| |
| |||||||
Log-Analyse und Auswertung: Interpol-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.11.2013, 13:37
| #1 |
| |  Interpol-Trojaner Liebe Experten vom Trojaner-Board, ich habe mir wohl einen Trojaner eingefangen. Es erscheint eine angebliche Interpolseite, auf der ich eine "Strafe" von 100 € bezahlen soll, damit ich wieder entsperrt werden kann. Ich kann auf meinem Laptop nur unter einem anderen User starten. Wenn ich unter meinem User starte, dann erscheint diese ominöse Seite. Den TASK-Manager kann ich nicht mehr aufrufen. Ich kann nur zu einem anderen Benutzer wechseln oder herunterfahren. Nun habe ich den Scan mit FRST durchgeführt und sende Ihnen hier das Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-11-2013
Ran by SYSTEM on MININT-BQ08J90 on 25-11-2013 12:58:47
Running from G:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\WButton.exe [413696 2009-08-05] (Wistron Corp.)
HKLM\...\Run: [MDS_Menu] - C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495728 2009-10-24] (IDT, Inc.)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\FspUip.exe [3342336 2009-11-12] (Sentelic Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [PMBVolumeWatcher] - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2420248 2013-11-10] ()
HKLM\...\Run: [UnlockerAssistant] - C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [TelevisionFanatic Search Scope Monitor] - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe [42536 2012-12-01] (MindSpark)
HKLM\...\Run: [TelevisionFanatic Browser Plugin Loader] - C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe [30096 2012-12-01] (VER_COMPANY_NAME)
HKLM\...\Run: [Cobian Backup 11 interface] - C:\Program Files\Cobian Backup 11\cbInterface.exe [4407808 2012-12-05] (Luis Cobian, CobianSoft)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
HKU\HRave\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
HKU\HRave\...\Run: [Logitech Vid] - C:\Program Files\Logitech\Vid HD\Vid.exe [ 2010-10-29] (Logitech Inc.)
HKU\HRave\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [ 2013-05-29] (Sony)
HKU\HRave\...\Run: [] - [x]
HKU\HRave\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2010-09-16] (Google Inc.)
HKU\HRave\...\Run: [SDP] - C:\Program Files\FilesFrog Update Checker\update_checker.exe [ 2012-10-03] (Somoto)
HKU\HRave\...\Run: [SearchEngineProtection] - C:\Program Files\GamesBar\update\SearchEngineProtection.exe [ 2013-01-28] (Oberon Media )
HKU\HRave\...\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] - 0
HKU\HRave\...\RunOnce: [m632o] - C:\Documents and Settings\All Users\Application Data\fnay\ckac.exe [ 2013-11-25] (NVIDIA Corporation)
HKU\HRave\...\Winlogon: [Shell] C:\Documents and Settings\All Users\Application Data\efc\dnatire.exe,explorer.exe <==== ATTENTION
AppInit_DLLs: C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll [ 2013-04-08] ()
Startup: C:\Users\HRave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\HRave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
========================== Services (Whitelisted) =================
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian)
S2 CobianBackup11; C:\Program Files\Cobian Backup 11\cbService.exe [1131008 2012-12-05] (Luis Cobian, CobianSoft)
S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1432368 2013-10-15] ()
S3 Mysee2_Runtime; C:\Program Files\GAOV\Mysee2\runtime.dll [585728 2006-09-12] (北京高维视讯科技有限公司)
S2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] ()
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 STacSV; c:\program files\idt\wdm\STacSV.exe [225382 2009-10-24] (IDT, Inc.)
S2 TelevisionFanaticService; C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe [42504 2012-12-01] (COMPANYVERS_NAME)
S2 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [241664 2009-08-31] ()
S2 vToolbarUpdater17.1.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [1734680 2013-11-10] (AVG Secure Search)
S2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-06-30] ()
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-06-30] ()
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [113152 2009-03-04] (Wistron Corp.)
