Interpol Trojaner eingefangen, bereinigung mit Kaspersky Rescue Disc nicht erfolgreich

emmestee · 11.03.2014, 10:26

Guten Morgen!

Kurz um: ich habe mir einen Interpoltrojaner eingefangen. Bisher war ich bei der Entfernung von solchen Trojanern (GVU...) immer mit Kaspersky Rescue Disc 10 erfolgreich, diesmal nicht. Bin im Forum auf das Programm FRST64. exe gestoßen und habe das schon mal nach SCHRAUBERS Anleitung laufen lassen.
Hier ist die FRST.txt dazu:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by SYSTEM on MININT-RQ41VB2 on 11-03-2014 09:52:59
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [3942728 2011-01-12] (O&O Software GmbH)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [NWEReboot] - [X]
HKU\Default\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\strassburgererfurth\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\strassburgererfurth\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\UpdatusUser\...\Policies\Explorer: [NoInternetOpenWith] 1
Startup: C:\Users\strassburgererfurth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ebj7mqv.lnk
ShortcutTarget: ebj7mqv.lnk -> C:\ProgramData\vqm7jbe.cpp ()

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
S2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3049800 2011-01-12] (O&O Software GmbH)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
S2 PnkBstrA; C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [63040 2007-08-15] ()
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
S2 Winmgmt; C:\ProgramData\ebj7mqv.zvv [333044 2014-03-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-13] (DT Soft Ltd)
S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-04-13] (Duplex Secure Ltd.)
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S0 KL1;
S4 SR;
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-11 09:52 - 2014-03-11 09:52 - 00000000 ____D () C:\FRST
2014-03-10 09:37 - 2014-03-11 09:46 - 95027928 ____T () C:\ProgramData\ebj7mqv.fee
2014-03-10 09:37 - 2014-03-10 09:37 - 00333044 ____T (Microsoft Corporation) C:\ProgramData\ebj7mqv.zvv
2014-03-10 09:37 - 2014-03-10 09:37 - 00227840 _____ () C:\ProgramData\vqm7jbe.cpp
2014-03-09 15:44 - 2014-03-09 15:46 - 95027928 ____T () C:\ProgramData\3olwl1bn.fee
2014-03-09 15:44 - 2014-03-09 15:44 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\3olwl1bn.zvv
2014-03-04 12:24 - 2014-03-11 09:45 - 00001400 _____ () C:\Windows\setupact.log
2014-03-04 12:24 - 2014-03-04 12:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-04 11:20 - 2014-03-04 11:20 - 02913357 _____ (Igor Pavlov) C:\Users\strassburgererfurth\Downloads\MB_44_AF_1_Sony_V2.0_D_Win.exe
2014-03-04 11:20 - 2012-01-20 09:01 - 00000000 ____D () C:\Users\strassburgererfurth\Downloads\Firmware-Updater Software
2014-03-04 09:12 - 2014-03-04 09:12 - 00511362 _____ () C:\Users\strassburgererfurth\Downloads\Blutige_Rache.epub
2014-02-26 13:13 - 2014-02-26 13:13 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\Ashampoo Burning Studio 2014
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Ashampoo
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\ashampoo
2014-02-26 13:10 - 2014-02-26 13:11 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-02-26 13:10 - 2014-02-26 13:10 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-02-26 13:01 - 2014-02-26 13:04 - 340465664 _____ () C:\Users\strassburgererfurth\Downloads\kav_rescue_1032.iso
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Program Files (x86)\KLC
2014-02-24 12:35 - 2004-08-04 03:56 - 00431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2014-02-24 12:35 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2014-02-24 12:35 - 1999-12-07 07:00 - 00061491 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.TLB
2014-02-24 12:34 - 2014-02-24 12:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-24 12:33 - 2014-02-24 12:34 - 04630617 _____ () C:\Users\strassburgererfurth\Downloads\smac20_setup.exe
2014-02-24 12:32 - 2014-02-24 12:33 - 00535072 _____ () C:\Users\strassburgererfurth\Downloads\smac setup.exe
2014-02-24 07:26 - 2014-02-24 07:26 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-24 07:22 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-24 07:22 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-24 07:22 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-24 07:22 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-24 07:22 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-24 07:22 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-24 07:22 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-24 07:22 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-24 07:22 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-24 07:22 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-24 07:22 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-24 07:22 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-24 07:22 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-24 07:22 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-24 07:22 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-24 07:22 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-24 07:22 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-24 07:22 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-24 07:22 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-24 07:22 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-24 07:22 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-24 07:22 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-24 07:22 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-24 07:22 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-24 07:22 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-24 07:22 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-24 07:22 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-24 07:22 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-24 07:22 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-24 07:22 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-24 07:22 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-24 07:22 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-24 07:22 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-24 07:22 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-24 07:22 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-24 07:22 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-24 07:22 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-24 07:22 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-24 07:22 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-24 07:22 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-24 07:22 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-24 07:21 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-24 07:21 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\System32\locale.nls
2014-02-24 07:21 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\System32\secproc.dll
2014-02-24 07:21 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2014-02-24 07:21 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2014-02-24 07:21 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2014-02-24 07:21 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2014-02-24 07:21 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2014-02-24 07:21 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2014-02-24 07:21 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2014-02-24 07:21 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2014-02-24 07:21 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-24 07:21 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-24 07:21 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-24 07:21 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-24 07:21 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-24 07:21 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-24 07:21 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-24 07:21 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-24 07:21 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-24 07:20 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-24 07:20 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-02-24 07:20 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-02-24 07:20 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-02-24 07:20 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-24 07:20 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-24 07:20 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-24 07:20 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2014-02-17 16:28 - 2014-02-17 16:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 __RHD () C:\Users\strassburgererfurth\AppData\Roaming\SecuROM
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\EA Games
2014-02-17 16:01 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-17 14:34 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2014-02-17 14:34 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-02-17 14:27 - 2014-02-17 14:38 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Sony Corporation
2014-02-17 14:23 - 2014-02-17 14:29 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-02-12 10:29 - 2014-02-12 10:29 - 00000218 _____ () C:\Users\strassburgererfurth\.recently-used.xbel
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\RawTherapee4.0.11
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Program Files (x86)\RawTherapee-4.0.11.203

