00026169 ____A C:\Windows\setupact.log
2013-07-02 10:01 - 2013-01-01 14:41 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\SimpleSYN
2013-07-01 18:40 - 2006-11-02 15:00 - 00035488 ____A C:\Windows\PFRO.log
2013-07-01 09:02 - 2012-12-30 23:47 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Adobe
2013-07-01 08:57 - 2013-07-01 08:57 - 00001894 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-07-01 08:57 - 2013-07-01 08:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-01 08:57 - 2013-07-01 08:57 - 00000000 ____D C:\Program Files\Adobe
2013-07-01 08:57 - 2008-01-26 14:02 - 00000000 ____D C:\ProgramData\Adobe
2013-07-01 08:27 - 2013-07-01 08:27 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-20 07:49 - 2012-12-30 23:05 - 00000000 ____D C:\Users\EUPROCON\AppData\Roaming\Google
2013-06-20 07:47 - 2013-06-20 07:47 - 00000000 ____D C:\Program Files\GUM16FB.tmp
2013-06-20 07:47 - 2012-12-30 23:04 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Google
2013-06-20 07:46 - 2013-06-20 07:45 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Deployment
2013-06-20 07:46 - 2008-01-26 14:01 - 00000000 ____D C:\ProgramData\Google
2013-06-20 07:46 - 2008-01-26 14:01 - 00000000 ____D C:\Program Files\Google
2013-06-20 07:45 - 2013-06-20 07:45 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Apps\2.0
2013-06-19 06:49 - 2012-12-31 14:00 - 00000000 ____D C:\Windows\System32\Drivers\NIS
2013-06-19 06:36 - 2012-12-31 14:01 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-19 06:36 - 2012-12-31 14:01 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-14 09:57 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-14 09:40 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 20:51 - 2008-01-26 13:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 20:49 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 17:23 - 2013-01-08 09:32 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 17:23 - 2013-01-08 09:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 12:37

==================== End Of Log ============================
         
--- --- ---

und nun die zusätzliche erzeugte Addition.txt

#
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-07-2013
Ran by EUPROCON at 2013-07-03 15:16:00
Running from H:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office system (Version: 12.0.6612.1000)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
ATI Catalyst Control Center (Version: 2.007.0914.2138)
Avanquest update (Version: 1.12)
Benutzerhandbuch
Browser Address Error Redirector (Version: 1.00.0000)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2007.0914.2139.36828)
Catalyst Control Center Graphics Full Existing (Version: 2007.0914.2139.36828)
Catalyst Control Center Graphics Full New (Version: 2007.0914.2139.36828)
Catalyst Control Center Graphics Light (Version: 2007.0914.2139.36828)
Catalyst Control Center Graphics Previews Common (Version: 2007.0914.2139.36828)
Catalyst Control Center Graphics Previews Common (Version: 2012.1116.1515.27190)
Catalyst Control Center Graphics Previews Vista (Version: 2007.0914.2139.36828)
Catalyst Control Center InstallProxy (Version: 2012.1116.1515.27190)
Catalyst Control Center Localization All (Version: 2012.1116.1515.27190)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization French (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization German (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Hungarian (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Italian (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Japanese (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Korean (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Polish (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Portuguese (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Spanish (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Thai (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Turkish (Version: 2007.0914.2139.36828)
CCC Help Chinese Standard (Version: 2007.0914.2138.36828)
CCC Help Chinese Standard (Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (Version: 2007.0914.2138.36828)
CCC Help Chinese Traditional (Version: 2012.1116.1514.27190)
CCC Help Czech (Version: 2012.1116.1514.27190)
CCC Help Danish (Version: 2012.1116.1514.27190)
CCC Help Dutch (Version: 2012.1116.1514.27190)
CCC Help English (Version: 2007.0914.2138.36828)
CCC Help English (Version: 2012.1116.1514.27190)
CCC Help Finnish (Version: 2012.1116.1514.27190)
CCC Help French (Version: 2007.0914.2138.36828)
CCC Help French (Version: 2012.1116.1514.27190)
CCC Help German (Version: 2007.0914.2138.36828)
CCC Help German (Version: 2012.1116.1514.27190)
CCC Help Greek (Version: 2012.1116.1514.27190)
CCC Help Hungarian (Version: 2007.0914.2138.36828)
CCC Help Hungarian (Version: 2012.1116.1514.27190)
CCC Help Italian (Version: 2007.0914.2138.36828)
CCC Help Italian (Version: 2012.1116.1514.27190)
CCC Help Japanese (Version: 2007.0914.2138.36828)
CCC Help Japanese (Version: 2012.1116.1514.27190)
CCC Help Korean (Version: 2007.0914.2138.36828)
CCC Help Korean (Version: 2012.1116.1514.27190)
CCC Help Norwegian (Version: 2012.1116.1514.27190)
CCC Help Polish (Version: 2007.0914.2138.36828)
CCC Help Polish (Version: 2012.1116.1514.27190)
CCC Help Portuguese (Version: 2007.0914.2138.36828)
CCC Help Portuguese (Version: 2012.1116.1514.27190)
CCC Help Russian (Version: 2012.1116.1514.27190)
CCC Help Spanish (Version: 2007.0914.2138.36828)
CCC Help Spanish (Version: 2012.1116.1514.27190)
CCC Help Swedish (Version: 2012.1116.1514.27190)
CCC Help Thai (Version: 2007.0914.2138.36828)
CCC Help Thai (Version: 2012.1116.1514.27190)
CCC Help Turkish (Version: 2007.0914.2138.36828)
CCC Help Turkish (Version: 2012.1116.1514.27190)
ccc-core-static (Version: 2007.0914.2139.36828)
ccc-utility (Version: 2007.0914.2139.36828)
ccc-utility (Version: 2012.1116.1515.27190)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe (Version: 2.00.0000)
Dell Handbuch zum Einstieg (Version: 1.00.0000)
Dell Support Center (Version: 2.0.07311)
Evernote v. 4.6.4 (Version: 4.6.4.8136)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.145)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections 12.1.11.0 (Version: )
Java(TM) 6 Update 39 (Version: 6.0.390)
Java(TM) SE Runtime Environment 6 (Version: 1.6.0.0)
Junk Mail filter update (Version: 15.4.3502.0922)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.26)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2003 Web Components (Version: 11.0.8003.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Motorola Device Manager (Version: 2.3.9)
Motorola Device Software Update (Version: 13.02.1402)
Motorola Mobile Drivers Installation 6.0.0 (Version: 6.0.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Norton Internet Security (Version: 20.4.0.40)
Norton Save and Restore (Version: 2.0.0.19488)
PowerDVD (Version: 7.0)
Realtek High Definition Audio Driver
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.116)
Roxio Update Manager (Version: 3.0.0)
Segoe UI (Version: 15.4.2271.0615)
SimpleSYN 2.1 (Version: 2.1.4189)
Skins (Version: 2007.0914.2139.36828)
Sonic Activation Module (Version: 1.0)
Sony Ericsson PC Suite 4.006.00 (Version: 4.006.00)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.5000.00)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows Mobile-Gerätecenter: Treiberupdate (Version: 6.1.6965.0)