S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)
==================== Drivers (Whitelisted) ====================
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-01] (Wondershare)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies)
S3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [20704 2010-05-14] (Logitech Inc.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-28] (DT Soft Ltd)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-07-30] (NXP Semiconductors Germany GmbH)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2012-01-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2012-01-18] ()
S3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-25 12:54 - 2013-11-25 12:54 - 00000000 ____D C:\FRST
2013-11-25 12:22 - 2013-11-25 12:22 - 00161120 _____ C:\Users\Kornelia Rave\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 11:57 - 2013-11-25 11:57 - 00000000 ____D C:\Users\Kornelia Rave\AppData\Roaming\Sony Corporation
2013-11-25 11:40 - 2013-11-25 11:41 - 00000000 ____D C:\Users\Kornelia Rave\AppData\Local\CUSTPDF Writer
2013-11-25 11:28 - 2013-11-25 11:28 - 00000000 ____D C:\Users\Kornelia Rave\AppData\Roaming\T-Online
2013-11-25 11:19 - 2013-11-25 11:24 - 00000000 ____D C:\Users\Kornelia Rave\AppData\Local\Avg2014
2013-11-25 11:19 - 2013-11-25 11:19 - 00000000 ____D C:\Users\Kornelia Rave\AppData\Roaming\AVG2014
2013-11-22 03:01 - 2013-11-25 11:13 - 00025340 _____ C:\Windows\IE11_main.log
2013-11-16 12:35 - 2013-11-16 12:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-13 14:33 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-13 14:33 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-13 14:33 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-13 14:33 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-13 14:33 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-13 14:33 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-13 14:33 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-13 14:33 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-13 14:33 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-13 14:33 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-13 14:33 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-13 14:33 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-13 14:33 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-13 14:33 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-13 14:33 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-13 14:33 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-13 07:22 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-13 07:22 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-13 07:22 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 07:22 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-13 07:22 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 07:22 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-13 07:22 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-13 07:22 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-13 07:22 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-13 07:22 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-13 07:22 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-13 07:22 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-13 07:22 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-13 07:22 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-13 07:22 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-13 07:22 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-13 07:22 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-13 07:22 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-05 20:34 - 2013-11-06 09:06 - 00000000 ____D C:\Program Files\MyPC Backup
2013-11-05 20:31 - 2013-11-05 20:31 - 00836008 _____ (AirInstaller ) C:\Users\HRave\Downloads\FlashPlayerPro.exe
