| |
| |||||||
Log-Analyse und Auswertung: Gvu trojaner winXP, blockiert den abgesicherten ModusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
01.12.2014, 17:22
| #1 |
| |  Gvu trojaner winXP, blockiert den abgesicherten Modus Hallo Zusammen, habe mir auf meinem alten WinXP den Bundestrojaner eingefangen und brauch Eure Hilfe. Frst.exe geladen und im Abgesicherten mit Eingabeaufforderung gescant. Hier das Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2014
Ran by CHEF (administrator) on ACER-1547BE99DA on 01-12-2014 17:14:10
Running from G:\
Loaded Profile: CHEF (Available profiles: CHEF & Diagnose & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-04] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [ATIPTA] => C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005-02-08] (ATI Technologies, Inc.)
HKLM\...\Run: [EPM-DM] => c:\acer\epm\epm-dm.exe [188416 2005-03-28] (Acer Inc)
HKLM\...\Run: [ePowerManagement] => C:\Acer\ePM\ePM.exe [2880512 2005-03-24] (Acer Value Labs, Taiwan)
HKLM\...\Run: [avgnt] => C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [266497 2008-07-20] (Avira GmbH)
HKLM\...\Run: [ControlCenter4] => C:\Programme\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Programme\QuickTime\qttask.exe [98304 2005-03-31] (Apple Computer, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Programme\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-14] (Client Connect LTD)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OnlineControl.lnk
ShortcutTarget: OnlineControl.lnk -> C:\Programme\OnlineControl\ocontrol.exe (T-Com Bereich Endgeräte)
Startup: C:\Dokumente und Einstellungen\CHEF\Startmenü\Programme\Autostart\n3bf9s.lnk
ShortcutTarget: n3bf9s.lnk -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2992199F9A\s9fb3n.cpp (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1728177984-2154991892-3872936928-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.ividi.org/?src=tbhp&id=320d180e0000000000000012f06429a7&affilt=3
HKU\S-1-5-21-1728177984-2154991892-3872936928-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://search.ividi.org/?q={searchTerms}&src=tbnt&id=320d180e0000000000000012f06429a7&affilt=3" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> DefaultScope {6D52A2AC-E163-4A6A-8AF8-D9176D024C8C} URL = hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=320d180e0000000000000012f06429a7&affilt=3&r=937
SearchScopes: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> {52228A04-1034-4E9B-A1F2-3D25D68D0CFF} URL = hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=320d180e0000000000000012f06429a7&affilt=3&r=937
SearchScopes: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> {6D52A2AC-E163-4A6A-8AF8-D9176D024C8C} URL = hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=320d180e0000000000000012f06429a7&affilt=3&r=937
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Programme\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {37B85A29-692B-4205-9CAD-2626E4993404} - No File
Toolbar: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> No Name - {37B85A29-692B-4205-9CAD-2626E4993404} - No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - No File
Hosts: Hosts file not detected in the default directory
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default
FF DefaultSearchEngine: BrowseToolE0191 Customized Web Search
FF SelectedSearchEngine: BrowseToolE0191 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?UM=1&ctid=CT2319825&SearchSource=13&CUI=UN06480264561526106
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&octid=CT2319825&CUI=UN06480264561526106&UM=1&SearchSource=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=0.7.1 -> "C:\Programme\VideoLAN\VLC\mozilla\npvlc.dll" No File
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npclntax.dll ()
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\NPMyGlSh.dll (My Global Search)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\ividi.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\browsetoole0191-customized-web-search.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\fcmdSrchFxt.xml
FF Extension: Google Toolbar for Firefox - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-06-11]
FF Extension: ST-de3 - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2014-04-23]
FF Extension: BBB002 - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} [2014-04-23]
FF Extension: DVDVideoSoftTB - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2014-04-23]
FF Extension: BrowseToolE0191 - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2014-04-23]
FF Extension: hosts - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com [2013-11-11]
FF Extension: preisspion.de - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\finder@meingutscheincode.de.xpi [2011-08-27]
FF Extension: User Agent Switcher - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012-08-05]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2014-02-18]
FF Extension: Google Toolbar for Firefox - C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2006-06-13]
FF HKLM\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\WINDOWS\system32\5024
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-18]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programme\Java\jre6\lib\deploy\jqs\ff [2014-02-18]
FF HKU\S-1-5-21-1728177984-2154991892-3872936928-1005\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\WINDOWS\system32\5024
Chrome:
=======
CHR Profile: C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default
CHR Extension: (iVidi Chrome Toolbar) - C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef [2013-09-16]
CHR HKLM\...\Chrome\Extension: [kpdhgpkkloealnjnmepfhanpcleldbef] - C:\Programme\Unitech LLC\ividi\1.8.23.0\ividi.crx [2013-07-25]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 anbmService; C:\Acer\eManager\anbmServ.exe [1287168 2004-08-16] (OSA Technologies Inc.) [File not signed]
S2 AntiVirScheduler; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [68865 2008-10-23] (Avira GmbH) [File not signed]
S2 AntiVirService; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-10-23] (Avira GmbH) [File not signed]
S2 AOL ACS; C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe [1135728 2004-04-08] (America Online, Inc.)
