![]() |
|
Log-Analyse und Auswertung: Interpol TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Interpol Trojaner Guten Abend, leider hat es mich nun auch erwischt. Ich habe versucht eine Lösung zu finden ohne aktive Hilfestellung bekommen zu müssen, da ich jedoch nicht fündig wurde würde ich um Unterstützung bitten. zur Info dies dürfe die hartnäckigere Variante des ehemaligen BKA Viruses sein (auch der Abgesicherte Modus wurde immer sofort heruntergefahren) Mein System Windows 7 (x64) Anbei das erstellte FRST64 Logfile Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-03-2014 Ran by SYSTEM on MININT-Q2SIQTK on 13-03-2014 21:10:52 Running from J:\ Windows 7 Ultimate (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-10-10] (Realtek Semiconductor) HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-10-10] (Realtek Semiconductor Corp.) HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [123400 2009-01-21] (Logitech Inc.) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.) HKLM\...\Run: [Launchpad] - C:\Program Files\Windows Server\Bin\Launchpad.exe [1096576 2012-01-12] (Microsoft Corporation) HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348624 2012-05-01] (Avira Operations GmbH & Co. KG) HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\Alex\...\Run: [vegas] - rundll32.exe C:\Windows\system32\sshnas.dll,DllWork HKU\Alex\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKU\Alex\...\Run: [PC Suite Tray] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1414144 2009-06-25] (Nokia) HKU\Alex\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\Alex\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd) AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] () AppInit_DLLs-x32: c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll [3618304 2013-11-18] () Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b4vfrbo.lnk ShortcutTarget: b4vfrbo.lnk -> C:\ProgramData\obrfv4b.cpp (Microsoft Corporation) Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk ShortcutTarget: EventGhost.lnk -> C:\Program Files (x86)\EventGhost\EventGhost.exe (EventGhost Project) ==================== Services (Whitelisted) ================= S2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [809736 2009-09-29] (ABBYY) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-01] (Avira Operations GmbH & Co. KG) S2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] () S2 HealthAlertsSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) S2 KlimaLogg Service; C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe [545280 2012-01-16] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation) S2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) S2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) S2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [40832 2012-01-12] (Microsoft Corporation) S4 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) S2 Winmgmt; C:\ProgramData\b4vfrbo.zvv [332540 2014-03-07] (Microsoft Corporation) S2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-10-10] () S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-04-24] (Avira GmbH) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-04-27] (Avira GmbH) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-05-02] (Avira GmbH) S3 DSTDSO; C:\Windows\System32\Drivers\dstusbamd64.SYS [16192 2011-06-24] (DSO) S3 DSTDSO; C:\Windows\SysWOW64\Drivers\dstusbamd64.SYS [16192 2011-06-24] (DSO) S1 hwinterfacex64; C:\Windows\System32\Drivers\hwinterfacex64.sys [5632 2011-06-04] (Logix4u) S1 KS0108; C:\Program Files (x86)\LcdStudio\ks0108.sys [3712 2008-03-10] () S1 LC7981; C:\Program Files (x86)\LcdStudio\LC7981.sys [5120 2008-03-10] () S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2014-02-05] (hxxp://libusb-win32.sourceforge.net) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-10-10] () S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () S1 n3900; C:\Program Files (x86)\LcdStudio\n3900.sys [3968 2008-03-10] () S3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [95232 2007-01-10] (Windows (R) Codename Longhorn DDK provider) S3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [70144 2007-01-10] (Windows (R) Codename Longhorn DDK