2013-11-05 20:24 - 2013-11-05 20:24 - 00001976 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-11-05 18:33 - 2013-11-05 18:33 - 00000953 _____ C:\Users\Kornelia Rave\Desktop\SopCast.lnk
2013-11-05 18:33 - 2013-11-05 18:33 - 00000953 _____ C:\Users\HRave\Desktop\SopCast.lnk
2013-11-05 18:33 - 2013-11-05 18:33 - 00000000 ____D C:\Program Files\SopCast
2013-11-05 18:32 - 2013-11-05 18:32 - 05442093 _____ C:\Users\HRave\Downloads\Setup-SopCast-3.8.3-2013-6-26.exe
2013-10-29 12:52 - 2013-10-29 12:52 - 00000000 ____D C:\ProgramData\Oracle
2013-10-29 12:51 - 2013-10-29 12:51 - 00264616 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-10-29 12:51 - 2013-10-29 12:51 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-10-29 12:47 - 2013-10-29 12:48 - 29040552 _____ (Oracle Corporation) C:\Users\HRave\Downloads\jre-7u45-windows-i586.exe
2013-10-29 08:03 - 2013-10-29 08:03 - 00000000 ____D C:\Windows\System32\jmdp
==================== One Month Modified Files and Folders =======
2013-11-25 12:54 - 2013-11-25 12:54 - 00000000 ____D C:\FRST
2013-11-25 12:38 - 2010-02-05 11:22 - 01143057 _____ C:\Windows\WindowsUpdate.log
2013-11-25 12:29 - 2009-07-14 05:34 - 00010096 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-25 12:29 - 2009-07-14 05:34 - 00010096 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-25 12:22 - 2013-11-25 12:22 - 00161120 _____ C:\Users\Kornelia Rave\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 12:00 - 2009-11-06 04:43 - 01622012 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-25 11:57 - 2013-11-25 11:57 - 00000000 ____D C:\Users\Kornelia Rave\AppData\Roaming\Sony Corporation
2013-11-25 11:41 - 2013-11-25 11:40 - 00000000 ____D C:\Users\Kornelia Rave\AppData\Local\CUSTPDF Writer
2013-11-25 11:28 - 2013-11-25 11:28 - 00000000 ____D C:\Users\Kornelia Rave\AppData\Roaming\T-Online
2013-11-25 11:24 - 2013-11-25 11:19 - 00000000 ____D C:\Users\Kornelia Rave\AppData\Local\Avg2014
2013-11-25 11:20 - 2011-12-12 17:06 - 00000000 ___RD C:\Users\HRave\Dropbox
2013-11-25 11:20 - 2011-12-12 16:32 - 00000000 ____D C:\Users\HRave\AppData\Roaming\Dropbox
2013-11-25 11:19 - 2013-11-25 11:19 - 00000000 ____D C:\Users\Kornelia Rave\AppData\Roaming\AVG2014
2013-11-25 11:16 - 2013-06-02 09:17 - 00010140 _____ C:\Windows\setupact.log
2013-11-25 11:16 - 2010-12-11 18:25 - 00000000 ____D C:\Windows\System32\logishrd
2013-11-25 11:13 - 2013-11-22 03:01 - 00025340 _____ C:\Windows\IE11_main.log
2013-11-25 09:03 - 2010-11-11 17:45 - 00000000 ____D C:\ProgramData\MFAData
2013-11-24 21:47 - 2013-03-11 14:32 - 00000000 ____D C:\Users\HRave\AppData\Roaming\File Scout
2013-11-24 20:43 - 2012-11-28 20:43 - 00000000 ____D C:\Program Files\DealPly
2013-11-21 09:07 - 2013-04-16 06:35 - 00000000 ____D C:\Users\HRave\AppData\Local\CUSTPDF Writer
2013-11-21 08:14 - 2012-12-02 20:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-19 17:16 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\NDF
2013-11-16 12:35 - 2013-11-16 12:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-16 11:54 - 2012-04-13 08:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-11-16 11:54 - 2011-06-17 08:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-11-16 11:54 - 2010-02-06 18:40 - 00000000 ____D C:\Users\HRave\AppData\Local\Adobe
2013-11-15 12:59 - 2010-04-12 11:45 - 00000000 ____D C:\Users\HRave\Documents\Eigene Scans
2013-11-14 23:23 - 2012-08-31 18:04 - 00002125 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-13 19:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-13 14:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-11-13 14:35 - 2009-11-06 08:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 14:33 - 2013-08-15 02:12 - 00000000 ____D C:\Windows\System32\MRT
2013-11-13 14:23 - 2009-11-06 09:23 - 80340640 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-11 08:22 - 2013-07-10 16:02 - 00007548 _____ C:\Windows\PFRO.log
