Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Bundestrojaner Windows 7

Bundestrojaner Windows 7


Plagegeister aller Art und deren Bekämpfung: Bundestrojaner Windows 7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 15.11.2013, 17:12   #1
spaceinvade
 
Bundestrojaner Windows 7 - Standard

Bundestrojaner Windows 7


Hallo,
Mein rechner wird nach hochfahren durch den "Bundestrojaner/Interpol" gesperrt. Wenn ich mich im Abgesicherten Modus anmelde fährt der Rechner sofort neu hoch.
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by SYSTEM on MININT-7URAF10 on 15-11-2013 15:23:58
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7834656 2009-06-03] (Realtek Semiconductor)
HKLM\...\Run: [dldtmon.exe] - C:\Program Files (x86)\Dell V305\dldtmon.exe [672424 2009-07-30] ()
HKLM\...\Run: [dldtamon] - C:\Program Files (x86)\Dell V305\dldtamon.exe [16040 2009-07-30] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [2345848 2009-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] ()
HKLM-x32\...\Run: [DellSupportCenter] - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1484856 2010-06-30] (McAfee, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Bernhard\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-12] (Google Inc.)
HKU\Bernhard\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5628800 2012-10-16] (SUPERAntiSpyware.com)
HKU\Bernhard\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKU\Bernhard\...\RunOnce: [osk.exe] - C:\Windows\System32\osk.exe [692736 2009-07-14] (Microsoft Corporation)
HKU\Bernhard\...\Winlogon: [Shell] explorer.exe,C:\Users\Bernhard\AppData\Roaming\Other.res [147456 2011-11-17] () <==== ATTENTION 
HKU\Kristina\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\Kristina\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-12] (Google Inc.)
HKU\Kristina\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [26192168 2010-05-13] (Skype Technologies S.A.)
HKU\Kristina\...\Run: [ICQ] - "C:\Program Files (x86)\ICQ6.5\ICQ.exe" silent
HKU\Kristina\...\Run: [EA Core] - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)
HKU\KristinaSpaten\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-12] (Google Inc.)
HKU\KristinaSpaten\...\Run: [ICQ] - "C:\Program Files (x86)\ICQ6.5\ICQ.exe" silent
HKU\KristinaSpaten\...\Run: [Facebook Update] - C:\Users\KristinaSpaten\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-21] (Facebook Inc.)
HKU\KristinaSpaten\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Startup: C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\KristinaSpaten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\KristinaSpaten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\TEMP.Korn-inspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\TEMP.Korn-inspire.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\TEMP.Korn-inspire.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\TEMP.Korn-inspire.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin)
S2 dldtCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe [33448 2009-07-09] ()
S2 dldt_device; c:\Windows\System32\dldtcoms.exe [1044648 2009-07-09] ( )
S2 dldt_device; c:\Windows\SysWow64\dldtcoms.exe [594600 2009-07-09] ( )
S2 gupdate1ca8335bc5a0068; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-12-22] (Google Inc.)
S2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [246520 2010-06-02] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [509416 2010-04-15] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199032 2010-05-31] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [244840 2010-05-31] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [148520 2010-05-31] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62416 2010-05-31] (McAfee, Inc.)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121504 2010-05-31] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [189880 2010-05-31] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [440688 2010-05-31] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [528616 2010-05-31] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75288 2010-05-31] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [93840 2010-05-31] (McAfee, Inc.)
S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [279752 2010-05-31] (McAfee, Inc.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2012-01-04] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-15 15:23 - 2013-11-15 15:23 - 00000000 ____D C:\FRST
2013-11-08 19:56 - 2013-11-08 19:56 - 00000000 __RSD C:\Users\Bernhard\Documents\My Stationery
2013-10-20 19:47 - 2013-10-20 19:47 - 00018719 _____ C:\Users\Bernhard\Desktop\hs_err_pid2200.log