S2 CltMngSvc; C:\Programme\SearchProtect\Main\bin\CltMngSvc.exe [2496832 2014-05-14] (Client Connect LTD)
S2 EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [86016 2004-10-15] (Intel Corporation) [File not signed]
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-01-06] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-01-06] (Google Inc.)
S2 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194104 2011-10-06] (Google)
S2 JavaQuickStarterService; C:\Programme\Java\jre6\bin\jqs.exe [153376 2014-02-18] (Sun Microsystems, Inc.)
S2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-11-18] (Mozilla Foundation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation) [File not signed]
S2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75064 2009-11-17] ()
S2 RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [139264 2004-10-15] (Intel Corporation) [File not signed]
S2 S24EventMonitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [360521 2004-10-15] (Intel Corporation ) [File not signed]
S3 BrYNSvc; "C:\Programme\Browny02\BrYNSvc.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17119 2005-08-24] (Meetinghouse Data Communications) [File not signed]
S3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [449888 2005-01-10] (Atheros Communications, Inc.)
S3 ASPI; C:\WINDOWS\System32\DRIVERS\ASPI32.sys [16512 2002-07-17] (Adaptec) [File not signed]
S1 avgio; C:\Programme\AntiVir PersonalEdition Classic\avgio.sys [11608 2009-05-27] (Avira GmbH)
S3 avgntflt; C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys [52056 2009-05-27] (Avira GmbH)
S1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [75096 2009-05-27] (Avira GmbH)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CAMCAUD; C:\WINDOWS\System32\drivers\camcaud.sys [34048 2004-06-24] (Conexant Systems Inc.)
S3 CAMCHALA; C:\WINDOWS\System32\drivers\camchal.sys [276480 2004-06-24] (Conexant Systems Inc.)
S2 EpmPsd; C:\WINDOWS\system32\drivers\epm-psd.sys [4096 2004-07-19] (Acer Value Labs, USA) [File not signed]
S2 EpmShd; C:\WINDOWS\system32\drivers\epm-shd.sys [78208 2005-03-24] (Acer Value Labs, USA) [File not signed]
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [24177 2004-02-04] (FTDI Ltd.) [File not signed]
S3 FTSER2K; C:\WINDOWS\System32\drivers\ftser2k.sys [57372 2004-02-04] (FTDI Ltd.) [File not signed]
S3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [207616 2005-01-24] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1038208 2005-01-24] (Conexant Systems, Inc.)
S3 int15.sys; C:\Programme\acer\eRecovery\int15.sys [69632 2005-01-13] () [File not signed]
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MMRTKRNL; C:\WINDOWS\System32\drivers\mmrtkrnl.sys [94624 2008-12-02] (AlcaTech) [File not signed]
S3 MSIRCOMM; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [22016 2008-04-13] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [30336 2003-04-04] (Politecnico di Torino) [File not signed]
R3 NTIDrvr; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [6144 2005-03-31] (NewTech Infosystems, Inc.) [File not signed]
S1 oreans32; C:\WINDOWS\system32\drivers\oreans32.sys [33824 2006-11-02] () [File not signed]
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-12-05] (Padus, Inc.) [File not signed]
S3 PVUSB; C:\WINDOWS\System32\DRIVERS\CESG502.sys [40672 2002-06-12] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [File not signed]
S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
U3 rpcapd; No ImagePath
S2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11354 2004-10-15] (Intel Corporation) [File not signed]
S3 Ser2pl; C:\WINDOWS\System32\DRIVERS\ser2pl.sys [119424 2009-08-25] (Prolific Technology Inc.) [File not signed]
S3 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [21248 2008-04-21] (AVIRA GmbH) [File not signed]
S3 SymEvent; C:\Programme\Symantec\SYMEVENT.SYS [124016 2006-09-15] (Symantec Corporation)
R1 UBHelper; C:\WINDOWS\system32\Drivers\UBHelper.sys [13952 2004-12-17] () [File not signed]
S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [3222784 2004-10-29] (Intel® Corporation)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 cpuz132; \??\C:\DOKUME~1\CHEF\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
S3 ZOOM_R16MTR; system32\Drivers\zmr16usbaudio.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-01 17:13 - 2014-12-01 17:13 - 00000000 ____D () C:\FRST
2014-12-01 16:07 - 2014-12-01 16:07 - 00000000 ____H () C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Anwendungsdaten\BIT3.tmp
2014-12-01 16:06 - 2014-12-01 16:07 - 00000000 _____ () C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Anwendungsdaten\{87120A47-F718-42B8-A91A-CDDE02652B6B}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-01 16:17 - 2014-04-23 00:56 - 00007733 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-01 16:17 - 2012-10-10 18:36 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2014-12-01 16:17 - 2012-10-10 18:36 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-01 16:17 - 2005-03-31 01:54 - 00032640 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-01 16:17 - 2005-03-31 01:54 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-01 16:06 - 2005-03-31 01:33 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-01 16:02 - 2014-08-04 16:42 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfaff240d02ec8.job
2014-12-01 16:01 - 2005-03-31 01:40 - 00187408 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\atl.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\wmaudio.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\wmf9.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\wmpcdcs8.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\unwise.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\Quarantine.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\UEeN.dll
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\3R6v.dll
C:\Dokumente und Einstellungen\Diagnose\Lokale Einstellungen\Temp\nsz20.exe
C:\Dokumente und Einstellungen\Diagnose\Lokale Einstellungen\Temp\nss23.exe
C:\Dokumente und Einstellungen\Diagnose\Lokale Einstellungen\Temp\nst28.exe
C:\Dokumente und Einstellungen\Diagnose\Lokale Einstellungen\Temp\nsr2B.exe
C:\Dokumente und Einstellungen\Diagnose\Lokale Einstellungen\Temp\dskinengine.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
|
|
01.12.2014, 18:25
| #2 |
| /// the machine /// TB-Ausbilder    | Gvu trojaner winXP, blockiert den abgesicherten Modus Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.
