|
Plagegeister aller Art und deren Bekämpfung: Bundestrojaner Windows 7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.11.2013, 17:12 | #1 |
| Bundestrojaner Windows 7 Hallo, Mein rechner wird nach hochfahren durch den "Bundestrojaner/Interpol" gesperrt. Wenn ich mich im Abgesicherten Modus anmelde fährt der Rechner sofort neu hoch. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013 Ran by SYSTEM on MININT-7URAF10 on 15-11-2013 15:23:58 Running from G:\ Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7834656 2009-06-03] (Realtek Semiconductor) HKLM\...\Run: [dldtmon.exe] - C:\Program Files (x86)\Dell V305\dldtmon.exe [672424 2009-07-30] () HKLM\...\Run: [dldtamon] - C:\Program Files (x86)\Dell V305\dldtamon.exe [16040 2009-07-30] () HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [2345848 2009-11-05] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] () HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.) HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] () HKLM-x32\...\Run: [DellSupportCenter] - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.) HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe [1904640 2009-03-20] (AVM Berlin) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1484856 2010-06-30] (McAfee, Inc.) HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\Bernhard\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-12] (Google Inc.) HKU\Bernhard\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5628800 2012-10-16] (SUPERAntiSpyware.com) HKU\Bernhard\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom) HKU\Bernhard\...\RunOnce: [osk.exe] - C:\Windows\System32\osk.exe [692736 2009-07-14] (Microsoft Corporation) HKU\Bernhard\...\Winlogon: [Shell] explorer.exe,C:\Users\Bernhard\AppData\Roaming\Other.res [147456 2011-11-17] () <==== ATTENTION HKU\Kristina\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation) HKU\Kristina\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-12] (Google Inc.) HKU\Kristina\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [26192168 2010-05-13] (Skype Technologies S.A.) HKU\Kristina\...\Run: [ICQ] - "C:\Program Files (x86)\ICQ6.5\ICQ.exe" silent HKU\Kristina\...\Run: [EA Core] - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts) HKU\KristinaSpaten\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-12] (Google Inc.) HKU\KristinaSpaten\...\Run: [ICQ] - "C:\Program Files (x86)\ICQ6.5\ICQ.exe" silent HKU\KristinaSpaten\...\Run: [Facebook Update] - C:\Users\KristinaSpaten\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-21] (Facebook Inc.) HKU\KristinaSpaten\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) Startup: C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\KristinaSpaten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\KristinaSpaten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\TEMP.Korn-inspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\TEMP.Korn-inspire.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\TEMP.Korn-inspire.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\TEMP.Korn-inspire.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Services (Whitelisted) ================= S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin) S2 dldtCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe [33448 2009-07-09] () S2 dldt_device; c:\Windows\System32\dldtcoms.exe [1044648 2009-07-09] ( ) S2 dldt_device; c:\Windows\SysWow64\dldtcoms.exe [594600 2009-07-09] ( ) S2 gupdate1ca8335bc5a0068; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-12-22] (Google Inc.) S2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [246520 2010-06-02] () S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [509416 2010-04-15] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199032 2010-05-31] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [244840 2010-05-31] (McAfee, Inc.) S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [148520 