Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.12.2014, 20:05   #1
tempes2k
 
Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung - Standard

Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung



Hallo Trojaner Board,

Anbei die entsprechenden Logs.
Ich bin mir leider nicht sicher, ob mein Rechner nicht eventuell (noch) infiziert ist.
Aufgefallen ist mir, dass wenn ich firefox etwas suche ich dann auf einer Lavasoft / Yahoosuche gelandet bin. Teilweise wurden Seiten nicht geladen bzw. ohne CSS...
Hoffe nicht, dass ich zuviel getan habe. Leider kannte ich dieses Forum vorher nicht.

Was ich getan habe:

a) mbam drüber laufen lassen
b) adware se drüber laufen lassen.

ich freue mich bereits auf eure Antworten , vielen lieben Dank.


frst.log:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-12 20:48:02
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000042 Samsung_SSD_840_PRO_Series rev.DXM06B0Q 476,94GB
Running: Gmer-19357.exe; Driver: C:\Users\USER~1.DOM\AppData\Local\Temp\kxlorpoc.sys


---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [580:4496]                                                                                                                                                                                                                                      fffff960009832d0
Thread   C:\Windows\system32\svchost.exe [364:6868]                                                                                                                                                                                                                                    00007ff84e247240
Thread   C:\Windows\system32\svchost.exe [364:4996]                                                                                                                                                                                                                                    00007ff853f51050
---- Processes - GMER 2.1 ----

Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564] (Python Core/Python Software Foundation)(2014-12-12 19:23:11)                                                           000000001e000000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                    000000001e8c0000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                000000001e7a0000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:10)                                                                                                 0000000002040000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                     0000000000220000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                        0000000002610000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:10)                                                                                        000000001e800000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                    0000000002b40000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:10)                                                                                                   0000000002c00000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564] (wxWidgets for MSW/wxWidgets development team)(2014-12-12 19:23:11)                                              0000000002d30000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564] (wxWidgets for MSW/wxWidgets development team)(2014-12-12 19:23:11)                                          00000000003d0000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564] (wxWidgets for MSW/wxWidgets development team)(2014-12-12 19:23:11)                                          0000000002f20000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564] (wxWidgets for MSW/wxWidgets development team)(2014-12-12 19:23:11)                                           00000000033c0000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                    0000000003500000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                0000000003dd0000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564] (wxWidgets for MSW/wxWidgets development team)(2014-12-12 19:23:11)                                          0000000003ea0000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                               0000000004160000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:10)                                                                                                   0000000004270000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                000000001d100000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                     0000000003f40000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:10)                                                                                           0000000004330000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                     000000001d1a0000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                   000000001ea10000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                               000000001ec80000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\hashobjs_ext.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                0000000010000000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\win32gui.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                    000000001ea40000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                  000000001e9b0000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                   000000001eaa0000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:10)                                                                                                  000000001e980000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                   0000000003f90000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564] (wxWidgets for MSW/wxWidgets development team)(2014-12-12 19:23:11)                                       0000000005390000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                            0000000003fc0000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:10)                                                                                                000000001ebf0000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                 00000000053b0000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:10)                                                                                                  0000000005460000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                   000000001eb90000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                    000000001eb60000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                      00000000054c0000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:11)                                                                                                000000001ec20000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:10)                                                                                                     000000001ed40000
Library  C:\Users\USER~1.DOM\AppData\Local\Temp\_MEI55562\wx._animate.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5564](2014-12-12 19:23:10)                                                                                                 00000000054d0000
Library  C:\Users\USERvaglieri.DOMAENE\AppData\Local\KeePass\PluginCache\idPSpFtAxudyAEo3U1VG\KeePassRPC.dll (*** suspicious ***) @ C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [6676] (KeePassRPC/Chris Tomlinson)(2014-11-05 19:26:53)                             0000000004940000
Library  C:\Users\USERvaglieri.DOMAENE\AppData\Local\KeePass\PluginCache\idPSpFtAxudyAEo3U1VG\Jayrock.dll (*** suspicious ***) @ C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [6676] (Jayrock/hxxp://jayrock.googlecode.com)(2014-11-05 19:26:51)                     0000000003800000
Library  C:\Users\USERvaglieri.DOMAENE\AppData\Local\KeePass\PluginCache\idPSpFtAxudyAEo3U1VG\Fleck2.dll (*** suspicious ***) @ C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [6676](2014-11-05 19:26:51)                                                              00000000043d0000
Library  C:\Users\USERvaglieri.DOMAENE\AppData\Local\KeePass\PluginCache\idPSpFtAxudyAEo3U1VG\KeePassRPC.Mono.Security.dll (*** suspicious ***) @ C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [6676] (Mono.Security.dll/MONO development team)(2014-11-05 19:26:51)  00000000075d0000
Library  C:\Users\USERvaglieri.DOMAENE\AppData\Local\KeePass\PluginCache\idPSpFtAxudyAEo3U1VG\Jayrock.Json.dll (*** suspicious ***) @ C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [6676] (Jayrock.Json/hxxp://jayrock.googlecode.com)(2014-11-05 19:26:51)           0000000008060000

