| |
| |||||||
Log-Analyse und Auswertung: Desktop gesperrt, "Interpol-Trojaner"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.10.2013, 01:37
| #1 |
| |  Desktop gesperrt, "Interpol-Trojaner" Hallo, bitte um Hilfe. Trojaner eingefangen. Interpoltrojaner, ober links und rechts in der Ecke Bilder von Frau Merkel und Herrn Steinbrück. Habe bei euch im Forum gelesen und auch schon Scanloc mir FRST gemacht. Bitte nun um weitere Hilfe Eurerseits. Noch eine Frage, Wann und Wo muss ich dann die Windows+R-Taste drücken? Vielen Dank schon einmal im Vorraus. mfg Martin Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2013
Ran by SYSTEM on MININT-BLOTO4P on 26-10-2013 01:51:35
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69560 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-16] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2010-08-06] (Lenovo)
HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5879608 2009-08-26] (Lenovo Group Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-02] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [TSMResident] - C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMRESIDENT.EXE [476520 2010-03-28] (Lenovo Group Limited)
HKLM-x32\...\Run: [TabletButton] - C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TabletButton.EXE [58728 2010-03-28] (Lenovo Group Limited )
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKU\Default\...\RunOnce: [wlstart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [911184 2010-06-12] (Microsoft Corporation)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [wlstart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [911184 2010-06-12] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
HKU\Martin\...\Run: [Udofy] - C:\Users\Martin\AppData\Roaming\Amcoab\ovobf.exe [313344 2010-12-13] (CastFree Software)
HKU\Martin\...\Winlogon: [Shell] explorer.exe,C:\Users\Martin\AppData\Roaming\cache.dat [75264 2013-08-28] () <==== ATTENTION
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fbzjg4t.lnk
ShortcutTarget: fbzjg4t.lnk -> C:\PROGRA~3\t4gjzbf.dss ()
==================== Services (Whitelisted) =================
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2010-02-01] (ABBYY)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-03] (Avira Operations GmbH & Co. KG)
S2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe [79136 2010-03-28] (Lenovo Group Limited)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [164200 2010-08-04] (Lenovo.)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-06] (Lenovo Group Limited)
S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] ()
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [331512 2010-04-25] (QUALCOMM, Inc.)
S2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMService.exe [71016 2010-03-28] (Lenovo Group Limited)
S2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
==================== Drivers (Whitelisted) ====================
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [953904 2010-11-22] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-11-06] (Symantec Corporation)
S1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2009-07-28] (Lenovo)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101130.001\IDSvia64.sys [476720 2010-10-19] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20101205.002\ENG64.SYS [117808 2010-11-06] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20101205.002\EX64.SYS [1804336 2010-11-06] (Symantec Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2010-09-27] ()
S3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [6400 2010-04-25] (QUALCOMM Incorporated)
S3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [243712 2010-04-25] (QUALCOMM Incorporated)
S3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [121600 2010-04-25] (QUALCOMM Incorporated)
S2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-02] (Duplex Secure Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-01-11] (Generic)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-04] ()
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
S3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S3 wisdpen; C:\Windows\System32\DRIVERS\wisdpen.sys [44200 2009-08-23] (Wacom Technology)
S3 PCDSRVC{127174DC-C366ED8B-06020000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-26 01:51 - 2013-10-26 01:51 - 00000000 ____D C:\FRST
2013-10-25 02:42 - 2013-10-25 02:42 - 00000279 _____ C:\ProgramData\fbzjg4t.reg
2013-10-25 02:41 - 2013-10-25 02:44 - 00000004 _____ C:\Users\Martin\AppData\Roaming\cache.ini
2013-10-25 02:39 - 2013-10-25 02:42 - 95025368 ____T C:\ProgramData\fbzjg4t.bxx