==================== One Month Modified Files and Folders =======

2014-03-11 10:42 - 2013-10-23 15:58 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-03-11 09:52 - 2014-03-11 09:52 - 00000000 ____D () C:\FRST
2014-03-11 09:46 - 2014-03-10 09:37 - 95027928 ____T () C:\ProgramData\ebj7mqv.fee
2014-03-11 09:45 - 2014-03-04 12:24 - 00001400 _____ () C:\Windows\setupact.log
2014-03-11 09:45 - 2013-11-15 10:39 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 09:45 - 2013-04-10 11:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-11 09:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-10 17:39 - 2013-04-15 08:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-10 17:34 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-10 17:34 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-10 17:32 - 2013-11-15 10:39 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 17:27 - 2013-04-10 13:39 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\CrashDumps
2014-03-10 09:39 - 2013-04-10 11:41 - 01387111 _____ () C:\Windows\WindowsUpdate.log
2014-03-10 09:37 - 2014-03-10 09:37 - 00333044 ____T (Microsoft Corporation) C:\ProgramData\ebj7mqv.zvv
2014-03-10 09:37 - 2014-03-10 09:37 - 00227840 _____ () C:\ProgramData\vqm7jbe.cpp
2014-03-09 15:57 - 2013-04-13 16:22 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2
2014-03-09 15:52 - 2013-04-10 12:00 - 00000000 ____D () C:\users\strassburgererfurth
2014-03-09 15:51 - 2013-04-10 13:24 - 00000000 ____D () C:\ProgramData\Protexis
2014-03-09 15:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-09 15:46 - 2014-03-09 15:44 - 95027928 ____T () C:\ProgramData\3olwl1bn.fee
2014-03-09 15:44 - 2014-03-09 15:44 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\3olwl1bn.zvv
2014-03-04 12:24 - 2014-03-04 12:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-04 11:24 - 2013-04-10 13:17 - 00000000 ___RD () C:\Users\strassburgererfurth\Desktop\Micha SPIELE
2014-03-04 11:20 - 2014-03-04 11:20 - 02913357 _____ (Igor Pavlov) C:\Users\strassburgererfurth\Downloads\MB_44_AF_1_Sony_V2.0_D_Win.exe
2014-03-04 11:17 - 2010-11-21 07:50 - 03845120 _____ () C:\Windows\System32\perfh007.dat
2014-03-04 11:17 - 2010-11-21 07:50 - 01127774 _____ () C:\Windows\System32\perfc007.dat
2014-03-04 11:17 - 2009-07-14 06:13 - 00006248 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-04 09:12 - 2014-03-04 09:12 - 00511362 _____ () C:\Users\strassburgererfurth\Downloads\Blutige_Rache.epub
2014-03-04 09:10 - 2013-04-13 15:13 - 00079529 ____H () C:\Windows\SysWOW64\BTImages.dat
2014-03-04 09:01 - 2013-06-13 07:04 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\Kobo
2014-03-04 09:01 - 2013-06-13 07:02 - 00000000 ____D () C:\Windows\tmp
2014-03-04 08:57 - 2013-06-13 07:02 - 00000000 ____D () C:\Program Files (x86)\Kobo
2014-02-26 13:13 - 2014-02-26 13:13 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\Ashampoo Burning Studio 2014
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Ashampoo
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\ashampoo
2014-02-26 13:11 - 2014-02-26 13:10 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-02-26 13:10 - 2014-02-26 13:10 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-02-26 13:04 - 2014-02-26 13:01 - 340465664 _____ () C:\Users\strassburgererfurth\Downloads\kav_rescue_1032.iso
2014-02-24 17:00 - 2013-05-12 14:30 - 00000000 ____D () C:\Users\strassburgererfurth\Desktop\Musik Videobearbeitung
2014-02-24 13:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-24 12:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Program Files (x86)\KLC
2014-02-24 12:34 - 2014-02-24 12:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-24 12:34 - 2014-02-24 12:33 - 04630617 _____ () C:\Users\strassburgererfurth\Downloads\smac20_setup.exe
2014-02-24 12:33 - 2014-02-24 12:32 - 00535072 _____ () C:\Users\strassburgererfurth\Downloads\smac setup.exe
2014-02-24 07:32 - 2013-07-11 06:09 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-24 07:30 - 2013-04-13 15:15 - 88567024 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-02-24 07:26 - 2014-02-24 07:26 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-21 22:39 - 2013-09-13 14:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 22:39 - 2013-04-15 08:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 22:39 - 2013-04-15 08:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 16:28 - 2014-02-17 16:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 __RHD () C:\Users\strassburgererfurth\AppData\Roaming\SecuROM
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\EA Games
2014-02-17 16:01 - 2013-06-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-17 15:43 - 2013-04-20 14:07 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-02-17 14:38 - 2014-02-17 14:27 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Sony Corporation
2014-02-17 14:38 - 2013-10-03 14:11 - 00000000 ____D () C:\Users\strassburgererfurth\Desktop\Fotobearbeitung
2014-02-17 14:34 - 2013-04-10 13:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-17 14:29 - 2014-02-17 14:23 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-02-16 10:27 - 2013-11-15 10:39 - 00004132 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 10:27 - 2013-11-15 10:39 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 10:29 - 2014-02-12 10:29 - 00000218 _____ () C:\Users\strassburgererfurth\.recently-used.xbel
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\RawTherapee4.0.11
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Program Files (x86)\RawTherapee-4.0.11.203