==================== Restore Points =========================

12-06-2013 09:26:19 Geplanter Prüfpunkt
13-06-2013 05:06:24 Geplanter Prüfpunkt
13-06-2013 18:47:52 Windows Update
14-06-2013 10:35:31 Geplanter Prüfpunkt
17-06-2013 06:57:07 Geplanter Prüfpunkt
19-06-2013 07:50:51 Geplanter Prüfpunkt
20-06-2013 05:25:49 Geplanter Prüfpunkt
20-06-2013 19:18:54 Geplanter Prüfpunkt
21-06-2013 08:37:36 Geplanter Prüfpunkt
24-06-2013 06:19:00 Geplanter Prüfpunkt
25-06-2013 09:31:19 Geplanter Prüfpunkt
26-06-2013 07:04:17 Geplanter Prüfpunkt
27-06-2013 08:04:37 Geplanter Prüfpunkt
28-06-2013 05:12:20 Geplanter Prüfpunkt
01-07-2013 05:26:55 Geplanter Prüfpunkt
01-07-2013 06:26:32 Removed Adobe Reader X (10.1.7) - Deutsch.
02-07-2013 08:40:07 Geplanter Prüfpunkt
03-07-2013 05:22:38 Geplanter Prüfpunkt

==================== Scheduled Tasks (whitelisted) =============

Task: {00B99C81-FEA0-4EA8-A2DD-8497265D8DBD} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {0CAB7B68-718C-40E0-B83B-89DDF7007DC8} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {150171E4-43E8-4CAE-9215-09B289C0B60B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-20] (Google Inc.)
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2012-12-31] ()
Task: {238816F3-39F2-4B65-90F6-A098D9F50160} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {252FCF61-1430-4291-A46E-883AD1A7DB80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-20] (Google Inc.)
Task: {286240E7-7A81-41B2-A5A9-3BE9A8C9AD78} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2012-12-31] (Microsoft Corporation)
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {31D0C8A4-B75D-4D62-A659-434925C2BAAA} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {4B1C44C0-0C36-46E2-A44D-00330FC1779C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {65F13DF8-CD1A-4844-8722-FA6950B590A4} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {68BD8876-790B-41BE-8CA7-9DD9C5A902DF} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {9939460C-8C1C-458D-961D-47E52C71DEDF} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {9A6891EF-765E-4FA7-BD40-E14660D05EDC} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {CA78D833-DD8F-4AF2-83B4-D702882ECF8A} - System32\Tasks\WPD\SqmUpload_S-1-5-21-488772620-2242768751-4285676057-1003 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {CFECDF04-592C-434A-9A23-BA5E3EE2C6A5} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {D138F985-86A8-41BB-A566-156B9D649048} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {F7841EB9-9AD6-4997-B8E8-02200781B08F} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {FF98BB55-CC50-434A-BEE0-946A0C290230} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2013 02:25:17 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung VProSvc.exe, Version 2.0.0.19488, Zeitstempel 0x45d268e2, fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18551, Zeitstempel 0x4ee8cc5a, Ausnahmecode 0xc0000005, Fehleroffset 0x00009b2b,
Prozess-ID 0x284, Anwendungsstartzeit VProSvc.exe0.