---- EOF - GMER 2.1 ----
         
Code:
ATTFilter
Description: The program TeamViewer.exe version 8.0.30992.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1750

Start Time: 01d0125b88a936f9

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

Report Id: 3a37d1db-7e55-11e4-82b1-dc85de1f8d86

Faulting package full name: 

Faulting package-relative application ID:

Error: (12/07/2014 09:52:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GastroBlitz.exe, version: 1.5.9.62, time stamp: 0x5484bbf7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe0434352
Fault offset: 0x00014598
Faulting process id: 0xaf0
Faulting application start time: 0xGastroBlitz.exe0
Faulting application path: GastroBlitz.exe1
Faulting module path: GastroBlitz.exe2
Report Id: GastroBlitz.exe3
Faulting package full name: GastroBlitz.exe4
Faulting package-relative application ID: GastroBlitz.exe5

Error: (12/07/2014 09:52:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GastroBlitz.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.DirectoryNotFoundException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.Directory.Delete(System.String, System.String, Boolean, Boolean)
   at System.IO.DirectoryInfo.Delete(Boolean)
   at GastroBlitz.Program.Main()

Error: (12/07/2014 09:52:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GastroBlitz.exe, version: 1.5.9.62, time stamp: 0x5484bbf7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe0434352
Fault offset: 0x00014598
Faulting process id: 0xb88
Faulting application start time: 0xGastroBlitz.exe0
Faulting application path: GastroBlitz.exe1
Faulting module path: GastroBlitz.exe2
Report Id: GastroBlitz.exe3
Faulting package full name: GastroBlitz.exe4
Faulting package-relative application ID: GastroBlitz.exe5

Error: (12/07/2014 09:52:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GastroBlitz.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.DirectoryNotFoundException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.Directory.Delete(System.String, System.String, Boolean, Boolean)
   at System.IO.DirectoryInfo.Delete(Boolean)
   at GastroBlitz.Program.Main()

Error: (12/07/2014 09:47:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GastroBlitz.exe, version: 1.5.9.62, time stamp: 0x5484bbf7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe0434352
Fault offset: 0x00014598
Faulting process id: 0x1998
Faulting application start time: 0xGastroBlitz.exe0
Faulting application path: GastroBlitz.exe1
Faulting module path: GastroBlitz.exe2
Report Id: GastroBlitz.exe3
Faulting package full name: GastroBlitz.exe4
Faulting package-relative application ID: GastroBlitz.exe5


System errors:
=============
Error: (12/12/2014 08:22:45 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (12/12/2014 08:22:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EPSON PCS Parallel Port Driver service failed to start due to the following error: 
%%20

Error: (12/12/2014 08:22:43 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "1E85DE1ECA36" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.

Error: (12/12/2014 08:22:43 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "1E85DE1ECA36" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.