__________________Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Dokumente und Einstellungen\CHEF\Startmenü\Programme\Autostart\n3bf9s.lnk
ShortcutTarget: n3bf9s.lnk -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2992199F9A\s9fb3n.cpp (Microsoft Corporation)
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2992199F9A\s9fb3n.cpp
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2992199F9A\s9fb3n.odt
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Rechner normal starten.
__________________ |
|
01.12.2014, 18:44
| #3 |
| | Gvu trojaner winXP, blockiert den abgesicherten Modus Fix ausgeführt. Rechner startet wieder normal.
__________________Hier die Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-12-2014
Ran by Administrator at 2014-12-01 18:44:30 Run:1
Running from G:\
Loaded Profile: Administrator (Available profiles: CHEF & Diagnose & Administrator)
Boot Mode: Safe Mode (minimal)
==============================================
Content of fixlist:
*****************
Startup: C:\Dokumente und Einstellungen\CHEF\Startmenü\Programme\Autostart\n3bf9s.lnk
ShortcutTarget: n3bf9s.lnk -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2992199F9A\s9fb3n.cpp (Microsoft Corporation)
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2992199F9A\s9fb3n.cpp
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2992199F9A\s9fb3n.odt
*****************
C:\Dokumente und Einstellungen\CHEF\Startmenü\Programme\Autostart\n3bf9s.lnk => Moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2992199F9A\s9fb3n.cpp => Moved successfully.
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2992199F9A\s9fb3n.cpp" => File/Directory not found.
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2992199F9A\s9fb3n.odt" => File/Directory not found.
==== End of Fixlog ====
Geändert von martin898 (01.12.2014 um 19:14 Uhr) |
|
02.12.2014, 12:14
| #4 |
| /// the machine /// TB-Ausbilder | Gvu trojaner winXP, blockiert den abgesicherten Modus Dann ab jetzt alles im normalen Modus: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.12.2014, 17:09
| #5 |
| | Gvu trojaner winXP, blockiert den abgesicherten Modus Hallo schrauber, hier die FRST.txt und Addition.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2014
Ran by CHEF (administrator) on ACER-1547BE99DA on 02-12-2014 17:01:59
Running from C:\Dokumente und Einstellungen\CHEF\Desktop
Loaded Profile: CHEF (Available profiles: CHEF & Diagnose & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ATI2EVXX.EXE
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
(Avira GmbH) C:\Programme\AntiVir PersonalEdition Classic\AVGUARD.EXE
(OSA Technologies Inc.) C:\Acer\eManager\anbmServ.exe
(Avira GmbH) C:\Programme\AntiVir PersonalEdition Classic\sched.exe
(America Online, Inc.) C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLacsd.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ATI2EVXX.EXE
(Google Inc.) C:\Programme\Google\Update\GoogleUpdate.exe
(Sun Microsystems, Inc.) C:\Programme\Java\JRE6\BIN\jqs.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
(ATI Technologies, Inc.) C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Acer Inc) C:\Acer\ePM\epm-dm.exe
(Avira GmbH) C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Sun Microsystems, Inc.) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Programme\ControlCenter4\BrCtrlCntr.exe
(T-Com Bereich Endgeräte) C:\Programme\OnlineControl\ocontrol.exe
(Brother Industries, Ltd.) C:\Programme\ControlCenter4\BrCcUxSys.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-04] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [ATIPTA] => C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005-02-08] (ATI Technologies, Inc.)