Error: (07/03/2013 10:58:32 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = G:\HitmanPro.exe /kickstart; Beschreibung = ??????????  ???????A?A A ?????????? ?a????????????????????????????????Aaaaaaaaaaaaaaaaaaaaaaa??; Hr = 0x80070057).

Error: (07/03/2013 08:52:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (06/29/2013 01:28:05 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16490 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1278
Anfangszeit: 01ce74bb4dae0473
Zeitpunkt der Beendigung: 0

Error: (06/27/2013 10:43:38 AM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16490 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: a74
Anfangszeit: 01ce7310bc636fe9
Zeitpunkt der Beendigung: 0

Error: (06/19/2013 06:45:49 AM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: d60
Anfangszeit: 01ce6ca31e05bf91
Zeitpunkt der Beendigung: 10

Error: (06/19/2013 06:30:55 AM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16490 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 153c
Anfangszeit: 01ce6ca3721bd741
Zeitpunkt der Beendigung: 30

Error: (06/14/2013 11:13:08 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung SearchProtocolHost.exe, Version 7.0.6002.18005, Zeitstempel 0x49e0244d, fehlerhaftes Modul Microsoft.Interop.Mapi.Impl.dll, Version 3.0.6912.0, Zeitstempel 0x46e8beed, Ausnahmecode 0xc0000005, Fehleroffset 0x0005a1fa,
Prozess-ID 0x%9, Anwendungsstartzeit SearchProtocolHost.exe0.

Error: (06/05/2013 07:46:24 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung SearchProtocolHost.exe, Version 7.0.6002.18005, Zeitstempel 0x49e0244d, fehlerhaftes Modul olmapi32.dll, Version 12.0.6670.5002, Zeitstempel 0x50b91587, Ausnahmecode 0xc0000005, Fehleroffset 0x0000e013,
Prozess-ID 0x%9, Anwendungsstartzeit SearchProtocolHost.exe0.

Error: (05/27/2013 04:11:32 PM) (Source: Application Hang) (User: )
Description: Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 30b8
Anfangszeit: 01ce5ae3ebe5ddda
Zeitpunkt der Beendigung: 35


System errors:
=============
Error: (07/03/2013 03:04:16 PM) (Source: Service Control Manager) (User: )
Description: AFD
BHDrvx86
ccSet_NIS
CSC
DfsC
eeCtrl
IDSVix86
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
SRTSPX
SymIRON
SYMTDIv
tdx
Wanarpv6

Error: (07/03/2013 03:04:16 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (07/03/2013 03:04:16 PM) (Source: Service Control Manager) (User: )
Description: PST ServiceArbeitsstationsdienst%%1068

Error: (07/03/2013 03:04:16 PM) (Source: Service Control Manager) (User: )
Description: NLA (Network Location Awareness)Netzwerkspeicher-Schnittstellendienst%%1068

Error: (07/03/2013 03:04:16 PM) (Source: Service Control Manager) (User: )
Description: IP-HilfsdienstNetzwerkspeicher-Schnittstellendienst%%1068

Error: (07/03/2013 03:04:16 PM) (Source: Service Control Manager) (User: )
Description: WebClientWebDav Client Redirector Driver%%1068

Error: (07/03/2013 03:04:16 PM) (Source: Service Control Manager) (User: )
Description: SMB 2.0 MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068

Error: (07/03/2013 03:04:16 PM) (Source: Service Control Manager) (User: )
Description: SMB 1.x MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068

Error: (07/03/2013 03:04:16 PM) (Source: Service Control Manager) (User: )
Description: SMB MiniRedirector Wrapper and EngineRedirected Buffering Sub Sysytem%%31

Error: (07/03/2013 03:04:16 PM) (Source: Service Control Manager) (User: )
Description: WebDav Client Redirector DriverRedirected Buffering Sub Sysytem%%31


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-07-03 15:07:33.340
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-03 15:07:33.246
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-03 15:07:33.152
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-03 15:07:33.059
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-03 15:07:23.356
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-03 15:07:23.262
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-03 15:07:23.153
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-03 15:07:23.059
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-03 15:07:17.599
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-07-03 15:07:17.490
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 2045.45 MB
Available physical RAM: 1648.96 MB
Total Pagefile: 4327.92 MB
Available Pagefile: 4099.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.42 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:216 GB) (Free:144.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DELL BACKUP) (Fixed) (Total:72.03 GB) (Free:43.5 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:1.78 GB) NTFS
Drive g: (SecureDrive) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive h: (Transcend) (Removable) (Total:14.94 GB) (Free:14.94 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=216 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=72 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)

==================== End Of Log ============================


Gruß
Michael

Alt 03.07.2013, 17:56   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Gesperrter Computer Vista 32 Business - Standard

Gesperrter Computer Vista 32 Business



Hi,

ich brauch ein Log aus der Recovery, wie beim ersten Mal, nicht aus dem Safe Mode
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.07.2013, 18:23   #9
MikeE1
 
