| |
| |||||||
Log-Analyse und Auswertung: Crypt.ULPM.Gen2 Virus auf Vista Rechner mit 4 Benutzern / ein Benutzer blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.08.2013, 16:03
| #7 |
 |  Crypt.ULPM.Gen2 Virus auf Vista Rechner mit 4 Benutzern / ein Benutzer blockiert Hallo Leo, anbei die frst.txt eine addition.txt wurde nicht erzeugt. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-08-2013 01
Ran by Vera (ATTENTION: The logged in user is not administrator) on 24-08-2013 16:57:59
Running from C:\Users\Vera\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ODSoft multimedia) C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Vimicro Corporation) C:\Program Files\vimicro\VMUVC\VMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TVBroadcast] - C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe [797696 2007-08-08] (ODSoft multimedia)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-09] (Intel Corporation)
HKLM\...\Run: [NMSSupport] - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [439512 2007-06-27] (Intel Corporation)
HKLM\...\Run: [CCUTRAYICON] - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [215256 2007-06-27] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4706304 2007-11-14] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-10-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [86016 2007-12-14] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8530464 2007-12-14] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2007-12-14] (NVIDIA Corporation)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [VMonitorVMUVC] - C:\Program Files\Vimicro\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKCU\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-28] (Google Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Vera\AppData\Local\Temp\mgixfmgmdcxogorpr.exe [x] <===== ATTENTION
HKCU\...\Command Processor: "C:\Users\Vera\AppData\Local\Temp\mgixfmgmdcxogorpr.exe" <======= ATTENTION
MountPoints2: {bcfba9c6-c316-11de-a5f6-806e6f6e6963} - E:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\Buhl finance\wiso2013\mshaktuell.exe ()
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office10\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
ShortcutTarget: runctf.lnk -> C:\Users\Vera\3194794.dll (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2536373
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL (ArcSoft, Inc.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office10\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {E36DF325-3F4B-476F-8F89-123BC5D51A30} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\y3wr0dwu.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office10\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office10\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.3088 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.3146 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.11.3006 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.1.11 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC_2_0_1\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Vera\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\y3wr0dwu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF Extension: Internet Video Downloader - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel(R) Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd)
S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel(R) Corporation)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] ()
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-13] (Empolis GmbH)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [69120 2009-10-27] (Google)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel(R) Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()
R2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel(R) Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel(R) Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132056 2012-07-17] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
R2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel(R) Corporation)
R2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel(R) Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH)
R2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [290909 2007-10-19] ()
R2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [114779 2007-10-19] ()
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)
==================== Drivers (Whitelisted) ====================
R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1006816 2011-11-13] (NXP Semiconductors Germany GmbH)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-05] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-23] (Avira GmbH)
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()
R3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [250240 2008-06-16] (Vimicro Corporation)
R3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [476160 2008-06-16] (Vimicro Corporation)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-24 16:19 - 2013-08-24 16:19 - 00015957 _____ C:\ComboFix.txt
2013-08-24 15:48 - 2013-08-24 16:19 - 00000000 ____D C:\ComboFix
2013-08-24 15:48 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-24 15:48 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-24 15:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-24 15:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-24 15:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-24 15:48 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-24 15:48 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-24 15:48 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-24 15:47 - 2013-08-24 16:19 - 00000000 ____D C:\Qoobox
2013-08-24 15:46 - 2013-08-24 16:18 - 00000000 ____D C:\Windows\erdnt
2013-08-24 13:08 - 2013-08-24 13:08 - 00000000 ____D C:\FRST
2013-08-21 16:40 - 2013-08-21 16:40 - 00163175 _____ C:\Users\Vera\AppData\Local\2433f433
2013-08-17 20:34 - 2013-08-18 23:34 - 00000000 ____D C:\ProgramData\tmp
2013-08-17 20:34 - 2013-08-18 13:28 - 00000000 ____D C:\ProgramData\hps
2013-08-17 13:05 - 2013-08-17 13:05 - 00001112 _____ C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk
2013-08-17 13:05 - 2013-08-17 13:05 - 00001092 _____ C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2013-08-17 13:01 - 2013-08-17 13:01 - 00000000 ____D C:\Program Files\CEWE COLOR