==================== One Month Modified Files and Folders =======

2013-11-15 15:23 - 2013-11-15 15:23 - 00000000 ____D C:\FRST
2013-11-15 15:09 - 2012-08-25 19:15 - 00040692 _____ C:\Windows\setupact.log
2013-11-15 15:09 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-15 14:59 - 2009-12-22 19:59 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-15 14:55 - 2009-12-22 19:59 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-15 14:52 - 2013-01-04 09:16 - 00230929 _____ C:\Windows\WindowsUpdate.log
2013-11-13 22:33 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-13 22:33 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-13 17:10 - 2013-03-10 16:20 - 00001933 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 17:10 - 2013-03-10 16:20 - 00001933 _____ C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 17:09 - 2013-10-12 20:25 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-10 18:25 - 2011-09-07 21:15 - 00001174 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2241643563-3115395532-3219189186-1004UA.job
2013-11-10 15:25 - 2011-09-07 21:15 - 00001152 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2241643563-3115395532-3219189186-1004Core.job
2013-11-08 19:56 - 2013-11-08 19:56 - 00000000 __RSD C:\Users\Bernhard\Documents\My Stationery
2013-11-04 21:31 - 2009-11-10 16:36 - 00000000 ____D C:\ProgramData\Dl_cats
2013-11-01 15:18 - 2012-10-08 11:25 - 00000000 ____D C:\Users\KristinaSpaten\AppData\Roaming\Dropbox
2013-10-31 22:20 - 2009-07-14 18:58 - 00654150 _____ C:\Windows\System32\perfh007.dat
2013-10-31 22:20 - 2009-07-14 18:58 - 00130022 _____ C:\Windows\System32\perfc007.dat
2013-10-31 22:20 - 2009-07-14 06:13 - 01498568 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-28 15:31 - 2009-11-15 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-25 19:03 - 2013-02-11 13:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-20 19:47 - 2013-10-20 19:47 - 00018719 _____ C:\Users\Bernhard\Desktop\hs_err_pid2200.log
2013-10-16 19:02 - 2013-02-11 19:09 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-16 19:02 - 2013-02-11 19:09 - 00002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk

Files to move or delete:
====================
C:\ProgramData\ldsw_0paos.pad
C:\ProgramData\OJflMkHhBv.exe