2013-10-25 02:39 - 2013-10-25 02:42 - 00000000 _____ C:\ProgramData\fbzjg4t.fvv
2013-10-25 02:39 - 2013-10-25 02:39 - 00177664 _____ C:\ProgramData\t4gjzbf.dss
2013-10-25 02:39 - 2013-10-25 02:39 - 00061544 ____T (Microsoft Corporation) C:\ProgramData\fbzjg4t.pss
2013-10-25 02:21 - 2013-10-25 02:21 - 102943771 _____ C:\Windows\SysWOW64\炆썰W
2013-10-24 10:56 - 2013-10-24 10:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-23 11:49 - 2013-10-23 11:50 - 00000226 _____ C:\Users\Martin\Desktop\Neues Textdokument (2).txt
2013-10-23 06:45 - 2013-10-25 02:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-23 06:45 - 2013-10-23 06:45 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-23 01:53 - 2013-10-23 01:53 - 00000000 ____D C:\ProgramData\Oracle
2013-10-23 01:52 - 2013-10-23 01:52 - 00312744 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-10-23 01:52 - 2013-10-23 01:52 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-10-23 01:52 - 2013-10-23 01:52 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-10-23 01:52 - 2013-10-23 01:52 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-10-23 01:52 - 2013-10-23 01:52 - 00000000 ____D C:\Program Files\Java
2013-10-22 01:59 - 2013-10-24 00:08 - 00001148 _____ C:\Windows\PFRO.log
2013-10-21 07:07 - 2013-10-22 11:04 - 00002484 _____ C:\Windows\IE9_main.log
2013-10-21 07:05 - 2013-10-21 07:07 - 36965680 _____ (Microsoft Corporation) C:\Users\Martin\Desktop\IE9-Windows7-x64-deu.exe
2013-10-21 06:53 - 2013-10-21 06:57 - 00281896 _____ (Mozilla) C:\Users\Martin\Desktop\Firefox Setup Stub 24.0.exe
2013-10-21 06:43 - 2013-10-21 06:45 - 22537616 _____ (Mozilla) C:\Users\Martin\Downloads\Firefox_Setup_de24.0.exe
2013-10-09 15:03 - 2013-10-09 15:03 - 00020784 _____ C:\Users\Martin\Desktop\S2DrumMapsWN.zip
2013-10-08 15:32 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-08 15:32 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-08 15:32 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-08 15:32 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-08 15:32 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-08 15:32 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-08 15:32 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-08 15:32 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-08 15:32 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-08 15:32 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-08 15:32 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-08 15:32 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-08 15:32 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-08 15:32 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-08 15:32 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-08 15:32 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-08 15:32 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-08 15:32 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-08 15:32 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-08 15:32 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-08 15:32 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-08 15:32 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-08 15:32 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-08 15:32 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-08 15:32 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-08 15:32 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-08 15:32 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-08 15:32 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-08 15:32 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-08 15:32 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-08 15:31 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-08 14:35 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-08 14:35 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-08 14:35 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-08 14:35 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-08 14:35 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-08 14:35 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-08 14:35 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-08 14:35 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-08 14:35 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-08 14:35 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-08 14:35 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-08 14:35 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-08 14:33 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-08 14:33 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-08 