HKLM\...\Run: [EPM-DM] => c:\acer\epm\epm-dm.exe [188416 2005-03-28] (Acer Inc)
HKLM\...\Run: [ePowerManagement] => C:\Acer\ePM\ePM.exe [2880512 2005-03-24] (Acer Value Labs, Taiwan)
HKLM\...\Run: [avgnt] => C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [266497 2008-07-20] (Avira GmbH)
HKLM\...\Run: [ControlCenter4] => C:\Programme\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Programme\QuickTime\qttask.exe [98304 2005-03-31] (Apple Computer, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OnlineControl.lnk
ShortcutTarget: OnlineControl.lnk -> C:\Programme\OnlineControl\ocontrol.exe (T-Com Bereich Endgeräte)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1728177984-2154991892-3872936928-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.ividi.org/?src=tbhp&id=320d180e0000000000000012f06429a7&affilt=3
HKU\S-1-5-21-1728177984-2154991892-3872936928-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://search.ividi.org/?q={searchTerms}&src=tbnt&id=320d180e0000000000000012f06429a7&affilt=3" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> DefaultScope {6D52A2AC-E163-4A6A-8AF8-D9176D024C8C} URL = hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=320d180e0000000000000012f06429a7&affilt=3&r=937
SearchScopes: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> {52228A04-1034-4E9B-A1F2-3D25D68D0CFF} URL = hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=320d180e0000000000000012f06429a7&affilt=3&r=937
SearchScopes: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> {6D52A2AC-E163-4A6A-8AF8-D9176D024C8C} URL = hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=320d180e0000000000000012f06429a7&affilt=3&r=937
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Programme\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {37B85A29-692B-4205-9CAD-2626E4993404} - No File
Toolbar: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1728177984-2154991892-3872936928-1005 -> No Name - {37B85A29-692B-4205-9CAD-2626E4993404} - No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - No File
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default
FF SelectedSearchEngine: Trovi search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=0.7.1 -> "C:\Programme\VideoLAN\VLC\mozilla\npvlc.dll" No File
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npclntax.dll ()
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\NPMyGlSh.dll (My Global Search)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\ividi.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\browsetoole0191-customized-web-search.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\fcmdSrchFxt.xml
FF Extension: Google Toolbar for Firefox - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-06-11]
FF Extension: hosts - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com [2013-11-11]
FF Extension: preisspion.de - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\finder@meingutscheincode.de.xpi [2011-08-27]
FF Extension: User Agent Switcher - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012-08-05]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2014-02-18]
FF Extension: Google Toolbar for Firefox - C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2006-06-13]
FF HKLM\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\WINDOWS\system32\5024
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-18]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programme\Java\jre6\lib\deploy\jqs\ff [2014-02-18]
FF HKU\S-1-5-21-1728177984-2154991892-3872936928-1005\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\WINDOWS\system32\5024
FF Extension: No Name - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [Not Found]
FF Extension: No Name - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [Not Found]
FF Extension: No Name - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} [Not Found]
FF Extension: No Name - C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\Mozilla\Firefox\Profiles\qytdrn6m.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [Not Found]
Chrome:
=======
CHR Profile: C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default
CHR Extension: (iVidi Chrome Toolbar) - C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef [2013-09-16]
CHR HKLM\...\Chrome\Extension: [kpdhgpkkloealnjnmepfhanpcleldbef] - C:\Programme\Unitech LLC\ividi\1.8.23.0\ividi.crx [2013-07-25]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
R2 anbmService; C:\Acer\eManager\anbmServ.exe [1287168 2004-08-16] (OSA Technologies Inc.)
R2 AntiVirScheduler; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [68865 2008-10-23] (Avira GmbH)
R2 AntiVirService; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-10-23] (Avira GmbH)
R2 AOL ACS; C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe [1135728 2004-04-08] (America Online, Inc.)
R2 EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [86016 2004-10-15] (Intel Corporation)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [107912 2014-12-01] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [107912 2014-12-01] (Google Inc.)
S2 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194104 2011-10-06] (Google)
R2 JavaQuickStarterService; C:\Programme\Java\jre6\bin\jqs.exe [153376 2014-02-18] (Sun Microsystems, Inc.)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-11-18] (Mozilla Foundation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75064 2009-11-17] ()
R2 RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [139264 2004-10-15] (Intel Corporation)
R2 S24EventMonitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [360521 2004-10-15] (Intel Corporation )
S3 BrYNSvc; "C:\Programme\Browny02\BrYNSvc.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17119 2005-08-24] (Meetinghouse Data Communications)
S3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [449888 2005-01-10] (Atheros Communications, Inc.)
S3 ASPI; C:\WINDOWS\System32\DRIVERS\ASPI32.sys [16512 2002-07-17] (Adaptec)
R1 avgio; C:\Programme\AntiVir PersonalEdition Classic\avgio.sys [11608 2009-05-27] (Avira GmbH)
R3 avgntflt; C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys [52056 2009-05-27] (Avira GmbH)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [75096 2009-05-27] (Avira GmbH)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 CAMCAUD; C:\WINDOWS\System32\drivers\camcaud.sys [34048 2004-06-24] (Conexant Systems Inc.)
R3 CAMCHALA; C:\WINDOWS\System32\drivers\camchal.sys [276480 2004-06-24] (Conexant Systems Inc.)