Gesperrter Computer Vista 32 Business - Standard

Gesperrter Computer Vista 32 Business



Hallo Schrauber

das war im vorderen Teil der Mail und sieht wie folgt aus:
#
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013
Ran by EUPROCON (administrator) on 03-07-2013 15:06:49
Running from H:\
Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [90112 2006-11-10] ()
HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: []  [x]
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2020968 2007-02-13] (Symantec Corporation)
HKLM\...\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [16384 2007-11-15] ( )
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKCU\...\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-06-20] (Google Inc.)
Startup: C:\Users\EUPROCON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19
SearchScopes: HKCU - {CD7ECDF3-9763-4584-B167-C4A61247BCF5} URL = hxxp://search.softonic.com/MOY00030/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=541
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Tcpip\..\Interfaces\{312A21D2-F4E4-4219-A452-933C43BD8FA7}: [NameServer]192.168.100.7,192.168.100.17

========================== Services (Whitelisted) =================

S2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [194240 2006-11-08] (Symantec Corporation)
S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2541248 2006-11-08] (Symantec Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S2 Norton Save and Restore; C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2655848 2007-02-13] (Symantec Corporation)
S2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-18] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-12-31] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130702.001\IDSvix86.sys [386720 2013-04-25] (Symantec Corporation)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-09] (Logitech Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130702.021\NAVENG.SYS [93272 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130702.021\NAVEX15.SYS [1611992 2013-05-22] (Symantec Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [14112 2007-05-09] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [1276832 2007-05-09] (Logitech Inc.)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [10070016 2012-11-16] (Advanced Micro Devices, Inc.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [37864 2007-02-13] (Symantec Corporation)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [14072 2007-02-13] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-03 13:46 - 2013-07-03 13:46 - 00000000 ____D C:\FRST
2013-07-03 10:58 - 2013-07-03 10:58 - 00001036 ____A C:\Windows\System32\.crusader
2013-07-03 10:08 - 2013-07-03 10:58 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-01 08:57 - 2013-07-01 08:57 - 00001894 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-07-01 08:57 - 2013-07-01 08:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-01 08:57 - 2013-07-01 08:57 - 00000000 ____D C:\Program Files\Adobe
2013-07-01 08:27 - 2013-07-01 08:27 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-20 07:47 - 2013-06-20 07:47 - 00000000 ____D C:\Program Files\GUM16FB.tmp
2013-06-20 07:46 - 2013-07-03 14:32 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-20 07:46 - 2013-07-03 13:51 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-20 07:45 - 2013-06-20 07:46 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Deployment
2013-06-20 07:45 - 2013-06-20 07:45 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Apps\2.0
2013-06-13 20:50 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 20:50 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 20:50 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 20:50 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 20:50 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 20:50 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 20:50 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 20:50 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 20:50 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 20:50 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 20:50 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 20:50 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 20:50 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 20:50 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 20:50 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 20:50 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 06:50 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 06:50 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-13 06:50 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-13 06:50 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 06:50 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-13 06:50 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 06:50 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 06:50 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 06:50 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 06:50 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 06:50 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-07-03 15:01 - 2008-01-26 13:45 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-07-03 15:01 - 2006-11-02 15:01 - 00032510 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-03 15:01 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-03 15:00 - 2006-11-02 14:47 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 15:00 - 2006-11-02 14:47 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 14:32 - 2013-06-20 07:46 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 13:51 - 2013-06-20 07:46 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 13:51 - 2008-01-26 13:38 - 01887564 ____A C:\Windows\WindowsUpdate.log
2013-07-03 13:46 - 2013-07-03 13:46 - 00000000 ____D C:\FRST
2013-07-03 12:34 - 2006-11-02 12:33 - 01601156 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 11:22 - 2013-01-08 09:32 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-03 10:58 - 2013-07-03 10:58 - 00001036 ____A C:\Windows\System32\.crusader
2013-07-03 10:58 - 2013-07-03 10:08 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-03 09:01 - 2006-11-02 14:52 - 00026169 ____A C:\Windows\setupact.log
2013-07-02 10:01 - 2013-01-01 14:41 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\SimpleSYN
2013-07-01 18:40 - 2006-11-02 15:00 - 00035488 ____A C:\Windows\PFRO.log
2013-07-01 09:02 - 2012-12-30 23:47 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Adobe
2013-07-01 08:57 - 2013-07-01 08:57 - 00001894 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-07-01 08:57 - 2013-07-01 08:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-01 08:57 - 2013-07-01 08:57 - 00000000 ____D C:\Program Files\Adobe
2013-07-01 08:57 - 2008-01-26 14:02 - 00000000 ____D C:\ProgramData\Adobe
2013-07-01 08:27 - 2013-07-01 08:27 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-20 07:49 - 2012-12-30 23:05 - 00000000 ____D C:\Users\EUPROCON\AppData\Roaming\Google
2013-06-20 07:47 - 2013-06-20 07:47 - 00000000 ____D C:\Program Files\GUM16FB.tmp
2013-06-20 07:47 - 2012-12-30 23:04 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Google
2013-06-20 07:46 - 2013-06-20 07:45 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Deployment
2013-06-20 07:46 - 2008-01-26 14:01 - 00000000 ____D C:\ProgramData\Google
2013-06-20 07:46 - 2008-01-26 14:01 - 00000000 ____D C:\Program Files\Google
2013-06-20 07:45 - 2013-06-20 07:45 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Apps\2.0
2013-06-19 06:49 - 2012-12-31 14:00 - 00000000 ____D C:\Windows\System32\Drivers\NIS
2013-06-19 06:36 - 2012-12-31 14:01 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-19 06:36 - 2012-12-31 14:01 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-14 09:57 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-14 09:40 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 20:51 - 2008-01-26 13:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 20:49 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 17:23 - 2013-01-08 09:32 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 17:23 - 2013-01-08 09:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 12:37