Some content of TEMP:
====================
C:\Users\Bernhard\AppData\Local\Temp\APNStub.exe
C:\Users\Bernhard\AppData\Local\Temp\DirectX11_update.exe
C:\Users\Bernhard\AppData\Local\Temp\EADF5C.exe
C:\Users\Bernhard\AppData\Local\Temp\FileSystemView.dll
C:\Users\Bernhard\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Bernhard\AppData\Local\Temp\jQJ0cyI.exe
C:\Users\Bernhard\AppData\Local\Temp\jQJ0cyI0.exe
C:\Users\Bernhard\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Bernhard\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Bernhard\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Bernhard\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Bernhard\AppData\Local\Temp\msimg32.dll
C:\Users\Kristina\AppData\Local\Temp\EAD166C.exe
C:\Users\Kristina\AppData\Local\Temp\EAD234B.exe
C:\Users\Kristina\AppData\Local\Temp\EAD2AF6.exe
C:\Users\Kristina\AppData\Local\Temp\EAD32F2.exe
C:\Users\Kristina\AppData\Local\Temp\EAD34D5.exe
C:\Users\Kristina\AppData\Local\Temp\EAD59A4.exe
C:\Users\Kristina\AppData\Local\Temp\EAD5E27.exe
C:\Users\Kristina\AppData\Local\Temp\EAD6067.exe
C:\Users\Kristina\AppData\Local\Temp\EAD68D1.exe
C:\Users\Kristina\AppData\Local\Temp\EAD8B6.exe
C:\Users\Kristina\AppData\Local\Temp\EAD8DBD.exe
C:\Users\Kristina\AppData\Local\Temp\EAD8E0D.exe
C:\Users\Kristina\AppData\Local\Temp\EAD8F53.exe
C:\Users\Kristina\AppData\Local\Temp\EAD90E9.exe
C:\Users\Kristina\AppData\Local\Temp\EAD91B3.exe
C:\Users\Kristina\AppData\Local\Temp\EAD91F2.exe
C:\Users\Kristina\AppData\Local\Temp\EAD9349.exe
C:\Users\Kristina\AppData\Local\Temp\EAD93F5.exe
C:\Users\Kristina\AppData\Local\Temp\EAD9693.exe
C:\Users\Kristina\AppData\Local\Temp\EAD981.exe
C:\Users\Kristina\AppData\Local\Temp\EAD9932.exe
C:\Users\Kristina\AppData\Local\Temp\EAD9971.exe
C:\Users\Kristina\AppData\Local\Temp\EAD9A2.exe
C:\Users\Kristina\AppData\Local\Temp\EAD9A7A.exe
C:\Users\Kristina\AppData\Local\Temp\EAD9B73.exe
C:\Users\Kristina\AppData\Local\Temp\EAD9BD1.exe
C:\Users\Kristina\AppData\Local\Temp\EAD9C6D.exe
C:\Users\Kristina\AppData\Local\Temp\EAD9DD4.exe
C:\Users\Kristina\AppData\Local\Temp\EAD9EDD.exe
C:\Users\Kristina\AppData\Local\Temp\EAD9EFC.exe
C:\Users\Kristina\AppData\Local\Temp\EAD9EFD.exe
C:\Users\Kristina\AppData\Local\Temp\EADA0B1.exe
C:\Users\Kristina\AppData\Local\Temp\EADA1D9.exe
C:\Users\Kristina\AppData\Local\Temp\EADA2C3.exe
C:\Users\Kristina\AppData\Local\Temp\EADA3FB.exe
C:\Users\Kristina\AppData\Local\Temp\EADA478.exe
C:\Users\Kristina\AppData\Local\Temp\EADA514.exe
C:\Users\Kristina\AppData\Local\Temp\EADA755.exe
C:\Users\Kristina\AppData\Local\Temp\EADA7B3.exe
C:\Users\Kristina\AppData\Local\Temp\EADA811.exe
C:\Users\Kristina\AppData\Local\Temp\EADA86E.exe
C:\Users\Kristina\AppData\Local\Temp\EADA8EB.exe
C:\Users\Kristina\AppData\Local\Temp\EADA8EC.exe
C:\Users\Kristina\AppData\Local\Temp\EADA91A.exe
C:\Users\Kristina\AppData\Local\Temp\EADA977.exe
C:\Users\Kristina\AppData\Local\Temp\EADA9B6.exe
C:\Users\Kristina\AppData\Local\Temp\EADAA52.exe
C:\Users\Kristina\AppData\Local\Temp\EADAAEE.exe
C:\Users\Kristina\AppData\Local\Temp\EADAB2C.exe
C:\Users\Kristina\AppData\Local\Temp\EADABD8.exe
C:\Users\Kristina\AppData\Local\Temp\EADAC16.exe
C:\Users\Kristina\AppData\Local\Temp\EADAC55.exe
C:\Users\Kristina\AppData\Local\Temp\EADACA3.exe
C:\Users\Kristina\AppData\Local\Temp\EADAE09.exe
C:\Users\Kristina\AppData\Local\Temp\EADAE77.exe
C:\Users\Kristina\AppData\Local\Temp\EADAF22.exe
C:\Users\Kristina\AppData\Local\Temp\EADB0B8.exe
C:\Users\Kristina\AppData\Local\Temp\EADB173.exe
C:\Users\Kristina\AppData\Local\Temp\EADB318.exe
C:\Users\Kristina\AppData\Local\Temp\EADB395.exe
C:\Users\Kristina\AppData\Local\Temp\EADB4AE.exe
C:\Users\Kristina\AppData\Local\Temp\EADB53A.exe
C:\Users\Kristina\AppData\Local\Temp\EADB77B.exe
C:\Users\Kristina\AppData\Local\Temp\EADB885.exe
C:\Users\Kristina\AppData\Local\Temp\EADBC4C.exe
C:\Users\Kristina\AppData\Local\Temp\EADC16A.exe
C:\Users\Kristina\AppData\Local\Temp\EADC457.exe
C:\Users\Kristina\AppData\Local\Temp\EADC908.exe
C:\Users\Kristina\AppData\Local\Temp\EADCA9E.exe
C:\Users\Kristina\AppData\Local\Temp\EADCB3A.exe
C:\Users\Kristina\AppData\Local\Temp\EADCC81.exe
C:\Users\Kristina\AppData\Local\Temp\EADCCB0.exe
C:\Users\Kristina\AppData\Local\Temp\EADD049.exe
C:\Users\Kristina\AppData\Local\Temp\EADD134.exe
C:\Users\Kristina\AppData\Local\Temp\EADD190.exe
C:\Users\Kristina\AppData\Local\Temp\EADD335.exe
C:\Users\Kristina\AppData\Local\Temp\EADD9BB.exe
C:\Users\Kristina\AppData\Local\Temp\EADDAA5.exe
C:\Users\Kristina\AppData\Local\Temp\EADDBEC.exe
C:\Users\Kristina\AppData\Local\Temp\EADDCB7.exe
C:\Users\Kristina\AppData\Local\Temp\EADDCE6.exe
C:\Users\Kristina\AppData\Local\Temp\EADDDDF.exe
C:\Users\Kristina\AppData\Local\Temp\EADDE7B.exe
C:\Users\Kristina\AppData\Local\Temp\EADDEC9.exe
C:\Users\Kristina\AppData\Local\Temp\EADDEDA.exe
C:\Users\Kristina\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\KristinaSpaten\AppData\Local\Temp\E8FC7D~1.exe
C:\Users\KristinaSpaten\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\KristinaSpaten\AppData\Local\Temp\SearchWithGoogleUpdate.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