R2 EpmPsd; C:\WINDOWS\system32\drivers\epm-psd.sys [4096 2004-07-19] (Acer Value Labs, USA)
R2 EpmShd; C:\WINDOWS\system32\drivers\epm-shd.sys [78208 2005-03-24] (Acer Value Labs, USA)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [24177 2004-02-04] (FTDI Ltd.)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [207616 2005-01-24] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1038208 2005-01-24] (Conexant Systems, Inc.)
S3 int15.sys; C:\Programme\acer\eRecovery\int15.sys [69632 2005-01-13] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MMRTKRNL; C:\WINDOWS\System32\drivers\mmrtkrnl.sys [94624 2008-12-02] (AlcaTech)
S3 MSIRCOMM; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [22016 2008-04-13] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [30336 2003-04-04] (Politecnico di Torino)
R1 oreans32; C:\WINDOWS\system32\drivers\oreans32.sys [33824 2006-11-02] ()
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-12-05] (Padus, Inc.)
S3 PVUSB; C:\WINDOWS\System32\DRIVERS\CESG502.sys [40672 2002-06-12] (Hitachi Semiconductor and Devices Sales Co.,Ltd.)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
U3 rpcapd; No ImagePath
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11354 2004-10-15] (Intel Corporation)
S3 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [21248 2008-04-21] (AVIRA GmbH)
S3 SymEvent; C:\Programme\Symantec\SYMEVENT.SYS [124016 2006-09-15] (Symantec Corporation)
R1 UBHelper; C:\WINDOWS\system32\Drivers\UBHelper.sys [13952 2004-12-17] ()
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [3222784 2004-10-29] (Intel® Corporation)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 cpuz132; \??\C:\DOKUME~1\CHEF\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
S3 ZOOM_R16MTR; system32\Drivers\zmr16usbaudio.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-02 17:01 - 2014-12-02 17:02 - 00021398 _____ () C:\Dokumente und Einstellungen\CHEF\Desktop\FRST.txt
2014-12-02 00:00 - 2014-12-02 16:47 - 00006516 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-01 20:21 - 2014-12-01 20:21 - 00000000 __SHD () C:\Recycled
2014-12-01 19:37 - 2014-12-02 16:37 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d00d95d9167919.job
2014-12-01 19:30 - 2014-12-01 19:30 - 00000000 ___SD () C:\ComboFix
2014-12-01 19:30 - 2014-12-01 19:30 - 00000000 ____D () C:\Qoobox
2014-12-01 19:30 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-12-01 19:30 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-12-01 19:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-12-01 19:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-12-01 19:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-12-01 19:30 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-12-01 19:30 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-12-01 19:30 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-12-01 19:30 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-12-01 19:29 - 2014-12-01 19:29 - 00000000 ____D () C:\WINDOWS\erdnt
2014-12-01 17:13 - 2014-12-01 17:13 - 00000000 ____D () C:\FRST
2014-12-01 16:59 - 2014-12-01 17:00 - 01109504 _____ (Farbar) C:\Dokumente und Einstellungen\CHEF\Desktop\FRST.exe
2014-12-01 16:07 - 2014-12-01 16:07 - 00000000 ____H () C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Anwendungsdaten\BIT3.tmp
2014-12-01 16:06 - 2014-12-01 16:07 - 00000000 _____ () C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Anwendungsdaten\{87120A47-F718-42B8-A91A-CDDE02652B6B}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-02 16:51 - 2013-11-18 00:52 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-02 16:47 - 2005-03-31 01:54 - 00032142 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-02 16:47 - 2005-03-31 01:54 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-02 16:39 - 2005-03-31 01:33 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-02 16:38 - 2012-10-10 18:36 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-02 16:37 - 2014-08-04 16:42 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfaff240d02ec8.job
2014-12-02 00:28 - 2012-10-10 18:36 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-02 00:28 - 2010-01-06 17:14 - 00001088 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-02 00:28 - 2005-08-24 23:49 - 00000190 ___SH () C:\Dokumente und Einstellungen\CHEF\ntuser.ini
2014-12-01 19:46 - 2012-11-06 19:00 - 00000098 _____ () C:\Dokumente und Einstellungen\CHEF\Anwendungsdaten\AVSDVDPlayer.m3u
2014-12-01 18:47 - 2014-08-04 16:57 - 00000190 ___SH () C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2014-12-01 16:01 - 2005-03-31 01:40 - 00187408 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\atl.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\wmaudio.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\wmf9.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\wmpcdcs8.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\unwise.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\Quarantine.exe
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\UEeN.dll
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\3R6v.dll
C:\Dokumente und Einstellungen\CHEF\Lokale Einstellungen\Temp\Setup.exe
C:\Dokumente und Einstellungen\Diagnose\Lokale Einstellungen\Temp\nsz20.exe
C:\Dokumente und Einstellungen\Diagnose\Lokale Einstellungen\Temp\nss23.exe
C:\Dokumente und Einstellungen\Diagnose\Lokale Einstellungen\Temp\nst28.exe
C:\Dokumente und Einstellungen\Diagnose\Lokale Einstellungen\Temp\nsr2B.exe
C:\Dokumente und Einstellungen\Diagnose\Lokale Einstellungen\Temp\dskinengine.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe
[2005-03-31 01:33] - [2008-04-14 04:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\WINDOWS\system32\winlogon.exe
[2005-03-31 01:33] - [2008-04-14 04:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\WINDOWS\system32\svchost.exe
[2005-03-31 01:33] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\WINDOWS\system32\services.exe
[2005-03-31 01:33] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\WINDOWS\system32\User32.dll
[2005-03-31 01:33] - [2008-04-14 04:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\WINDOWS\system32\userinit.exe
[2005-03-31 01:33] - [2008-04-14 04:23] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\WINDOWS\system32\rpcss.dll
[2005-03-31 01:33] - [2009-02-09 12:51] - 0401408 ____A (Microsoft Corporation) 3127afbf2c1ed0ab14a1bbb7aaecb85b
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2005-03-31 01:33] - [2008-04-14 03:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-12-2014
Ran by CHEF at 2014-12-02 17:03:24
Running from C:\Dokumente und Einstellungen\CHEF\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira AntiVir PersonalEdition (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer eManager for Notebook (HKLM\...\InstallShield_{827289F5-B44F-4E49-9993-840741585A62}) (Version: 1.0.29.44 - Acer Inc.)