==================== End Of Log ============================
         
--- --- ---

Ich hoffe, das ist was du benötigst. Ich hatte den Scan nochmals laufen lassen und das ergebnis wurde in der FRST.txt gespeichert. Bitte sag mir, wie ich das Log hinbekomme, wenn es das nicht ist

Gruß und danke für dein Engagement
Michael

Alt 03.07.2013, 18:35   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Gesperrter Computer Vista 32 Business - Standard

Gesperrter Computer Vista 32 Business



Dein erstes Log, welches Du gepostet hast:

Zitat:
Windows Vista (TM) Business (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

Die letzten beiden Logs:

Zitat:
Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
Warum spielst Du jetzt im SAfe Mode rum? Mach das Scanlog doch einfach so wie beim ersten Mal
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.07.2013, 19:24   #11
MikeE1
 
Gesperrter Computer Vista 32 Business - Standard

Gesperrter Computer Vista 32 Business



ok, jetzt habe ich den Grund, ich war über den abgesicherten Modus mit Eingabeaufforderung eingestiegen, das war auch der grund, warum ich Startschwierigkeiten hatte. Ich fange nochmals an

Hi Schrauber,

sorry, jetzt habe ich die richtige Version:
#
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013
Ran by SYSTEM on 03-07-2013 20:31:20
Running from E:\
Windows Vista (TM) Business (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [90112 2006-11-10] ()
HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: []  [x]
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2020968 2007-02-13] (Symantec Corporation)
HKLM\...\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [16384 2007-11-15] ( )
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\EUPROCON\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-18] (Microsoft Corporation)
HKU\EUPROCON\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
Startup: C:\Users\EUPROCON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