8
Restore point made on: 2013-08-31 09:08:18
Restore point made on: 2013-09-28 19:53:08
Restore point made on: 2013-09-29 11:07:54
Restore point made on: 2013-09-29 11:11:44
Restore point made on: 2013-09-29 11:13:21
Restore point made on: 2013-10-13 19:15:50
Restore point made on: 2013-10-27 12:53:02
Restore point made on: 2013-11-03 19:49:20

==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 3061.18 MB
Available physical RAM: 2467.67 MB
Total Pagefile: 3059.32 MB
Available Pagefile: 2494.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.9 GB) (Free:184.26 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:9.12 GB) (Free:4.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:1.85 GB) (Free:1.76 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B8000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)


LastRegBack: 2013-11-02 21:35

==================== End Of Log ============================
Danke im voraus

 

Themen zu Bundestrojaner Windows 7
adobe, association, desktop, explorer, explorer.exe, farbar recovery scan tool, google, home, icq, malwarebytes, messenger, microsoft, mozilla, neu, realtek, registry, scan, security, services.exe, stick, superantispyware, svchost.exe, system, temp, usb, windows, winlogon.exe


« Google Chrome öffnet "Sponsorship"-Tabs | Nach SUMo Softwareupdater Funde »


Ähnliche Themen: Bundestrojaner Windows 7


  1. Windows 8.1 Trojaner (Bundestrojaner)
    Log-Analyse und Auswertung - 11.10.2015 (7)
  2. Windows 8: Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2015 (13)
  3. Bundestrojaner Windows 7
    Log-Analyse und Auswertung - 26.01.2015 (11)
  4. Windows 7: Umleitung auf Bundestrojaner-Site
    Log-Analyse und Auswertung - 07.01.2015 (11)
  5. Windows-probleme nach Bundestrojaner
    Alles rund um Windows - 29.10.2013 (5)
  6. Windows XP: PC bleibt bei Bundestrojaner hängen.
    Log-Analyse und Auswertung - 23.10.2013 (3)
  7. Bundestrojaner auf Windows-XP Rechner
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (7)
  8. Bundestrojaner GVU Windows 7 64 bit
    Log-Analyse und Auswertung - 12.10.2013 (8)
  9. Windows XP: Bundestrojaner und regmonstd auf meinem PC
    Log-Analyse und Auswertung - 10.10.2013 (22)
  10. Bundestrojaner auf Windows XP - OTL.Txt dabei
    Log-Analyse und Auswertung - 28.09.2013 (24)
  11. Bundestrojaner überschreibt Windows BootManager
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (11)
  12. Windows Update Trojaner Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (22)
  13. Bundestrojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (7)
  14. Bundestrojaner vs. Windows 7 x64 + OTL-Log
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (3)
  15. Bundestrojaner Windows 7 blockiert
    Log-Analyse und Auswertung - 08.04.2012 (29)
  16. Ukash 100€ Bundestrojaner Windows Vista sp 2
    Plagegeister aller Art und deren Bekämpfung - 17.03.2012 (2)
  17. Bundestrojaner (Windows 7 64-Bit)
    Log-Analyse und Auswertung - 16.03.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundestrojaner Windows 7 - Hallo, Mein rechner wird nach hochfahren durch den "Bundestrojaner/Interpol" gesperrt. Wenn ich mich im Abgesicherten Modus anmelde fährt der Rechner sofort neu hoch. Code: Alles auswählen Aufklappen ATTFilter Scan result - Bundestrojaner Windows 7...
Archiv
Du betrachtest: Bundestrojaner Windows 7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19