Acer eManager for Notebook (Version: 1.0.29.44 - Acer Inc.) Hidden
Acer GridVista (HKLM\...\GridVista) (Version: 2.26.0407 - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader 9.3 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
AOL Deutschland (HKLM\...\America Online de) (Version: - )
AOL Meine Fotos Bildschirmschoner (HKLM\...\AOL YGP Screensaver) (Version: - )
AOL Optimized Dial-In (HKLM\...\AOL Connectivity Services) (Version: - )
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
ATI - Dienstprogramm zur Deinstallation der Software (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.103-050208a-021164C-Acer - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
AudioCon (HKLM\...\AudioCon) (Version: 1.0 - Basement Softworks)
AutoComplete ActiveX Control (HKLM\...\AutoComplete ActiveX Control) (Version: - )
Avira AntiVir Personal - Free Antivirus (HKLM\...\AntiVir PersonalEdition Classic) (Version: - Avira GmbH)
AVS DVD Player version 2.2 (HKLM\...\AVS DVD Player_is1) (Version: - Online Media Technologies Ltd.)
Blue Cat's Chorus VST 4.01 (HKLM\...\{16414746-4C9F-45F5-9D0B-1BB2F257710A}) (Version: 4.01 - Blue Cat Audio)
Blue Cat's Flanger VST 3.01 (HKLM\...\{AD5E66F6-AABE-4C99-B302-8C1545DD898F}) (Version: 3.01 - Blue Cat Audio)
Blue Cat's Freeware Pack VST 2.01 (HKLM\...\{0EB8339B-59A8-46e5-9D41-44458EBD7085}) (Version: 2.01 - Blue Cat Audio)
Blue Cat's FreqAnalyst VST 2.01 (HKLM\...\{44D94F3A-D38C-48DF-AEF7-4CD8B078F30F}) (Version: 2.01 - Blue Cat Audio)
Blue Cat's Gain Suite VST 3.01 (HKLM\...\{07C621A7-3284-4AD4-AFC8-7F41C475F056}) (Version: 3.01 - Blue Cat Audio)
Blue Cat's Phaser VST 3.01 (HKLM\...\{697CE55E-469F-4FB7-9FB6-8CC4E50852B2}) (Version: 3.01 - Blue Cat Audio)
Blue Cat's Triple EQ VST 4.01 (HKLM\...\{F2D66909-5A27-4F0F-8E53-18BAE15178EC}) (Version: 4.01 - Blue Cat Audio)
Brother MFL-Pro Suite MFC-J430W (HKLM\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.0.10.0 - Brother Industries, Ltd.)