Files to move or delete:
====================
C:\ProgramData\3olwl1bn.fee
C:\ProgramData\3olwl1bn.zvv
C:\ProgramData\ebj7mqv.fee
C:\ProgramData\ebj7mqv.zvv

Some content of TEMP:
====================
C:\Users\strassburgererfurth\AppData\Local\Temp\0976.dll
C:\Users\strassburgererfurth\AppData\Local\Temp\avgnt.exe
C:\Users\strassburgererfurth\AppData\Local\Temp\drm_dyndata_7330014.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2014-03-04 12:59:47
Restore point made on: 2014-03-04 13:52:04
Restore point made on: 2014-03-04 14:33:36
Restore point made on: 2014-03-10 09:23:13

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8191.3 MB
Available physical RAM: 7382.73 MB
Total Pagefile: 8189.5 MB
Available Pagefile: 7369.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Win7 System) (Fixed) (Total:146.48 GB) (Free:65.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (XP System) (Fixed) (Total:73.24 GB) (Free:26.03 GB) NTFS
Drive f: (ÖFFNER) (Removable) (Total:7.52 GB) (Free:2.28 GB) FAT32
Drive g: (CHRISTIN) (Fixed) (Total:170.89 GB) (Free:138.98 GB) NTFS
Drive h: (MICHA) (Fixed) (Total:170.9 GB) (Free:112.92 GB) NTFS
Drive i: (EXTRAS) (Fixed) (Total:50.72 GB) (Free:43.51 GB) NTFS
Drive j: (Programme) (Fixed) (Total:86.4 GB) (Free:70.09 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Volume) (Fixed) (Total:149.05 GB) (Free:22.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: CFA2CFA2)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 89D789D7)
Partition 1: (Active) - (Size=73 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=393 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 24893053)
Partition 1: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=86 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 8 GB) (Disk ID: C3072E18)

Partition: GPT Partition Type.

LastRegBack: 2014-03-04 12:52

==================== End Of Log ============================

Wäre nett, wenn mir jemand die FIX.txt dazu basteln könnte, ich glaube, dann sollte das Problem fürs erste behoben sein!

danke, Micha

Interpol Trojaner eingefangen, bereinigung mit Kaspersky Rescue Disc nicht erfolgreich

Mülltonne: Interpol Trojaner eingefangen, bereinigung mit Kaspersky Rescue Disc nicht erfolgreich

Interpol Trojaner eingefangen, bereinigung mit Kaspersky Rescue Disc nicht erfolgreich

Ähnliche Themen: Interpol Trojaner eingefangen, bereinigung mit Kaspersky Rescue Disc nicht erfolgreich