2010-05-31] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) ==================== Drivers (Whitelisted) ==================== S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62416 2010-05-31] (McAfee, Inc.) S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121504 2010-05-31] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [189880 2010-05-31] (McAfee, Inc.) S3 mfeavfk01; No ImagePath S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [440688 2010-05-31] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [528616 2010-05-31] (McAfee, Inc.) S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75288 2010-05-31] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [93840 2010-05-31] (McAfee, Inc.) S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [279752 2010-05-31] (McAfee, Inc.) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2012-01-04] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-15 15:23 - 2013-11-15 15:23 - 00000000 ____D C:\FRST 2013-11-08 19:56 - 2013-11-08 19:56 - 00000000 __RSD C:\Users\Bernhard\Documents\My Stationery 2013-10-20 19:47 - 2013-10-20 19:47 - 00018719 _____ C:\Users\Bernhard\Desktop\hs_err_pid2200.log ==================== One Month Modified Files and Folders ======= 2013-11-15 15:23 - 2013-11-15 15:23 - 00000000 ____D C:\FRST 2013-11-15 15:09 - 2012-08-25 19:15 - 00040692 _____ C:\Windows\setupact.log 2013-11-15 15:09 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-15 14:59 - 2009-12-22 19:59 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-15 14:55 - 2009-12-22 19:59 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-15 14:52 - 2013-01-04 09:16 - 00230929 _____ C:\Windows\WindowsUpdate.log 2013-11-13 22:33 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-13 22:33 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-13 17:10 - 2013-03-10 16:20 - 00001933 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-11-13 17:10 - 2013-03-10 16:20 - 00001933 _____ C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk 2013-11-13 17:09 - 2013-10-12 20:25 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-11-10 18:25 - 2011-09-07 21:15 - 00001174 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2241643563-3115395532-3219189186-1004UA.job 2013-11-10 15:25 - 2011-09-07 21:15 - 00001152 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2241643563-3115395532-3219189186-1004Core.job 2013-11-08 19:56 - 2013-11-08 19:56 - 00000000 __RSD C:\Users\Bernhard\Documents\My Stationery 2013-11-04 21:31 - 2009-11-10 16:36 - 00000000 ____D C:\ProgramData\Dl_cats 2013-11-01 15:18 - 2012-10-08 11:25 - 00000000 ____D C:\Users\KristinaSpaten\AppData\Roaming\Dropbox 2013-10-31 22:20 - 2009-07-14 18:58 - 00654150 _____ C:\Windows\System32\perfh007.dat 2013-10-31 22:20 - 2009-07-14 18:58 - 00130022 _____ C:\Windows\System32\perfc007.dat 2013-10-31 22:20 - 2009-07-14 06:13 - 01498568 _____ C:\Windows\System32\PerfStringBackup.INI 2013-10-28 15:31 - 2009-11-15 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-25 19:03 - 2013-02-11 13:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-10-20 19:47 - 2013-10-20 19:47 - 00018719 _____ C:\Users\Bernhard\Desktop\hs_err_pid2200.log 2013-10-16 19:02 - 2013-02-11 19:09 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-10-16 19:02 - 2013-02-11 19:09 - 00002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk Files to move or delete: ==================== C:\ProgramData\ldsw_0paos.pad C:\ProgramData\OJflMkHhBv.exe Some content of TEMP: ==================== C:\Users\Bernhard\AppData\Local\Temp\APNStub.exe C:\Users\Bernhard\AppData\Local\Temp\DirectX11_update.exe C:\Users\Bernhard\AppData\Local\Temp\EADF5C.exe C:\Users\Bernhard\AppData\Local\Temp\FileSystemView.dll C:\Users\Bernhard\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\Bernhard\AppData\Local\Temp\jQJ0cyI.exe C:\Users\Bernhard\AppData\Local\Temp\jQJ0cyI0.exe