| |
| |||||||
Log-Analyse und Auswertung: Interpol TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.03.2014, 21:28
| #1 |
| |  Interpol Trojaner Guten Abend, leider hat es mich nun auch erwischt. Ich habe versucht eine Lösung zu finden ohne aktive Hilfestellung bekommen zu müssen, da ich jedoch nicht fündig wurde würde ich um Unterstützung bitten. zur Info dies dürfe die hartnäckigere Variante des ehemaligen BKA Viruses sein (auch der Abgesicherte Modus wurde immer sofort heruntergefahren) Mein System Windows 7 (x64) Anbei das erstellte FRST64 Logfile Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-03-2014
Ran by SYSTEM on MININT-Q2SIQTK on 13-03-2014 21:10:52
Running from J:\
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-10-10] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-10-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [123400 2009-01-21] (Logitech Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [Launchpad] - C:\Program Files\Windows Server\Bin\Launchpad.exe [1096576 2012-01-12] (Microsoft Corporation)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348624 2012-05-01] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\Alex\...\Run: [vegas] - rundll32.exe C:\Windows\system32\sshnas.dll,DllWork
HKU\Alex\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\Alex\...\Run: [PC Suite Tray] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1414144 2009-06-25] (Nokia)
HKU\Alex\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\Alex\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] ()
AppInit_DLLs-x32: c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll [3618304 2013-11-18] ()
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b4vfrbo.lnk
ShortcutTarget: b4vfrbo.lnk -> C:\ProgramData\obrfv4b.cpp (Microsoft Corporation)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk
ShortcutTarget: EventGhost.lnk -> C:\Program Files (x86)\EventGhost\EventGhost.exe (EventGhost Project)
==================== Services (Whitelisted) =================
S2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [809736 2009-09-29] (ABBYY)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-01] (Avira Operations GmbH & Co. KG)
S2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
S2 HealthAlertsSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
S2 KlimaLogg Service; C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe [545280 2012-01-16] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
S2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
S2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [40832 2012-01-12] (Microsoft Corporation)
S4 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\b4vfrbo.zvv [332540 2014-03-07] (Microsoft Corporation)
S2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-10-10] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-04-24] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-04-27] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
S3 DSTDSO; C:\Windows\System32\Drivers\dstusbamd64.SYS [16192 2011-06-24] (DSO)
S3 DSTDSO; C:\Windows\SysWOW64\Drivers\dstusbamd64.SYS [16192 2011-06-24] (DSO)
S1 hwinterfacex64; C:\Windows\System32\Drivers\hwinterfacex64.sys [5632 2011-06-04] (Logix4u)
S1 KS0108; C:\Program Files (x86)\LcdStudio\ks0108.sys [3712 2008-03-10] ()
S1 LC7981; C:\Program Files (x86)\LcdStudio\LC7981.sys [5120 2008-03-10] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2014-02-05] (hxxp://libusb-win32.sourceforge.net)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-10-10] ()
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S1 n3900; C:\Program Files (x86)\LcdStudio\n3900.sys [3968 2008-03-10] ()
S3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [95232 2007-01-10] (Windows (R) Codename Longhorn DDK provider)
S3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [70144 2007-01-10] (Windows (R) Codename Longhorn DDK provider)
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2009-02-09] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18944 2009-02-09] (Nokia)
S1 SED133x; C:\Program Files (x86)\LcdStudio\SED133x.sys [7424 2008-03-10] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-06] (Duplex Secure Ltd.)