Error: (12/12/2014 07:29:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EPSON PCS Parallel Port Driver service failed to start due to the following error: 
%%20

Error: (12/12/2014 07:28:23 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/12/2014 07:28:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EPSON PCS Parallel Port Driver service failed to start due to the following error: 
%%20

Error: (12/12/2014 07:08:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EPSON PCS Parallel Port Driver service failed to start due to the following error: 
%%20

Error: (12/12/2014 07:04:58 PM) (Source: DCOM) (EventID: 10010) (User: DOMAENE)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/12/2014 07:04:58 PM) (Source: DCOM) (EventID: 10010) (User: DOMAENE)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (12/12/2014 00:21:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (12/12/2014 00:21:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d664800000030000142526bc01d014d91603c967C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll09ad7eef-81f1-11e4-82b3-dc85de1f8d86

Error: (12/11/2014 00:02:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_winethc.dll6.3.9600.1741554504eb8USER32.dll6.3.9600.174155450559ec000014200000000000ec5a0283401d014cd5efbe925C:\Windows\System32\rundll32.exeUSER32.dll9caca3a6-80c0-11e4-82b3-dc85de1f8d86

Error: (12/09/2014 10:02:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DVDFab.exe9.0.5.551f1e399unknown0.0.0.000000000c0000005af3bed947bc01d013f36df64391C:\Program Files (x86)\DVDFab 9\DVDFab.exeunknownabecb94b-7fe6-11e4-82b2-dc85de1f8d86

Error: (12/07/2014 10:08:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TeamViewer.exe8.0.30992.0175001d0125b88a936f94294967295C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe3a37d1db-7e55-11e4-82b1-dc85de1f8d86

Error: (12/07/2014 09:52:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GastroBlitz.exe1.5.9.625484bbf7KERNELBASE.dll6.3.9600.1741554504adee043435200014598af001d0125fad924723C:\Users\USER.DOMAENE\Desktop\Debug\GastroBlitz.exeC:\Windows\SYSTEM32\KERNELBASE.dlleb510adc-7e52-11e4-82b1-dc85de1f8d86

Error: (12/07/2014 09:52:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GastroBlitz.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.DirectoryNotFoundException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.Directory.Delete(System.String, System.String, Boolean, Boolean)
   at System.IO.DirectoryInfo.Delete(Boolean)
   at GastroBlitz.Program.Main()

Error: (12/07/2014 09:52:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GastroBlitz.exe1.5.9.625484bbf7KERNELBASE.dll6.3.9600.1741554504adee043435200014598b8801d0125fa90e546eC:\Users\USER.DOMAENE\Desktop\Debug\GastroBlitz.exeC:\Windows\SYSTEM32\KERNELBASE.dlle6cd181a-7e52-11e4-82b1-dc85de1f8d86

Error: (12/07/2014 09:52:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GastroBlitz.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.DirectoryNotFoundException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.Directory.Delete(System.String, System.String, Boolean, Boolean)
   at System.IO.DirectoryInfo.Delete(Boolean)
   at GastroBlitz.Program.Main()

Error: (12/07/2014 09:47:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GastroBlitz.exe1.5.9.625484bbf7KERNELBASE.dll6.3.9600.1741554504adee043435200014598199801d0125f0994d1a5C:\Users\USER.DOMAENE\Desktop\Debug\GastroBlitz.exeC:\Windows\SYSTEM32\KERNELBASE.dll47682fa8-7e52-11e4-82b1-dc85de1f8d86


CodeIntegrity Errors:
===================================
  Date: 2014-11-30 17:32:19.121
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 17:32:18.715
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 17:29:35.707
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 17:29:35.363
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 17:28:59.705
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 17:28:59.361
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 17:28:58.861
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 17:28:58.377
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 17:26:39.339
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 17:26:38.948
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 37%
Total physical RAM: 8013.58 MB
Available physical RAM: 5043.85 MB
Total Pagefile: 16205.58 MB
Available Pagefile: 12169.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:116.84 GB) (Free:7.66 GB) NTFS
Drive d: (DATEN) (Fixed) (Total:359.75 GB) (Free:164.67 GB) NTFS
Drive j: () (Network) (Total:182 GB) (Free:55 GB) 
Drive k: () (Network) (Total:182 GB) (Free:55 GB) 
Drive p: () (Network) (Total:182 GB) (Free:55 GB) 
Drive w: () (Network) (Total:182 GB) (Free:55 GB) 
Drive x: () (Network) (Total:182 GB) (Free:55 GB) 