Call of Duty(R) 2 (HKLM\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.3 - Activision)
Call of Duty(R) 2 (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 2 Patch 1.3 (Version: 1.3 - ) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 2.34 - Piriform)
Conexant AC-Link Audio (HKLM\...\Conexant PCI Audio) (Version: - )
DriverTurbo (HKLM\...\DriverTurbo) (Version: 3.2.0 - DeskToolsSoft)
EC-USB (HKLM\...\EC-USB_is1) (Version: - CarCode Müller)
EZmix 32-bit (HKLM\...\{B5AB1F3A-136C-4C87-BB49-0E3ACD5B9F7C}) (Version: 2.0.9 - Toontrack)
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.34.4.WIN.FullTilt.COM - )
FX-INTERFACE PROFESSIONAL (HKLM\...\{CD869122-24E1-11D4-A99B-204C4F4F5020}) (Version: - )
Gemeinsam genutzte Internet-Komponenten von Westwood (HKLM\...\WOLAPI) (Version: - )
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
hosts (HKLM\...\hosts) (Version: 1.28.153.3 - Irismedia) <==== ATTENTION
Hotfix für Windows XP (KB2633952) (HKLM\...\KB2633952) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB2756822) (HKLM\...\KB2756822) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB2779562) (HKLM\...\KB2779562) (Version: 1 - Microsoft Corporation)
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: - Intel Corporation)
Java(TM) 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 3.0.0 - Symantec Corporation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
mCore (Version: 1.23.0000 - Intel Corporation) Hidden
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mMHouse (Version: 1.23.0000 - Intel Corporation) Hidden
Mozilla Firefox 25.0.1 (x86 de) (HKLM\...\Mozilla Firefox 25.0.1 (x86 de)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
mPfMgr (Version: 1.23.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mXML (Version: 1.23.0000 - Intel Corporation) Hidden
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version: - )
Norton AntiVirus 2005 (Symantec Corporation) (HKLM\...\SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}) (Version: 11.0.1 - Symantec Corporation)
Norton Security Scan (HKLM\...\NSS) (Version: 2.7.3.34 - Symantec Corporation)
NTI Backup NOW! 4 (HKLM\...\InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}) (Version: 4 - NewTech Infosystems)
NTI Backup NOW! 4 (Version: 4 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OnlineControl 1.2 (HKLM\...\OnlineControl_is1) (Version: 1.2.23 - Deutsche Telekom AG T-Com)
Opera Stable 21.0.1432.67 (HKLM\...\Opera 21.0.1432.67) (Version: 21.0.1432.67 - Opera Software ASA)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PC Speed Maximizer v3.2 (HKLM\...\PC Speed Maximizer_is1) (Version: 3.2 - SoftCity)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: - )
QuickTime (HKLM\...\QuickTime) (Version: - )
Room EQ Wizard V5 (HKLM\...\RoomEQWizardV5) (Version: - John Mulcahy)
Scansoft PDF Professional (Version: - ) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Sicherheitsupdate für Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521) (HKLM\...\KB2544521-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2722913) (HKLM\...\KB2722913-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2761465) (HKLM\...\KB2761465-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2797052) (HKLM\...\KB2797052-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2809289) (HKLM\...\KB2809289-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961) (HKLM\...\KB971961-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332) (HKLM\...\KB981332-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2803821-v2) (HKLM\...\KB2803821-v2_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB973540) (HKLM\...\KB973540_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB975558) (HKLM\...\KB975558_WM8) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2440591) (HKLM\...\KB2440591) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2476490) (HKLM\...\KB2476490) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2491683) (HKLM\...\KB2491683) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507618) (HKLM\...\KB2507618) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2618451) (HKLM\...\KB2618451) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2624667) (HKLM\...\KB2624667) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2646524) (HKLM\...\KB2646524) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2705219) (HKLM\...\KB2705219) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2707511) (HKLM\...\KB2707511) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2723135) (HKLM\...\KB2723135) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2724197) (HKLM\...\KB2724197) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2731847) (HKLM\...\KB2731847) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2753842-v2) (HKLM\...\KB2753842-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2758857) (HKLM\...\KB2758857) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2778344) (HKLM\...\KB2778344) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2779030) (HKLM\...\KB2779030) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2799494) (HKLM\...\KB2799494) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2845187) (HKLM\...\KB2845187) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2849470) (HKLM\...\KB2849470) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2883150) (HKLM\...\KB2883150) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893984) (HKLM\...\KB2893984) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956744) (HKLM\...\KB956744) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981322) (HKLM\...\KB981322) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_00661025) (Version: - )
Steinberg Cubase SX v2.2.0.33 (HKLM\...\Steinberg Cubase SX v2.2.0.33) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec (Version: 11.0.1 - Symantec Corp) Hidden
Texas Instruments PCIxx21/x515 drivers. (HKLM\...\InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}) (Version: 1.08.0000 - Texas Instruments Inc.)
TIxx21 (Version: 1.08.0000 - Texas Instruments Inc.) Hidden
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Unitech LLC toolbar (HKLM\...\ividi) (Version: 1.8.23.0 - Unitech LLC) <==== ATTENTION
Update für Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update für Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
VideoLAN VLC media player 0.7.1 (HKLM\...\VideoLAN) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031514 - Microsoft Corporation)
Windows-Treiberpaket - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\883C04C33C70062A4AD0ED48685D05F25A854C1D) (Version: 03/30/2010 2.06.02 - FTDI)
Windows-Treiberpaket - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\ABE36B9BBD00CD433A4454EBCAD52F303406A488) (Version: 03/30/2010 2.06.02 - FTDI)
Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8) (HKLM\...\C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD) (Version: 05/22/2008 3.8 - Nokia)
Windows-Treiberpaket - Ross-Tech USB Driver Package (05/21/2009 2.04.18) (HKLM\...\B406677FA530D213D0B10B080DCD1080AE866D39) (Version: 05/21/2009 2.04.18 - Ross-Tech)
WinOLS 1.x DEMO (HKLM\...\WinOLS 1.x DEMO) (Version: 1.x - EVC electronic GmbH)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
25-02-2014 00:57:25 Systemprüfpunkt
26-02-2014 17:47:33 Systemprüfpunkt
04-03-2014 14:34:54 Systemprüfpunkt
20-03-2014 23:41:23 Systemprüfpunkt
15-04-2014 16:21:40 Systemprüfpunkt
23-04-2014 16:46:39 Systemprüfpunkt
21-05-2014 15:10:49 Installed EZmix 32-bit.