2013-11-10 19:36 - 2013-05-21 09:30 - 00003725 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-11-10 19:36 - 2012-09-28 07:16 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-11-10 19:36 - 2012-08-29 14:18 - 00037664 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-11-06 09:46 - 2010-05-26 22:56 - 00000000 ____D C:\ProgramData\Lexware
2013-11-06 09:06 - 2013-11-05 20:34 - 00000000 ____D C:\Program Files\MyPC Backup
2013-11-05 20:31 - 2013-11-05 20:31 - 00836008 _____ (AirInstaller ) C:\Users\HRave\Downloads\FlashPlayerPro.exe
2013-11-05 20:24 - 2013-11-05 20:24 - 00001976 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-11-05 20:24 - 2013-06-24 19:33 - 00058520 _____ C:\Windows\DPINST.LOG
2013-11-05 20:23 - 2009-11-06 07:16 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-05 18:33 - 2013-11-05 18:33 - 00000953 _____ C:\Users\Kornelia Rave\Desktop\SopCast.lnk
2013-11-05 18:33 - 2013-11-05 18:33 - 00000953 _____ C:\Users\HRave\Desktop\SopCast.lnk
2013-11-05 18:33 - 2013-11-05 18:33 - 00000000 ____D C:\Program Files\SopCast
2013-11-05 18:32 - 2013-11-05 18:32 - 05442093 _____ C:\Users\HRave\Downloads\Setup-SopCast-3.8.3-2013-6-26.exe
2013-11-05 18:19 - 2010-02-07 19:15 - 00000000 ____D C:\Users\HRave\AppData\Local\Google
2013-10-30 09:22 - 2013-03-20 07:27 - 00000000 ____D C:\Windows\System32\WNLT
2013-10-29 12:52 - 2013-10-29 12:52 - 00000000 ____D C:\ProgramData\Oracle
2013-10-29 12:51 - 2013-10-29 12:51 - 00264616 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-10-29 12:51 - 2013-10-29 12:51 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-10-29 12:51 - 2013-04-17 06:10 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-10-29 12:51 - 2013-04-17 06:10 - 00174504 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-10-29 12:51 - 2009-11-06 08:39 - 00000000 ____D C:\Program Files\Java
2013-10-29 12:48 - 2013-10-29 12:47 - 29040552 _____ (Oracle Corporation) C:\Users\HRave\Downloads\jre-7u45-windows-i586.exe
2013-10-29 08:03 - 2013-10-29 08:03 - 00000000 ____D C:\Windows\System32\jmdp
2013-10-29 07:43 - 2013-03-20 07:27 - 00000000 ____D C:\Windows\System32\ARFC
Some content of TEMP:
====================
C:\Users\HRave\AppData\Local\Temp\airC7FE.exe
C:\Users\HRave\AppData\Local\Temp\airCE46.exe
C:\Users\HRave\AppData\Local\Temp\airD53A.exe
C:\Users\HRave\AppData\Local\Temp\BackupSetup.exe
C:\Users\HRave\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\HRave\AppData\Local\Temp\sdpupdater.exe
C:\Users\HRave\AppData\Local\Temp\SkypeSetup.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
7
Restore point made on: 2013-11-05 18:27:41
Restore point made on: 2013-11-13 14:23:38
Restore point made on: 2013-11-22 03:00:53
Restore point made on: 2013-11-22 18:49:30
Restore point made on: 2013-11-23 09:53:36
Restore point made on: 2013-11-25 00:46:54
Restore point made on: 2013-11-25 11:11:55
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 4028.87 MB
Available physical RAM: 3469.23 MB
Total Pagefile: 4027.15 MB
Available Pagefile: 3485.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.96 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:424.66 GB) (Free:305.12 GB) NTFS
Drive e: (Recover) (Fixed) (Total:40 GB) (Free:29.56 GB) NTFS
Drive g: () (Removable) (Total:29.8 GB) (Free:29.8 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 15C3DB6A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)
LastRegBack: 2013-11-20 12:14
==================== End Of Log ============================
|
| Themen zu Interpol-Trojaner |
| .dll, adobe, association, avg, avg security toolbar, browser, desktop, explorer, google, home, installation, interpol trojaner hat pc gesperrt, launch, logfile, lws.exe, microsoft, mindspark, monitor, mozilla, nvidia, registry, scan, secure search, security, services.exe, software, somoto, sttray.exe, svchost.exe, system, task-manager, temp, vtoolbarupdater, windows xp, winlogon.exe |
Baum-Darstellung