2013-08-16 08:08 - 2013-08-16 08:12 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 08:01 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 08:01 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 08:01 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 08:01 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 08:01 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-16 08:01 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-16 08:01 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 08:01 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 08:01 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-16 08:00 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 08:00 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 08:00 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 08:00 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 08:00 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-16 08:00 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-16 08:00 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 18:18 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 18:18 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-15 18:18 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-15 18:17 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 18:17 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 18:17 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 18:17 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-15 18:17 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 18:17 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 18:17 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 18:17 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 18:17 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-06 08:01 - 2013-08-06 08:01 - 00002120 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 12:49 - 2013-08-04 12:49 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-08-04 09:23 - 2013-08-04 09:23 - 00001711 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-04 09:22 - 2013-08-04 09:23 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-04 09:22 - 2013-08-04 09:23 - 00000000 ____D C:\Program Files\iTunes
2013-08-04 09:22 - 2013-08-04 09:22 - 00000000 ____D C:\Program Files\iPod
2013-08-04 09:17 - 2013-08-04 09:17 - 00001773 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-04 09:16 - 2013-08-04 09:17 - 00000000 ____D C:\Program Files\QuickTime
==================== One Month Modified Files and Folders =======
2013-08-24 16:57 - 2013-08-24 16:57 - 01070693 _____ (Farbar) C:\Users\Vera\Desktop\FRST.exe
2013-08-24 16:55 - 2009-11-14 09:09 - 00000430 ____H C:\Windows\Tasks\User_Feed_Synchronization-{C876FE5A-1437-4CD4-9957-1A2CAE695F35}.job
2013-08-24 16:42 - 2010-01-20 22:29 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-24 16:36 - 2009-10-27 11:40 - 01191034 _____ C:\Windows\WindowsUpdate.log
2013-08-24 16:32 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-24 16:30 - 2007-10-10 13:56 - 00201406 _____ C:\Windows\PFRO.log
2013-08-24 16:30 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-24 16:30 - 2006-11-02 14:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-24 16:30 - 2006-11-02 14:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-24 16:29 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-24 16:19 - 2013-08-24 16:19 - 00015957 _____ C:\ComboFix.txt
2013-08-24 16:19 - 2013-08-24 15:48 - 00000000 ____D C:\ComboFix
2013-08-24 16:19 - 2013-08-24 15:47 - 00000000 ____D C:\Qoobox
2013-08-24 16:19 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-08-24 16:19 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-08-24 16:18 - 2013-08-24 15:46 - 00000000 ____D C:\Windows\erdnt
2013-08-24 16:17 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-08-24 16:02 - 2013-01-13 13:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-24 15:59 - 2010-01-20 22:29 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-24 15:59 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-24 13:44 - 2006-11-02 12:33 - 01565742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-24 13:08 - 2013-08-24 13:08 - 00000000 ____D C:\FRST
2013-08-24 13:06 - 2009-10-27 23:58 - 00000000 ____D C:\Users\admin
2013-08-21 17:03 - 2012-04-01 11:17 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-21 17:03 - 2011-11-26 15:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-21 16:40 - 2013-08-21 16:40 - 00163175 _____ C:\Users\Vera\AppData\Local\2433f433
2013-08-18 23:34 - 2013-08-17 20:34 - 00000000 ____D C:\ProgramData\tmp
2013-08-18 13:28 - 2013-08-17 20:34 - 00000000 ____D C:\ProgramData\hps
2013-08-17 13:05 - 2013-08-17 13:05 - 00001112 _____ C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk
2013-08-17 13:05 - 2013-08-17 13:05 - 00001092 _____ C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2013-08-17 13:01 - 2013-08-17 13:01 - 00000000 ____D C:\Program Files\CEWE COLOR
2013-08-17 10:36 - 2010-02-04 08:22 - 00008400 _____ C:\fpRedmon.log
2013-08-16 08:49 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-16 08:27 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-16 08:12 - 2013-08-16 08:08 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 08:08 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-16 08:06 - 2007-10-10 12:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-13 09:41 - 2006-11-02 14:52 - 00209168 _____ C:\Windows\setupact.log
2013-08-06 08:01 - 2013-08-06 08:01 - 00002120 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-06 08:01 - 2009-10-27 11:40 - 00000000 ____D C:\Program Files\Google
2013-08-04 12:49 - 2013-08-04 12:49 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-08-04 09:23 - 2013-08-04 09:23 - 00001711 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-04 09:23 - 2013-08-04 09:22 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-04 09:23 - 2013-08-04 09:22 - 00000000 ____D C:\Program Files\iTunes
2013-08-04 09:22 - 2013-08-04 09:22 - 00000000 ____D C:\Program Files\iPod
2013-08-04 09:22 - 2010-02-20 16:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-04 09:17 - 2013-08-04 09:17 - 00001773 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-04 09:17 - 2013-08-04 09:16 - 00000000 ____D C:\Program Files\QuickTime
2013-07-31 18:02 - 2012-12-08 16:03 - 00002018 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 07:35 - 2007-10-10 13:06 - 00000000 ____D C:\ProgramData\Adobe
2013-07-25 04:40 - 2013-08-16 08:00 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 04:32 - 2013-08-16 08:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 04:30 - 2013-08-16 08:00 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 04:26 - 2013-08-16 08:01 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 04:26 - 2013-08-16 08:00 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 04:25 - 2013-08-16 08:00 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-25 04:24 - 2013-08-16 08:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 04:24 - 2013-08-16 08:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-25 04:23 - 2013-08-16 08:01 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 04:23 - 2013-08-16 08:01 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 04:23 - 2013-08-16 08:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-25 04:23 - 2013-08-16 08:01 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-25 04:23 - 2013-08-16 08:00 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 04:22 - 2013-08-16 08:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 04:22 - 2013-08-16 08:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 04:22 - 2013-08-16 08:01 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
Files to move or delete:
====================
C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Gruß Karsten |
| Themen zu Crypt.ULPM.Gen2 Virus auf Vista Rechner mit 4 Benutzern / ein Benutzer blockiert |
| anwaltschaft, exp/cve-2012-1723.a.3818, farbar, farbar recovery scan tool, js/agent.480412, plug-in, tr/crypt.ulpm.gen2, tr/injector.lr.2, tr/injector.vg, tr/kazy.169263.1, tr/matsnu.eb.142, tr/spy.abvier.a, tr/spy.zbot.akt, tr/spy.zbot.alw |
Baum-Darstellung