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: FABF76F1)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=359.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 12.12.2014, 20:06   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung - Standard

Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung



hi,

FRST.txt fehlt noch.
__________________

__________________

Alt 12.12.2014, 20:13   #3
tempes2k
 
Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung - Standard

Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung



huhu Schrauber dir frst ist viel zu groß über 500.000 Zeichen,....
was soll ich machen ?! ;(

Der Text, den Sie eingegeben haben, besteht aus 535775 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen.
__________________

Alt 13.12.2014, 16:31   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung - Standard

Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung
adware, antworten, bereits, board, firefox, forum, geladen, infiziert, laufen, lavasoft, liebe, lieben, mbam, nicht geladen, rechner, seite, seiten, suche, troja, trojaner, trojaner board, umleitung, worte, yahoo, zuviel



Ähnliche Themen: Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung


  1. Windows 8, Mozilla Firefox: Feven 2.2 lässt sich nicht deinstallieren, re-markit eventuell noch vorhanden
    Log-Analyse und Auswertung - 08.10.2015 (24)
  2. Win Xp Umleitung auf Werbeseiten in Firefox
    Log-Analyse und Auswertung - 25.05.2015 (7)
  3. Problem..Viren auf der festplatte, eventuell Bootblock infiziert bitte um Hilfe
    Log-Analyse und Auswertung - 02.05.2015 (4)
  4. Spyhunter4 und webssearches.com (im Firefox) aktiv, eventuell noch mehr
    Log-Analyse und Auswertung - 06.12.2014 (7)
  5. Firefox leitet auf Yahoo Search um
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (12)
  6. Firefox leitet eventuell auf Localhost weiter
    Plagegeister aller Art und deren Bekämpfung - 02.06.2014 (9)
  7. Firefox Quickstark auf einmal yahoo-Suchmaschine
    Plagegeister aller Art und deren Bekämpfung - 04.05.2014 (12)
  8. Pc Performer läßt sich nicht deinstallieren. Eventuell noch mehr Malware oder Viren auf dem Rechner
    Plagegeister aller Art und deren Bekämpfung - 31.10.2013 (14)
  9. Yahoo Fremdzugriff - Spam Mails an Adressbuch verschickt - PC infiziert?
    Log-Analyse und Auswertung - 19.03.2013 (5)
  10. Immer wieder Umleitung auf Yahoo-Search - Trojaner/Virus?
    Plagegeister aller Art und deren Bekämpfung - 12.02.2013 (10)
  11. eventuell Backdoor-Trojaner auf meinem Rechner?
    Log-Analyse und Auswertung - 28.10.2011 (10)
  12. Eventuell mit Facebook-Trojaner infiziert - Bild datei mit .scr Endung
    Plagegeister aller Art und deren Bekämpfung - 22.10.2011 (7)
  13. Firefox springt auf Yahoo 404 - page nor found
    Plagegeister aller Art und deren Bekämpfung - 23.09.2011 (54)
  14. Outlook, Word und Firefox schliessen sich selbständig!Eventuell ein Virus eingefangen?
    Log-Analyse und Auswertung - 08.03.2011 (19)
  15. Yahoo-Leiste in Firefox
    Alles rund um Windows - 29.04.2010 (2)
  16. Eventuell betroffen - Firefox beginnt sich aufzuhängen, dann der ganze PC.
    Log-Analyse und Auswertung - 28.12.2009 (1)
  17. Yahoo.de ist die Seite infiziert ? mein Virenscanner schlägt an!
    Diskussionsforum - 28.12.2009 (1)

Zum Thema Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung - Hallo Trojaner Board, Anbei die entsprechenden Logs. Ich bin mir leider nicht sicher, ob mein Rechner nicht eventuell (noch) infiziert ist. Aufgefallen ist mir, dass wenn ich firefox etwas suche - Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung...
Archiv
Du betrachtest: Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.