21-05-2014 15:52:25 Removed EZmix 32-bit.
21-05-2014 15:53:12 Removed EZmix Demo 32-bit.
21-05-2014 15:55:59 Installed EZmix 32-bit.
01-12-2014 19:04:54 Systemprüfpunkt
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfaff240d02ec8.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d00d95d9167919.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Norton Security Scan for CHEF.job => C:\Programme\Norton Security Scan\Engine\2.7.3.34\Nss.exe
==================== Loaded Modules (whitelisted) =============
2007-05-05 15:25 - 2008-04-21 15:52 - 00339968 _____ () C:\Programme\AntiVir PersonalEdition Classic\sqlite3.dll
2009-02-27 16:41 - 2009-02-27 16:41 - 00311296 _____ () C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
2005-08-29 19:31 - 2010-02-10 18:10 - 00141824 _____ () C:\Programme\WinRAR\rarext.dll
2007-04-12 14:30 - 2009-11-17 16:40 - 00075064 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2012-10-10 19:02 - 2009-02-27 16:38 - 00139264 ____R () C:\Programme\Brother\BrUtilities\BrLogAPI.dll
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: BrStsMon00 => C:\Programme\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ccApp => "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
MSCONFIG\startupreg: CTFMON.EXE => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: eRecoveryService => C:\Windows\System32\Check.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: IndexSearch => "C:\Programme\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: ISUSPM => C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: LaunchApp => Alaunch
MSCONFIG\startupreg: MSMSGS => "C:\Programme\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: PaperPort PTD => "C:\Programme\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Programme\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Programme\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: PPort12reminder => "C:\Programme\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: Realtime Audio Engine => "mmrtkrnl.exe" /i
MSCONFIG\startupreg: WA6PU_Check => "C:\Programme\Gemeinsame Dateien\DriveCleaner Free\udcwap.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-1728177984-2154991892-3872936928-500 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Administrator
ASPNET (S-1-5-21-1728177984-2154991892-3872936928-1007 - Limited - Enabled)
CHEF (S-1-5-21-1728177984-2154991892-3872936928-1005 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\CHEF
Diagnose (S-1-5-21-1728177984-2154991892-3872936928-1006 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Diagnose
Gast (S-1-5-21-1728177984-2154991892-3872936928-501 - Limited - Disabled)
Hilfeassistent (S-1-5-21-1728177984-2154991892-3872936928-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1728177984-2154991892-3872936928-1002 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
Name: 1394-Netzwerkadapter
Description: 1394-Netzwerkadapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Intel PCIC-kompatibler PCMCIA-Controller
Description: Intel PCIC-kompatibler PCMCIA-Controller
Class Guid: {4D36E977-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: pcmcia
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (12/02/2014 04:42:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/02/2014 04:42:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst auf Anwendungsebene.
Error: (12/02/2014 04:41:44 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/02/2014 04:39:55 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/02/2014 00:06:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/02/2014 00:06:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst auf Anwendungsebene.
Error: (12/01/2014 07:05:39 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Bei DCOM ist der Fehler "%%1053" aufgetreten, als der Dienst "gupdate" mit den Argumenten "/comsvc"
gestartet wurde, um den folgenden Server zu verwenden:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error: (12/01/2014 06:47:06 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (12/01/2014 06:40:59 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (12/01/2014 06:39:16 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) M processor 1.50GHz
Percentage of memory in use: 61%
Total physical RAM: 510.03 MB
Available physical RAM: 194.76 MB
Total Pagefile: 1243.93 MB
Available Pagefile: 672.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.96 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:26.38 GB) (Free:3.01 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive d: (ACERDATA) (Fixed) (Total:26.55 GB) (Free:10.75 GB) FAT32
Drive g: (MARF) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 55.9 GB) (Disk ID: 0980097F)
Partition 1: (Not Active) - (Size=2.9 GB) - (Type=12)
Partition 2: (Active) - (Size=26.4 GB) - (Type=0C)
Partition 3: (Not Active) - (Size=26.6 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
03.12.2014, 11:39
| #6 |
| /// the machine /// TB-Ausbilder | Gvu trojaner winXP, blockiert den abgesicherten Modus Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ --> Gvu trojaner winXP, blockiert den abgesicherten Modus |
|
| Themen zu Gvu trojaner winXP, blockiert den abgesicherten Modus |
| blockiert, computer, einstellungen, explorer, fehlercode 22, homepage, hosts entfernen, registry, services.exe, software, svchost.exe, symantec, this device cannot start. (code10), this device is disabled. (code 22), trojaner, unitech llc toolbar entfernen, windows xp |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