14:33 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-08 14:33 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-08 14:33 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-08 14:33 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-08 14:33 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-08 14:33 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-08 14:33 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-08 14:33 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-10-08 14:33 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-08 14:33 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-08 14:33 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-08 14:33 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-08 14:33 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-10-08 14:33 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-08 14:33 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-08 14:33 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-08 14:33 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-08 14:33 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-08 14:33 - 2013-08-28 17:50 - 00075264 _____ C:\Users\Martin\AppData\Roaming\cache.dat
2013-10-08 14:33 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-08 14:33 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-08 14:33 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-08 14:33 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-08 14:33 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-08 14:33 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-08 14:33 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-08 14:33 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-08 14:33 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-08 14:33 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 14:33 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 14:33 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-08 14:33 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-08 14:33 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-08 14:33 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-08 14:33 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-08 14:33 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-08 14:33 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-08 14:33 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-08 14:33 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-08 14:33 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
==================== One Month Modified Files and Folders =======
2013-10-26 01:51 - 2013-10-26 01:51 - 00000000 ____D C:\FRST
2013-10-25 15:37 - 2010-09-27 13:53 - 00000332 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-10-25 02:47 - 2013-08-03 03:08 - 00000342 _____ C:\Windows\Tasks\dsmonitor.job
2013-10-25 02:47 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-25 02:46 - 2013-08-29 01:39 - 00005130 _____ C:\Windows\setupact.log
2013-10-25 02:44 - 2013-10-25 02:41 - 00000004 _____ C:\Users\Martin\AppData\Roaming\cache.ini
2013-10-25 02:42 - 2013-10-25 02:42 - 00000279 _____ C:\ProgramData\fbzjg4t.reg
2013-10-25 02:42 - 2013-10-25 02:39 - 95025368 ____T C:\ProgramData\fbzjg4t.bxx
2013-10-25 02:42 - 2013-10-25 02:39 - 00000000 _____ C:\ProgramData\fbzjg4t.fvv
2013-10-25 02:41 - 2013-10-23 06:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-25 02:39 - 2013-10-25 02:39 - 00177664 _____ C:\ProgramData\t4gjzbf.dss
2013-10-25 02:39 - 2013-10-25 02:39 - 00061544 ____T (Microsoft Corporation) C:\ProgramData\fbzjg4t.pss
2013-10-25 02:32 - 2013-09-16 10:45 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Ubew
2013-10-25 02:31 - 2010-09-27 13:44 - 01561717 _____ C:\Windows\WindowsUpdate.log
2013-10-25 02:28 - 2009-07-13 20:45 - 00020480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-25 02:28 - 2009-07-13 20:45 - 00020480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-25 02:22 - 2010-12-09 10:58 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2013-10-25 02:21 - 2013-10-25 02:21 - 102943771 _____ C:\Windows\SysWOW64\炆썰W
2013-10-24 10:56 - 2013-10-24 10:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-24 10:33 - 2010-11-10 12:33 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{612A3D54-6321-4A5E-A05A-A1FEE27DEAAC}
2013-10-24 00:08 - 2013-10-22 01:59 - 00001148 _____ C:\Windows\PFRO.log
2013-10-23 13:54 - 2010-11-05 07:11 - 00000000 ____D C:\Users\Martin\AppData\Roaming\SoftGrid Client
2013-10-23 11:50 - 2013-10-23 11:49 - 00000226 _____ C:\Users\Martin\Desktop\Neues Textdokument (2).txt