C:\Users\Bernhard\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Bernhard\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Bernhard\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Bernhard\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe C:\Users\Bernhard\AppData\Local\Temp\msimg32.dll C:\Users\Kristina\AppData\Local\Temp\EAD166C.exe C:\Users\Kristina\AppData\Local\Temp\EAD234B.exe C:\Users\Kristina\AppData\Local\Temp\EAD2AF6.exe C:\Users\Kristina\AppData\Local\Temp\EAD32F2.exe C:\Users\Kristina\AppData\Local\Temp\EAD34D5.exe C:\Users\Kristina\AppData\Local\Temp\EAD59A4.exe C:\Users\Kristina\AppData\Local\Temp\EAD5E27.exe C:\Users\Kristina\AppData\Local\Temp\EAD6067.exe C:\Users\Kristina\AppData\Local\Temp\EAD68D1.exe C:\Users\Kristina\AppData\Local\Temp\EAD8B6.exe C:\Users\Kristina\AppData\Local\Temp\EAD8DBD.exe C:\Users\Kristina\AppData\Local\Temp\EAD8E0D.exe C:\Users\Kristina\AppData\Local\Temp\EAD8F53.exe C:\Users\Kristina\AppData\Local\Temp\EAD90E9.exe C:\Users\Kristina\AppData\Local\Temp\EAD91B3.exe C:\Users\Kristina\AppData\Local\Temp\EAD91F2.exe C:\Users\Kristina\AppData\Local\Temp\EAD9349.exe C:\Users\Kristina\AppData\Local\Temp\EAD93F5.exe C:\Users\Kristina\AppData\Local\Temp\EAD9693.exe C:\Users\Kristina\AppData\Local\Temp\EAD981.exe C:\Users\Kristina\AppData\Local\Temp\EAD9932.exe C:\Users\Kristina\AppData\Local\Temp\EAD9971.exe C:\Users\Kristina\AppData\Local\Temp\EAD9A2.exe C:\Users\Kristina\AppData\Local\Temp\EAD9A7A.exe C:\Users\Kristina\AppData\Local\Temp\EAD9B73.exe C:\Users\Kristina\AppData\Local\Temp\EAD9BD1.exe C:\Users\Kristina\AppData\Local\Temp\EAD9C6D.exe C:\Users\Kristina\AppData\Local\Temp\EAD9DD4.exe C:\Users\Kristina\AppData\Local\Temp\EAD9EDD.exe C:\Users\Kristina\AppData\Local\Temp\EAD9EFC.exe C:\Users\Kristina\AppData\Local\Temp\EAD9EFD.exe C:\Users\Kristina\AppData\Local\Temp\EADA0B1.exe C:\Users\Kristina\AppData\Local\Temp\EADA1D9.exe C:\Users\Kristina\AppData\Local\Temp\EADA2C3.exe C:\Users\Kristina\AppData\Local\Temp\EADA3FB.exe C:\Users\Kristina\AppData\Local\Temp\EADA478.exe C:\Users\Kristina\AppData\Local\Temp\EADA514.exe C:\Users\Kristina\AppData\Local\Temp\EADA755.exe C:\Users\Kristina\AppData\Local\Temp\EADA7B3.exe C:\Users\Kristina\AppData\Local\Temp\EADA811.exe C:\Users\Kristina\AppData\Local\Temp\EADA86E.exe C:\Users\Kristina\AppData\Local\Temp\EADA8EB.exe C:\Users\Kristina\AppData\Local\Temp\EADA8EC.exe C:\Users\Kristina\AppData\Local\Temp\EADA91A.exe C:\Users\Kristina\AppData\Local\Temp\EADA977.exe C:\Users\Kristina\AppData\Local\Temp\EADA9B6.exe C:\Users\Kristina\AppData\Local\Temp\EADAA52.exe C:\Users\Kristina\AppData\Local\Temp\EADAAEE.exe C:\Users\Kristina\AppData\Local\Temp\EADAB2C.exe C:\Users\Kristina\AppData\Local\Temp\EADABD8.exe C:\Users\Kristina\AppData\Local\Temp\EADAC16.exe C:\Users\Kristina\AppData\Local\Temp\EADAC55.exe C:\Users\Kristina\AppData\Local\Temp\EADACA3.exe C:\Users\Kristina\AppData\Local\Temp\EADAE09.exe C:\Users\Kristina\AppData\Local\Temp\EADAE77.exe C:\Users\Kristina\AppData\Local\Temp\EADAF22.exe C:\Users\Kristina\AppData\Local\Temp\EADB0B8.exe C:\Users\Kristina\AppData\Local\Temp\EADB173.exe C:\Users\Kristina\AppData\Local\Temp\EADB318.exe C:\Users\Kristina\AppData\Local\Temp\EADB395.exe C:\Users\Kristina\AppData\Local\Temp\EADB4AE.exe C:\Users\Kristina\AppData\Local\Temp\EADB53A.exe C:\Users\Kristina\AppData\Local\Temp\EADB77B.exe C:\Users\Kristina\AppData\Local\Temp\EADB885.exe C:\Users\Kristina\AppData\Local\Temp\EADBC4C.exe C:\Users\Kristina\AppData\Local\Temp\EADC16A.exe C:\Users\Kristina\AppData\Local\Temp\EADC457.exe C:\Users\Kristina\AppData\Local\Temp\EADC908.exe C:\Users\Kristina\AppData\Local\Temp\EADCA9E.exe C:\Users\Kristina\AppData\Local\Temp\EADCB3A.exe C:\Users\Kristina\AppData\Local\Temp\EADCC81.exe C:\Users\Kristina\AppData\Local\Temp\EADCCB0.exe C:\Users\Kristina\AppData\Local\Temp\EADD049.exe C:\Users\Kristina\AppData\Local\Temp\EADD134.exe