========================== Services (Whitelisted) =================

S2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [194240 2006-11-08] (Symantec Corporation)
S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2541248 2006-11-08] (Symantec Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S2 Norton Save and Restore; C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2655848 2007-02-13] (Symantec Corporation)
S2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-18] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-12-31] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130702.001\IDSvix86.sys [386720 2013-04-25] (Symantec Corporation)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-09] (Logitech Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130702.021\NAVENG.SYS [93272 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130702.021\NAVEX15.SYS [1611992 2013-05-22] (Symantec Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [14112 2007-05-09] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [1276832 2007-05-09] (Logitech Inc.)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [10070016 2012-11-16] (Advanced Micro Devices, Inc.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [37864 2007-02-13] (Symantec Corporation)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [14072 2007-02-13] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-03 12:46 - 2013-07-03 12:46 - 00000000 ____D C:\FRST
2013-07-03 09:58 - 2013-07-03 09:58 - 00001036 ____A C:\Windows\System32\.crusader
2013-07-03 09:08 - 2013-07-03 09:58 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-01 07:57 - 2013-07-01 07:57 - 00001894 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-07-01 07:57 - 2013-07-01 07:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-01 07:57 - 2013-07-01 07:57 - 00000000 ____D C:\Program Files\Adobe
2013-07-01 07:27 - 2013-07-01 07:27 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-20 06:47 - 2013-06-20 06:47 - 00000000 ____D C:\Program Files\GUM16FB.tmp
2013-06-20 06:46 - 2013-07-03 13:32 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-20 06:46 - 2013-07-03 12:51 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-20 06:45 - 2013-06-20 06:46 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Deployment
2013-06-20 06:45 - 2013-06-20 06:45 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Apps\2.0
2013-06-13 19:50 - 2013-05-17 00:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 19:50 - 2013-05-16 23:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 19:50 - 2013-05-16 23:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 19:50 - 2013-05-16 23:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 19:50 - 2013-05-16 23:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 19:50 - 2013-05-16 23:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 19:50 - 2013-05-16 23:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 19:50 - 2013-05-16 23:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 19:50 - 2013-05-16 23:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 19:50 - 2013-05-16 23:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 19:50 - 2013-05-16 23:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 19:50 - 2013-05-16 23:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 19:50 - 2013-05-16 23:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 19:50 - 2013-05-16 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 19:50 - 2013-05-16 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 19:50 - 2013-05-16 23:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 05:50 - 2013-05-08 05:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 05:50 - 2013-05-02 23:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-13 05:50 - 2013-05-02 23:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-13 05:50 - 2013-05-02 05:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 05:50 - 2013-05-02 05:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-13 05:50 - 2013-04-24 05:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 05:50 - 2013-04-24 05:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 05:50 - 2013-04-24 05:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 05:50 - 2013-04-24 05:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 05:50 - 2013-04-24 02:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 05:50 - 2013-04-17 13:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-07-03 19:28 - 2008-01-26 12:45 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-07-03 19:28 - 2006-11-02 14:01 - 00032510 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-03 19:28 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-03 19:28 - 2006-11-02 13:47 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 19:28 - 2006-11-02 13:47 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 13:32 - 2013-06-20 06:46 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 12:51 - 2013-06-20 06:46 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 12:51 - 2008-01-26 12:38 - 01887564 ____A C:\Windows\WindowsUpdate.log
2013-07-03 12:46 - 2013-07-03 12:46 - 00000000 ____D C:\FRST
2013-07-03 11:34 - 2006-11-02 11:33 - 01601156 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 10:22 - 2013-01-08 08:32 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-03 09:58 - 2013-07-03 09:58 - 00001036 ____A C:\Windows\System32\.crusader
2013-07-03 09:58 - 2013-07-03 09:08 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-03 08:01 - 2006-11-02 13:52 - 00026169 ____A C:\Windows\setupact.log
2013-07-02 09:01 - 2013-01-01 13:41 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\SimpleSYN
2013-07-01 17:40 - 2006-11-02 14:00 - 00035488 ____A C:\Windows\PFRO.log
2013-07-01 08:02 - 2012-12-30 22:47 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Adobe
2013-07-01 07:57 - 2013-07-01 07:57 - 00001894 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-07-01 07:57 - 2013-07-01 07:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-01 07:57 - 2013-07-01 07:57 - 00000000 ____D C:\Program Files\Adobe
2013-07-01 07:57 - 2008-01-26 13:02 - 00000000 ____D C:\ProgramData\Adobe
2013-07-01 07:27 - 2013-07-01 07:27 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-20 06:49 - 2012-12-30 22:05 - 00000000 ____D C:\Users\EUPROCON\AppData\Roaming\Google
2013-06-20 06:47 - 2013-06-20 06:47 - 00000000 ____D C:\Program Files\GUM16FB.tmp
2013-06-20 06:47 - 2012-12-30 22:04 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Google
2013-06-20 06:46 - 2013-06-20 06:45 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Deployment
2013-06-20 06:46 - 2008-01-26 13:01 - 00000000 ____D C:\ProgramData\Google
2013-06-20 06:46 - 2008-01-26 13:01 - 00000000 ____D C:\Program Files\Google
2013-06-20 06:45 - 2013-06-20 06:45 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Apps\2.0
2013-06-19 05:49 - 2012-12-31 13:00 - 00000000 ____D C:\Windows\System32\Drivers\NIS
2013-06-19 05:36 - 2012-12-31 13:01 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-19 05:36 - 2012-12-31 13:01 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-14 08:57 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-06-14 08:40 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 19:51 - 2008-01-26 12:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 19:49 - 2006-11-02 11:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 16:23 - 2013-01-08 08:32 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 16:23 - 2013-01-08 08:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-12 10:26:31
Restore point made on: 2013-06-13 06:06:36
Restore point made on: 2013-06-13 19:48:08
Restore point made on: 2013-06-14 11:35:45
Restore point made on: 2013-06-17 07:57:18
Restore point made on: 2013-06-19 08:51:06
Restore point made on: 2013-06-20 06:26:03
Restore point made on: 2013-06-20 20:19:08
Restore point made on: 2013-06-21 09:37:51
Restore point made on: 2013-06-24 07:19:33
Restore point made on: 2013-06-25 10:31:32
Restore point made on: 2013-06-26 08:04:29
Restore point made on: 2013-06-27 09:04:46
Restore point made on: 2013-06-28 06:12:34
Restore point made on: 2013-07-01 06:27:09
Restore point made on: 2013-07-01 07:26:45
Restore point made on: 2013-07-02 09:40:45
Restore point made on: 2013-07-03 06:22:52

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 2045.56 MB
Available physical RAM: 1771.28 MB
Total Pagefile: 1979.2 MB
Available Pagefile: 1831.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.14 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:216 GB) (Free:142.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DELL BACKUP) (Fixed) (Total:72.03 GB) (Free:43.5 GB) NTFS
Drive e: (Transcend) (Removable) (Total:14.94 GB) (Free:14.94 GB) FAT32
Drive g: (SecureDrive) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:1.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=216 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=72 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)


LastRegBack: 2013-07-03 14:20

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 03.07.2013, 20:30   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Gesperrter Computer Vista 32 Business - Standard

Gesperrter Computer Vista 32 Business



Als Du im Safe Mode warst, mit welchem Konto warst Du da eingeloggt?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.07.2013, 20:55   #13
MikeE1
 
Gesperrter Computer Vista 32 Business - Standard

Gesperrter Computer Vista 32 Business



Mit meinem Standard-Konto, das hat Adminrecht. Das Administrator-Konto hatte ich von Beginn an nicht genutzt. Ich weiß, dass das nicht optimal ist, aber funktioniert seit Jahren problemlos. Das ist auch die erste Infektion, die ich überhaupt jemals hatte.