S1 T6963C; C:\Program Files (x86)\LcdStudio\T6963c.sys [6400 2008-03-10] ()
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8192 2009-02-09] (Nokia)
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [268800 2014-01-27] (Jungo Connectivity)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-13 21:10 - 2014-03-13 21:10 - 00000000 ____D () C:\FRST
2014-03-13 20:38 - 2014-03-13 20:38 - 00003420 _____ () C:\Windows\System32\Tasks\BitGuard
2014-03-12 19:24 - 2014-03-12 19:24 - 00000000 ____D () C:\Users\Alex\Desktop\Neuer Ordner
2014-03-09 14:56 - 2014-03-13 20:37 - 00000000 ____D () C:\Users\Alex\AppData\Local\Temporary Projects
2014-03-07 14:03 - 2014-03-07 14:03 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\b4vfrbo.zvv
2014-03-07 14:02 - 2014-03-13 21:01 - 95027928 ____T () C:\ProgramData\b4vfrbo.fee
2014-03-07 14:02 - 2014-03-07 14:02 - 00220201 _____ (Microsoft Corporation) C:\ProgramData\obrfv4b.cpp
2014-03-06 11:25 - 2014-03-06 11:25 - 00001235 _____ () C:\Users\Alex\Desktop\Awavo Com Port Monitor.lnk
2014-03-06 11:25 - 2014-03-06 11:25 - 00000000 ____D () C:\Users\Alex\AppData\Local\Awavo
2014-02-27 22:17 - 2014-03-07 14:46 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\VisualAssistAtmel
2014-02-27 22:17 - 2014-03-07 14:46 - 00000000 ____D () C:\Users\Alex\AppData\Local\VisualAssistAtmel
2014-02-27 22:17 - 2014-02-27 22:17 - 00002122 _____ () C:\Users\Public\Desktop\Atmel Studio 6.2.lnk
2014-02-27 22:17 - 2014-02-27 22:17 - 00000000 ____D () C:\Users\Alex\AppData\Local\IsolatedStorage
2014-02-27 22:09 - 2014-02-27 22:31 - 00000000 ____D () C:\Users\Alex\Documents\Atmel Studio
2014-02-27 22:09 - 2014-02-27 22:09 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Atmel
2014-02-27 22:09 - 2014-02-27 22:09 - 00000000 ____D () C:\Users\Alex\AppData\Local\Atmel
2014-02-27 22:07 - 2014-02-27 22:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-27 21:59 - 2014-02-27 21:59 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-02-27 21:43 - 2014-02-27 21:43 - 00000000 ____D () C:\Windows\System32\appmgmt
2014-02-27 21:19 - 2014-02-27 22:13 - 00000000 ____D () C:\Program Files (x86)\Atmel
2014-02-27 21:19 - 2014-01-27 10:44 - 00151552 _____ (Jungo Connectivity) C:\Windows\SysWOW64\wdapi1150.dll
2014-02-27 21:19 - 2014-01-27 10:44 - 00151552 _____ (Jungo Connectivity) C:\Windows\SysWOW64\wdapi1140.dll
2014-02-27 21:19 - 2014-01-27 10:44 - 00143360 _____ (Jungo) C:\Windows\SysWOW64\wdapi1010.dll
2014-02-27 21:19 - 2014-01-27 10:44 - 00110592 _____ (Jungo) C:\Windows\SysWOW64\wdapi1100.dll
2014-02-27 21:19 - 2014-01-27 10:44 - 00110592 _____ (Jungo) C:\Windows\SysWOW64\wdapi102.dll
2014-02-27 21:19 - 2014-01-27 10:44 - 00110592 _____ (Jungo) C:\Windows\SysWOW64\wdapi1011.dll
==================== One Month Modified Files and Folders =======
2014-03-13 21:10 - 2014-03-13 21:10 - 00000000 ____D () C:\FRST
2014-03-13 21:01 - 2014-03-07 14:02 - 95027928 ____T () C:\ProgramData\b4vfrbo.fee
2014-03-13 21:00 - 2012-07-14 17:16 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Dropbox
2014-03-13 20:53 - 2012-09-26 11:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 20:53 - 2012-09-26 11:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 20:53 - 2012-09-26 11:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 20:53 - 2012-09-26 11:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 20:48 - 2009-07-14 05:45 - 00013136 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-13 20:48 - 2009-07-14 05:45 - 00013136 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-13 20:43 - 2009-10-09 22:51 - 01120015 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 20:38 - 2014-03-13 20:38 - 00003420 _____ () C:\Windows\System32\Tasks\BitGuard