C:\Users\Kristina\AppData\Local\Temp\EADD190.exe C:\Users\Kristina\AppData\Local\Temp\EADD335.exe C:\Users\Kristina\AppData\Local\Temp\EADD9BB.exe C:\Users\Kristina\AppData\Local\Temp\EADDAA5.exe C:\Users\Kristina\AppData\Local\Temp\EADDBEC.exe C:\Users\Kristina\AppData\Local\Temp\EADDCB7.exe C:\Users\Kristina\AppData\Local\Temp\EADDCE6.exe C:\Users\Kristina\AppData\Local\Temp\EADDDDF.exe C:\Users\Kristina\AppData\Local\Temp\EADDE7B.exe C:\Users\Kristina\AppData\Local\Temp\EADDEC9.exe C:\Users\Kristina\AppData\Local\Temp\EADDEDA.exe C:\Users\Kristina\AppData\Local\Temp\GoogleChromeInstaller.exe C:\Users\KristinaSpaten\AppData\Local\Temp\E8FC7D~1.exe C:\Users\KristinaSpaten\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\KristinaSpaten\AppData\Local\Temp\SearchWithGoogleUpdate.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 8 Restore point made on: 2013-08-31 09:08:18 Restore point made on: 2013-09-28 19:53:08 Restore point made on: 2013-09-29 11:07:54 Restore point made on: 2013-09-29 11:11:44 Restore point made on: 2013-09-29 11:13:21 Restore point made on: 2013-10-13 19:15:50 Restore point made on: 2013-10-27 12:53:02 Restore point made on: 2013-11-03 19:49:20 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3061.18 MB Available physical RAM: 2467.67 MB Total Pagefile: 3059.32 MB Available Pagefile: 2494.19 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:288.9 GB) (Free:184.26 GB) NTFS Drive e: (RECOVERY) (Fixed) (Total:9.12 GB) (Free:4.01 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive g: () (Removable) (Total:1.85 GB) (Free:1.76 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B8000000) Partition 1: (Not Active) - (Size=71 MB) - (Type=DE) Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=289 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 2 GB) (Disk ID: 04DD5721) Partition 1: (Active) - (Size=2 GB) - (Type=0B) LastRegBack: 2013-11-02 21:35 ==================== End Of Log ============================ |
15.11.2013, 17:54 | #2 |
/// the machine /// TB-Ausbilder | Bundestrojaner Windows 7 Hi,
__________________mach bitte noch ein FRST log aus dem abgesicherten Modus.
__________________ |
15.11.2013, 18:08 | #3 |
| Bundestrojaner Windows 7 Ich komme leider gar nicht erst in den abgesicherten Modus, da nach Anmeldung in diesem sofort ein Neustart in den normalen Modus erfolgt.
__________________ |
16.11.2013, 12:21 | #4 |
/// the machine /// TB-Ausbilder | Bundestrojaner Windows 7 Mein Fehler, ich brauch ne Brille.... Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Bernhard\...\Winlogon: [Shell] explorer.exe,C:\Users\Bernhard\AppData\Roaming\Other.res [147456 2011-11-17] () <==== ATTENTION C:\Users\Bernhard\AppData\Roaming\Other.res
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Rechner normal starten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.11.2013, 13:20 | #5 |
| Bundestrojaner Windows 7Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2013 Ran by SYSTEM at 2013-11-16 13:07:02 Run:2 Running from E:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKU\Bernhard\...\Winlogon: [Shell] explorer.exe,C:\Users\Bernhard\AppData\Roaming\Other.res [147456 2011-11-17] () <==== ATTENTION C:\Users\Bernhard\AppData\Roaming\Other.res ***************** HKU\Bernhard\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\Users\Bernhard\AppData\Roaming\Other.res => Moved successfully. ==== End of Fixlog ==== |
17.11.2013, 06:46 | #6 |
/// the machine /// TB-Ausbilder | Bundestrojaner Windows 7 Kontrollscans im normalen Modus: Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> Bundestrojaner Windows 7 |
Themen zu Bundestrojaner Windows 7 |
adobe, association, desktop, explorer, explorer.exe, farbar recovery scan tool, google, home, icq, malwarebytes, messenger, microsoft, mozilla, neu, realtek, registry, scan, security, services.exe, stick, superantispyware, svchost.exe, system, temp, usb, windows, winlogon.exe |