Gruß
Michael

Alt 03.07.2013, 20:56   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Gesperrter Computer Vista 32 Business - Standard

Gesperrter Computer Vista 32 Business



Die Infektion ist auch in diesem Standardkonto? Mach bitte mal ein neues FRST log, wieder aus dem Safe mode. Ich seh den Startpunkt immer noch nicht im Log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.07.2013, 20:59   #15
MikeE1
 
Gesperrter Computer Vista 32 Business - Standard

Gesperrter Computer Vista 32 Business



Die Infektion kann nur in diesem Konto sein, es existiert meines Wissens garkein anderes. Das mit dem Save-Mode will ich gerne versuchen, kann aber dauern, da funkt die Sperre schon mal dazwischen.

By the way, Schrauber,

wie groß sind die Chancen, dass wir das Ding nachhaltig entsperrt bekommen? Hintergrund, es handelt sich bei dem PC um meinen Kommunikationsrechner für Internet und E-Mails. Kritische Daten habe ich eigentlich nicht drauf, alle Outlock-Informationen werden in nahezu Echtzeit auf anderen PCs gespiegelt und den Rest hatte ich Ende 2012 ohnehin als Backup erstellt. Weil ich mir Outlock hoffnungslos durch einen Update-Abbruch zerschossen hatte hatte ich am 01.01. mir die Arbeit gemacht und über die Zurücksetzung auf die Werksauslieferung den PC neu aufgebaut. Will sagen, wenn mir das ohenhin blüht, dann brauchen wir uns, respektive du dich, jetzt nicht verkopfen, dann gibt es morgen früh ein Reset, einen weiteren verlorenen Tag und Ende.

Hier ist der Scan: übrigens ist der Stick jetzt wieder H: beim vorherigen Start war er E:
#
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013
Ran by EUPROCON (administrator) on 03-07-2013 22:02:01
Running from H:\
Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [90112 2006-11-10] ()
HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: []  [x]
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2020968 2007-02-13] (Symantec Corporation)
HKLM\...\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [16384 2007-11-15] ( )
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKCU\...\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-06-20] (Google Inc.)
Startup: C:\Users\EUPROCON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19
SearchScopes: HKCU - {CD7ECDF3-9763-4584-B167-C4A61247BCF5} URL = hxxp://search.softonic.com/MOY00030/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=541
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Tcpip\..\Interfaces\{312A21D2-F4E4-4219-A452-933C43BD8FA7}: [NameServer]192.168.100.7,192.168.100.17

========================== Services (Whitelisted) =================

S2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [194240 2006-11-08] (Symantec Corporation)
S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2541248 2006-11-08] (Symantec Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S2 Norton Save and Restore; C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2655848 2007-02-13] (Symantec Corporation)
S2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-18] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-12-31] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130702.001\IDSvix86.sys [386720 2013-04-25] (Symantec Corporation)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-09] (Logitech Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130702.021\NAVENG.SYS [93272 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130702.021\NAVEX15.SYS [1611992 2013-05-22] (Symantec Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [14112 2007-05-09] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [1276832 2007-05-09] (Logitech Inc.)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [10070016 2012-11-16] (Advanced Micro Devices, Inc.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [37864 2007-02-13] (Symantec Corporation)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [14072 2007-02-13] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-03 13:46 - 2013-07-03 13:46 - 00000000 ____D C:\FRST
2013-07-03 10:58 - 2013-07-03 10:58 - 00001036 ____A C:\Windows\System32\.crusader
2013-07-03 10:08 - 2013-07-03 10:58 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-01 08:57 - 2013-07-01 08:57 - 00001894 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-07-01 08:57 - 2013-07-01 08:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-01 08:57 - 2013-07-01 08:57 - 00000000 ____D C:\Program Files\Adobe
2013-07-01 08:27 - 2013-07-01 08:27 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-20 07:47 - 2013-06-20 07:47 - 00000000 ____D C:\Program Files\GUM16FB.tmp
2013-06-20 07:46 - 2013-07-03 14:32 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-20 07:46 - 2013-07-03 13:51 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-20 07:45 - 2013-06-20 07:46 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Deployment
2013-06-20 07:45 - 2013-06-20 07:45 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Apps\2.0
2013-06-13 20:50 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 20:50 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 20:50 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 20:50 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 20:50 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 20:50 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 20:50 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 20:50 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 20:50 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 20:50 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 20:50 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 20:50 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 20:50 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 20:50 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 20:50 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 20:50 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 06:50 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 06:50 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-13 06:50 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-13 06:50 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 06:50 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-13 06:50 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 06:50 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 06:50 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 06:50 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 06:50 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 06:50 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-07-03 20:28 - 2008-01-26 13:45 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-07-03 20:28 - 2006-11-02 15:01 - 00032510 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-03 20:28 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-03 20:28 - 2006-11-02 14:47 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 20:28 - 2006-11-02 14:47 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 14:32 - 2013-06-20 07:46 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 13:51 - 2013-06-20 07:46 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 13:51 - 2008-01-26 13:38 - 01887564 ____A C:\Windows\WindowsUpdate.log
2013-07-03 13:46 - 2013-07-03 13:46 - 00000000 ____D C:\FRST
2013-07-03 12:34 - 2006-11-02 12:33 - 01601156 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 11:22 - 2013-01-08 09:32 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-03 10:58 - 2013-07-03 10:58 - 00001036 ____A C:\Windows\System32\.crusader
2013-07-03 10:58 - 2013-07-03 10:08 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-03 09:01 - 2006-11-02 14:52 - 00026169 ____A C:\Windows\setupact.log
2013-07-02 10:01 - 2013-01-01 14:41 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\SimpleSYN
2013-07-01 18:40 - 2006-11-02 15:00 - 00035488 ____A C:\Windows\PFRO.log
2013-07-01 09:02 - 2012-12-30 23:47 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Adobe
2013-07-01 08:57 - 2013-07-01 08:57 - 00001894 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-07-01 08:57 - 2013-07-01 08:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-01 08:57 - 2013-07-01 08:57 - 00000000 ____D C:\Program Files\Adobe
2013-07-01 08:57 - 2008-01-26 14:02 - 00000000 ____D C:\ProgramData\Adobe
2013-07-01 08:27 - 2013-07-01 08:27 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-20 07:49 - 2012-12-30 23:05 - 00000000 ____D C:\Users\EUPROCON\AppData\Roaming\Google
2013-06-20 07:47 - 2013-06-20 07:47 - 00000000 ____D C:\Program Files\GUM16FB.tmp
2013-06-20 07:47 - 2012-12-30 23:04 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Google
2013-06-20 07:46 - 2013-06-20 07:45 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Deployment
2013-06-20 07:46 - 2008-01-26 14:01 - 00000000 ____D C:\ProgramData\Google
2013-06-20 07:46 - 2008-01-26 14:01 - 00000000 ____D C:\Program Files\Google
2013-06-20 07:45 - 2013-06-20 07:45 - 00000000 ____D C:\Users\EUPROCON\AppData\Local\Apps\2.0
2013-06-19 06:49 - 2012-12-31 14:00 - 00000000 ____D C:\Windows\System32\Drivers\NIS
2013-06-19 06:36 - 2012-12-31 14:01 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-19 06:36 - 2012-12-31 14:01 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-14 09:57 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-14 09:40 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 20:51 - 2008-01-26 13:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 20:49 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 17:23 - 2013-01-08 09:32 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 17:23 - 2013-01-08 09:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 15:20