2013-10-23 06:45 - 2013-10-23 06:45 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-23 06:23 - 2013-08-20 15:17 - 00000158 _____ C:\Users\Martin\Desktop\Neues Textdokument.txt
2013-10-23 01:53 - 2013-10-23 01:53 - 00000000 ____D C:\ProgramData\Oracle
2013-10-23 01:52 - 2013-10-23 01:52 - 00312744 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-10-23 01:52 - 2013-10-23 01:52 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-10-23 01:52 - 2013-10-23 01:52 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-10-23 01:52 - 2013-10-23 01:52 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-10-23 01:52 - 2013-10-23 01:52 - 00000000 ____D C:\Program Files\Java
2013-10-22 11:13 - 2010-11-06 03:57 - 00000000 ____D C:\Users\Martin\AppData\Local\Mozilla
2013-10-22 11:04 - 2013-10-21 07:07 - 00002484 _____ C:\Windows\IE9_main.log
2013-10-22 05:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-10-22 01:59 - 2009-07-13 21:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-21 07:07 - 2013-10-21 07:05 - 36965680 _____ (Microsoft Corporation) C:\Users\Martin\Desktop\IE9-Windows7-x64-deu.exe
2013-10-21 06:57 - 2013-10-21 06:53 - 00281896 _____ (Mozilla) C:\Users\Martin\Desktop\Firefox Setup Stub 24.0.exe
2013-10-21 06:45 - 2013-10-21 06:43 - 22537616 _____ (Mozilla) C:\Users\Martin\Downloads\Firefox_Setup_de24.0.exe
2013-10-14 03:20 - 2010-09-27 23:09 - 00657116 _____ C:\Windows\System32\perfh007.dat
2013-10-14 03:20 - 2010-09-27 23:09 - 00131678 _____ C:\Windows\System32\perfc007.dat
2013-10-14 03:20 - 2009-07-13 21:13 - 01507102 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-09 15:03 - 2013-10-09 15:03 - 00020784 _____ C:\Users\Martin\Desktop\S2DrumMapsWN.zip
2013-10-09 14:15 - 2009-07-13 20:45 - 00305168 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-08 15:25 - 2013-08-06 13:21 - 00000000 ____D C:\Windows\System32\MRT
2013-10-08 15:23 - 2011-01-27 10:05 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
Files to move or delete:
====================
C:\Users\Martin\AppData\Roaming\cache.dat
C:\Users\Martin\AppData\Roaming\cache.ini
C:\Users\Martin\AppData\Roaming\skype.ini
C:\ProgramData\fbzjg4t.reg
Some content of TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\2SKKKKKKK.exe
C:\Users\Martin\AppData\Local\Temp\h-2094401432.tmp.exe
C:\Users\Martin\AppData\Local\Temp\h-443489874.tmp.exe
C:\Users\Martin\AppData\Local\Temp\h1262077930.tmp.exe
C:\Users\Martin\AppData\Local\Temp\h1671105405.tmp.dll
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
21
Restore point made on: 2013-10-16 14:10:43
Restore point made on: 2013-10-17 02:00:51
Restore point made on: 2013-10-18 04:10:45
Restore point made on: 2013-10-18 09:04:05
Restore point made on: 2013-10-19 08:11:35
Restore point made on: 2013-10-20 05:09:23
Restore point made on: 2013-10-20 07:56:58
Restore point made on: 2013-10-20 11:46:07
Restore point made on: 2013-10-20 15:03:01
Restore point made on: 2013-10-21 12:25:49
Restore point made on: 2013-10-22 02:04:08
Restore point made on: 2013-10-22 02:28:00
Restore point made on: 2013-10-22 03:25:44
Restore point made on: 2013-10-22 04:01:49
Restore point made on: 2013-10-23 00:20:32
Restore point made on: 2013-10-23 01:31:52
Restore point made on: 2013-10-23 01:52:07
Restore point made on: 2013-10-23 07:04:53
Restore point made on: 2013-10-23 14:34:24
Restore point made on: 2013-10-24 02:05:22
Restore point made on: 2013-10-25 02:26:25
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3891.67 MB
Available physical RAM: 3170.66 MB
Total Pagefile: 3889.82 MB
Available Pagefile: 3161.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:205.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:0.01 GB) NTFS
Drive f: () (Removable) (Total:0.24 GB) (Free:0.01 GB) FAT
Drive g: (MARF) (Removable) (Total:1.86 GB) (Free:0.02 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: ACF5BF71)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 243 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=243 MB) - (Type=04)
========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
LastRegBack: 2013-10-22 05:31
==================== End Of Log ============================
|
| Themen zu Desktop gesperrt, "Interpol-Trojaner" |
| adobe, association, avira, explorer.exe, farbar, farbar recovery scan tool, gesperrt, html/iframe.b.gen, interpol trojaner, java/exploit.agent.pym, java/exploit.cve-2013-2465.cf, microsoft, monitor, pup.optional.opencandy, registry, services.exe, svchost.exe, symantec, tablet, temp, trojaner, win32/kryptik.bnpr, win32/kryptik.bnqh, win32/kryptik.bnth, win32/kryptik.bnvl, win64/disabler.a, winlogon.exe |
Baum-Darstellung