2014-03-13 20:38 - 2009-10-10 06:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-13 20:38 - 2009-10-09 22:52 - 00000000 ____D () C:\users\Alex
2014-03-13 20:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-13 20:38 - 2009-07-14 05:51 - 00052098 _____ () C:\Windows\setupact.log
2014-03-13 20:37 - 2014-03-09 14:56 - 00000000 ____D () C:\Users\Alex\AppData\Local\Temporary Projects
2014-03-13 20:37 - 2012-09-26 11:52 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-13 20:37 - 2009-10-09 23:03 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-13 20:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-12 19:24 - 2014-03-12 19:24 - 00000000 ____D () C:\Users\Alex\Desktop\Neuer Ordner
2014-03-09 14:57 - 2010-05-15 23:48 - 00000000 ____D () C:\Users\Alex\Documents\Visual Studio 2010
2014-03-07 18:44 - 2009-07-14 03:34 - 00001105 _____ () C:\Windows\System32\Drivers\etc\hosts.bak
2014-03-07 14:46 - 2014-02-27 22:17 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\VisualAssistAtmel
2014-03-07 14:46 - 2014-02-27 22:17 - 00000000 ____D () C:\Users\Alex\AppData\Local\VisualAssistAtmel
2014-03-07 14:03 - 2014-03-07 14:03 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\b4vfrbo.zvv
2014-03-07 14:02 - 2014-03-07 14:02 - 00220201 _____ (Microsoft Corporation) C:\ProgramData\obrfv4b.cpp
2014-03-06 23:57 - 2009-10-10 22:37 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\vlc
2014-03-06 11:25 - 2014-03-06 11:25 - 00001235 _____ () C:\Users\Alex\Desktop\Awavo Com Port Monitor.lnk
2014-03-06 11:25 - 2014-03-06 11:25 - 00000000 ____D () C:\Users\Alex\AppData\Local\Awavo
2014-03-06 01:58 - 2009-10-10 12:53 - 00002050 ____H () C:\Users\Alex\Documents\Default.rdp
2014-03-05 21:27 - 2009-07-14 18:58 - 01626168 _____ () C:\Windows\System32\perfh007.dat
2014-03-05 21:27 - 2009-07-14 18:58 - 00437876 _____ () C:\Windows\System32\perfc007.dat
2014-03-05 21:27 - 2009-07-14 06:13 - 00006682 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-27 22:42 - 2011-11-19 23:13 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microchip
2014-02-27 22:31 - 2014-02-27 22:09 - 00000000 ____D () C:\Users\Alex\Documents\Atmel Studio
2014-02-27 22:17 - 2014-02-27 22:17 - 00002122 _____ () C:\Users\Public\Desktop\Atmel Studio 6.2.lnk
2014-02-27 22:17 - 2014-02-27 22:17 - 00000000 ____D () C:\Users\Alex\AppData\Local\IsolatedStorage
2014-02-27 22:13 - 2014-02-27 21:19 - 00000000 ____D () C:\Program Files (x86)\Atmel
2014-02-27 22:09 - 2014-02-27 22:09 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Atmel
2014-02-27 22:09 - 2014-02-27 22:09 - 00000000 ____D () C:\Users\Alex\AppData\Local\Atmel
2014-02-27 22:09 - 2009-10-10 06:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-27 22:07 - 2014-02-27 22:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-27 22:07 - 2009-10-25 14:52 - 00049138 _____ () C:\Windows\DPINST.LOG
2014-02-27 21:59 - 2014-02-27 21:59 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-02-27 21:59 - 2010-05-15 23:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-02-27 21:43 - 2014-02-27 21:43 - 00000000 ____D () C:\Windows\System32\appmgmt
2014-02-27 21:20 - 2009-10-25 14:52 - 00000000 ____D () C:\Program Files\DIFX
2014-02-23 20:23 - 2012-04-01 13:32 - 00000000 ____D () C:\Users\Alex\AppData\Local\Microchip
2014-02-22 20:52 - 2013-12-29 11:39 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-22 20:52 - 2009-10-10 07:07 - 00254132 _____ () C:\Windows\PFRO.log
2014-02-16 01:32 - 2009-10-10 22:46 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\dvdcss
2014-02-13 20:44 - 2012-09-26 11:52 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
Files to move or delete:
====================
C:\ProgramData\b4vfrbo.fee
C:\ProgramData\b4vfrbo.zvv
Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\3p35jfpw.dll
C:\Users\Alex\AppData\Local\Temp\AlawarGameBoxWebSetup.exe
C:\Users\Alex\AppData\Local\Temp\AskSLib.dll
C:\Users\Alex\AppData\Local\Temp\avguidx.dll
C:\Users\Alex\AppData\Local\Temp\AVG_toolbar.exe
C:\Users\Alex\AppData\Local\Temp\bassmod.dll
C:\Users\Alex\AppData\Local\Temp\devcpp-4.9.9.2_setup.exe
C:\Users\Alex\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Alex\AppData\Local\Temp\drm_dyndata_7320012.dll
C:\Users\Alex\AppData\Local\Temp\DTLite4355-0068.exe
C:\Users\Alex\AppData\Local\Temp\e3h4e2k1.dll
C:\Users\Alex\AppData\Local\Temp\FarmFrenzy3IceAge_1660.exe
C:\Users\Alex\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Alex\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\Alex\AppData\Local\Temp\FP_PL_PFS_INSTALLER-1.exe
C:\Users\Alex\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Alex\AppData\Local\Temp\fsprod.dll
C:\Users\Alex\AppData\Local\Temp\fssfm.dll
C:\Users\Alex\AppData\Local\Temp\glz25fip.dll
C:\Users\Alex\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Alex\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Alex\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Alex\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Alex\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Alex\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Alex\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Alex\AppData\Local\Temp\mejtrvfx.dll
C:\Users\Alex\AppData\Local\Temp\nvStInst.exe
C:\Users\Alex\AppData\Local\Temp\oi_{2F3721C9-2F45-48E3-A821-17F0907EEEA5}.exe
C:\Users\Alex\AppData\Local\Temp\ose00000.exe
C:\Users\Alex\AppData\Local\Temp\Paint.NET.3.5.8.Install.exe
C:\Users\Alex\AppData\Local\Temp\preconfig.exe
C:\Users\Alex\AppData\Local\Temp\qn5elkzf.dll
C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alex\AppData\Local\Temp\Softonic_Deutsch.exe
C:\Users\Alex\AppData\Local\Temp\tbSoft.dll
C:\Users\Alex\AppData\Local\Temp\ubiE6E2.tmp.exe
C:\Users\Alex\AppData\Local\Temp\vys.dll
C:\Users\Alex\AppData\Local\Temp\yo0via0f.dll
C:\Users\Alex\AppData\Local\Temp\z1amcgxy.dll
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2014-02-27 21:27:20
Restore point made on: 2014-02-27 21:29:35
Restore point made on: 2014-02-27 21:41:09
Restore point made on: 2014-02-27 21:42:37
Restore point made on: 2014-02-27 21:43:49
Restore point made on: 2014-02-27 21:45:39
Restore point made on: 2014-02-27 21:46:35
Restore point made on: 2014-02-27 22:07:05
Restore point made on: 2014-02-27 22:09:05
Restore point made on: 2014-03-01 00:42:16
Restore point made on: 2014-03-09 16:01:08
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 4095.18 MB
Available physical RAM: 3493.23 MB
Total Pagefile: 4093.33 MB
Available Pagefile: 3477.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:139.73 GB) (Free:43.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:1397.26 GB) (Free:11.81 GB) NTFS
Drive j: () (Removable) (Total:0.27 GB) (Free:0.26 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 140 GB) (Disk ID: C03FC8C5)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1397 GB) (Disk ID: 7F9DF4C9)
Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS)
========================================================
Disk: 6 (Size: 15 GB) (Disk ID: 1A2CA942)
Partition 1: (Active) - (Size=277 MB) - (Type=0B)
LastRegBack: 2014-03-01 20:39
==================== End Of Log ============================
lg dyoni |
| Themen zu Interpol Trojaner |
| adobe flash player, antivir, association, avg, avira, desktop, explorer, flash player, installation, monitor, opera, port, realtek, registry, rootkit, rundll, security, server, services.exe, software, svchost.exe, system, trojaner, vista, windows, winlogon.exe |
Baum-Darstellung