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Vielleicht hilft noch folgender Hinweis: wenn ich im Save Mode nach der Anmeldung über die Eingabeaufforderung 'notepad' eingebe und dort 'Speichern unter' auswähle, meldet Windows den Nutzer sofort ab und faährt herunter. Bei 'computer reparieren -> Eingabeaufforderung' ist das nicht der Fall

Geändert von MikeE1 (03.07.2013 um 21:33 Uhr)

Antwort

Themen zu Gesperrter Computer Vista 32 Business
adobe, adobe flash player, association, computer, defender, desktop, explorer.exe, farbar, farbar recovery scan tool, flash player, frst.txt, google, microsoft, monitor, norton internet security, problem, security, server, services.exe, svchost.exe, symantec, system, trojan.maljava, win32/medfos.rs, winlogon, winlogon.exe, wmp



Ähnliche Themen: Gesperrter Computer Vista 32 Business


  1. Zero-Day-Lücken in Seagates Business NAS
    Nachrichten - 02.03.2015 (0)
  2. OneDrive for Business verändert Änderungen Dateiinhalte
    Nachrichten - 28.04.2014 (0)
  3. Windows Vista: sehr langsamer Computer
    Log-Analyse und Auswertung - 19.04.2014 (3)
  4. Business - auf E-Mail Blacklist durch Trojaner Zeus?
    Diskussionsforum - 04.04.2014 (13)
  5. D-Link flickt Business-Router der DSR-Serie
    Nachrichten - 17.12.2013 (0)
  6. Gesperrter Pc wegen Interpool Virus oder trojaner
    Log-Analyse und Auswertung - 10.10.2013 (12)
  7. Gesperrter PC wegen BKA, Interpool - Virus
    Log-Analyse und Auswertung - 08.10.2013 (3)
  8. Gesperrter PC Trojaner interpol/Bundespolizei
    Log-Analyse und Auswertung - 10.08.2013 (5)
  9. GVU Trojaner Windows Vista business- Abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 22.07.2013 (5)
  10. Gesperrter pc vom Bundesamt, Interpol
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (15)
  11. Gesperrter PC vom Bundesamt
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (8)
  12. Gesperrter Rechner BKA
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (15)
  13. PUP.OfferBundler Win 7 AVG Business 2012
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  14. Android: Mehr Sicherheit für Business-Apps
    Nachrichten - 11.04.2011 (0)
  15. AVG Anti-Virus Free Small Business Edition
    Antiviren-, Firewall- und andere Schutzprogramme - 20.10.2009 (0)
  16. G Data Antivir Business / Mail + Anhang
    Antiviren-, Firewall- und andere Schutzprogramme - 26.01.2007 (3)
  17. Office XP Small Business
    Alles rund um Windows - 10.06.2005 (2)

Zum Thema Gesperrter Computer Vista 32 Business - Hallo zusammen, Ich habe das Problem, dass einer meiner Rechner sich eine Sperre eingefangen hat. Das Tool HitmanPro.Kickstart habe ich schon probiert. Ergebnis: negativ Nun habe ich das FRST-Tool installiert - Gesperrter Computer Vista 32 Business...
Archiv
Du betrachtest: Gesperrter Computer Vista 32 Business auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.