provider) S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2009-02-09] (Nokia) S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18944 2009-02-09] (Nokia) S1 SED133x; C:\Program Files (x86)\LcdStudio\SED133x.sys [7424 2008-03-10] () S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-06] (Duplex Secure Ltd.) S1 T6963C; C:\Program Files (x86)\LcdStudio\T6963c.sys [6400 2008-03-10] () S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8192 2009-02-09] (Nokia) S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [268800 2014-01-27] (Jungo Connectivity) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-13 21:10 - 2014-03-13 21:10 - 00000000 ____D () C:\FRST 2014-03-13 20:38 - 2014-03-13 20:38 - 00003420 _____ () C:\Windows\System32\Tasks\BitGuard 2014-03-12 19:24 - 2014-03-12 19:24 - 00000000 ____D () C:\Users\Alex\Desktop\Neuer Ordner 2014-03-09 14:56 - 2014-03-13 20:37 - 00000000 ____D () C:\Users\Alex\AppData\Local\Temporary Projects 2014-03-07 14:03 - 2014-03-07 14:03 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\b4vfrbo.zvv 2014-03-07 14:02 - 2014-03-13 21:01 - 95027928 ____T () C:\ProgramData\b4vfrbo.fee 2014-03-07 14:02 - 2014-03-07 14:02 - 00220201 _____ (Microsoft Corporation) C:\ProgramData\obrfv4b.cpp 2014-03-06 11:25 - 2014-03-06 11:25 - 00001235 _____ () C:\Users\Alex\Desktop\Awavo Com Port Monitor.lnk 2014-03-06 11:25 - 2014-03-06 11:25 - 00000000 ____D () C:\Users\Alex\AppData\Local\Awavo 2014-02-27 22:17 - 2014-03-07 14:46 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\VisualAssistAtmel 2014-02-27 22:17 - 2014-03-07 14:46 - 00000000 ____D () C:\Users\Alex\AppData\Local\VisualAssistAtmel 2014-02-27 22:17 - 2014-02-27 22:17 - 00002122 _____ () C:\Users\Public\Desktop\Atmel Studio 6.2.lnk 2014-02-27 22:17 - 2014-02-27 22:17 - 00000000 ____D () C:\Users\Alex\AppData\Local\IsolatedStorage 2014-02-27 22:09 - 2014-02-27 22:31 - 00000000 ____D () C:\Users\Alex\Documents\Atmel Studio 2014-02-27 22:09 - 2014-02-27 22:09 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Atmel 2014-02-27 22:09 - 2014-02-27 22:09 - 00000000 ____D () C:\Users\Alex\AppData\Local\Atmel 2014-02-27 22:07 - 2014-02-27 22:07 - 00000000 ____D () C:\ProgramData\Package Cache 2014-02-27 21:59 - 2014-02-27 21:59 - 00000000 ____D () C:\Windows\SysWOW64\1033 2014-02-27 21:43 - 2014-02-27 21:43 - 00000000 ____D () C:\Windows\System32\appmgmt 2014-02-27 21:19 - 2014-02-27 22:13 - 00000000 ____D () C:\Program Files (x86)\Atmel 2014-02-27 21:19 - 2014-01-27 10:44 - 00151552 _____ (Jungo Connectivity) C:\Windows\SysWOW64\wdapi1150.dll 2014-02-27 21:19 - 2014-01-27 10:44 - 00151552 _____ (Jungo Connectivity) C:\Windows\SysWOW64\wdapi1140.dll 2014-02-27 21:19 - 2014-01-27 10:44 - 00143360 _____ (Jungo) C:\Windows\SysWOW64\wdapi1010.dll 2014-02-27 21:19 - 2014-01-27 10:44 - 00110592 _____ (Jungo) C:\Windows\SysWOW64\wdapi1100.dll 2014-02-27 21:19 - 2014-01-27 10:44 - 00110592 _____ (Jungo) C:\Windows\SysWOW64\wdapi102.dll 2014-02-27 21:19 - 2014-01-27 10:44 - 00110592 _____ (Jungo) C:\Windows\SysWOW64\wdapi1011.dll ==================== One Month Modified Files and Folders ======= 2014-03-13 21:10 - 2014-03-13 21:10 - 00000000 ____D () C:\FRST 2014-03-13 21:01 - 2014-03-07 14:02 - 95027928 ____T () C:\ProgramData\b4vfrbo.fee 2014-03-13 21:00 - 2012-07-14 17:16 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Dropbox 2014-03-13 20:53 - 2012-09-26 11:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-13 20:53 - 2012-09-26 11:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-13 20:53 - 2012-09-26 11:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-13 20:53 - 2012-09-26 11:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-13 20:48 - 2009-07-14 05:45 - 00013136 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-13 20:48 - 2009-07-14 05:45 - 00013136 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-13 20:43 - 2009-10-09 22:51 - 01120015 _____ () C:\Windows\WindowsUpdate.log 2014-03-13 20:38 - 2014-03-13 20:38 - 00003420 _____ () C:\Windows\System32\Tasks\BitGuard 2014-03-13 20:38 - 2009-10-10 06:56 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-13 20:38 - 2009-10-09 22:52 - 00000000 ____D () C:\users\Alex 2014-03-13 20:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-13 20:38 - 2009-07-14 05:51 - 00052098 _____ () C:\Windows\setupact.log 2014-03-13 20:37 - 2014-03-09 14:56 - 00000000 ____D () C:\Users\Alex\AppData\Local\Temporary Projects 2014-03-13 20:37 - 2012-09-26 11:52 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-13 20:37 - 2009-10-09 23:03 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-03-13 20:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-03-12 19:24 - 2014-03-12 19:24 - 00000000 ____D () C:\Users\Alex\Desktop\Neuer Ordner 2014-03-09 14:57 - 2010-05-15 23:48 - 00000000 ____D () C:\Users\Alex\Documents\Visual Studio 2010 2014-03-07 18:44 - 2009-07-14 03:34 - 00001105 _____ () C:\Windows\System32\Drivers\etc\hosts.bak 2014-03-07 14:46 - 2014-02-27 22:17 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\VisualAssistAtmel 2014-03-07 14:46 - 2014-02-27 22:17 - 00000000 ____D () C:\Users\Alex\AppData\Local\VisualAssistAtmel 2014-03-07 14:03 - 2014-03-07 14:03 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\b4vfrbo.zvv 2014-03-07 14:02 - 2014-03-07 14:02 - 00220201 _____ (Microsoft Corporation) C:\ProgramData\obrfv4b.cpp 2014-03-06 23:57 - 2009-10-10 22:37 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\vlc 2014-03-06 11:25 - 2014-03-06 11:25 - 00001235 _____ () C:\Users\Alex\Desktop\Awavo Com Port Monitor.lnk 2014-03-06 11:25 - 2014-03-06 11:25 - 00000000 ____D () C:\Users\Alex\AppData\Local\Awavo 2014-03-06 01:58 - 2009-10-10 12:53 - 00002050 ____H () C:\Users\Alex\Documents\Default.rdp 2014-03-05 21:27 - 2009-07-14 18:58 - 01626168 _____ () C:\Windows\System32\perfh007.dat 2014-03-05 21:27 - 2009-07-14 18:58 - 00437876 _____ () C:\Windows\System32\perfc007.dat 2014-03-05 21:27 - 2009-07-14 06:13 - 00006682 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-02-27 22:42 - 2011-11-19 23:13 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microchip 2014-02-27 22:31 - 2014-02-27 22:09 - 00000000 ____D () C:\Users\Alex\Documents\Atmel Studio 2014-02-27 22:17 - 2014-02-27 22:17 - 00002122 _____ () C:\Users\Public\Desktop\Atmel Studio 6.2.lnk 2014-02-27 22:17 - 2014-02-27 22:17 - 00000000 ____D () C:\Users\Alex\AppData\Local\IsolatedStorage 2014-02-27 22:13 - 2014-02-27 21:19 - 00000000 ____D () C:\Program Files (x86)\Atmel 2014-02-27 22:09 - 2014-02-27 22:09 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Atmel 2014-02-27 22:09 - 2014-02-27 22:09 - 00000000 ____D () C:\Users\Alex\AppData\Local\Atmel 2014-02-27 22:09 - 2009-10-10 06:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-02-27 22:07 - 2014-02-27 22:07 - 00000000 ____D () C:\ProgramData\Package Cache 2014-02-27 22:07 - 2009-10-25 14:52 - 00049138 _____ () C:\Windows\DPINST.LOG 2014-02-27 21:59 - 2014-02-27 21:59 - 00000000 ____D () C:\Windows\SysWOW64\1033 2014-02-27 21:59 - 2010-05-15 23:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0 2014-02-27 21:43 - 2014-02-27 21:43 - 00000000 ____D () C:\Windows\System32\appmgmt 2014-02-27 21:20 - 2009-10-25 14:52 - 00000000 ____D () C:\Program Files\DIFX 2014-02-23 20:23 - 2012-04-01 13:32 - 00000000 ____D () C:\Users\Alex\AppData\Local\Microchip 2014-02-22 20:52 - 2013-12-29 11:39 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-02-22 20:52 - 2009-10-10 07:07 - 00254132 _____ () C:\Windows\PFRO.log 2014-02-16 01:32 - 2009-10-10 22:46 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\dvdcss 2014-02-13 20:44 - 2012-09-26 11:52 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk Files to move or delete: ==================== C:\ProgramData\b4vfrbo.fee C:\ProgramData\b4vfrbo.zvv Some content of TEMP: ==================== C:\Users\Alex\AppData\Local\Temp\3p35jfpw.dll C:\Users\Alex\AppData\Local\Temp\AlawarGameBoxWebSetup.exe C:\Users\Alex\AppData\Local\Temp\AskSLib.dll C:\Users\Alex\AppData\Local\Temp\avguidx.dll C:\Users\Alex\AppData\Local\Temp\AVG_toolbar.exe C:\Users\Alex\AppData\Local\Temp\bassmod.dll C:\Users\Alex\AppData\Local\Temp\devcpp-4.9.9.2_setup.exe C:\Users\Alex\AppData\Local\Temp\drm_dialogs.dll C:\Users\Alex\AppData\Local\Temp\drm_dyndata_7320012.dll C:\Users\Alex\AppData\Local\Temp\DTLite4355-0068.exe C:\Users\Alex\AppData\Local\Temp\e3h4e2k1.dll C:\Users\Alex\AppData\Local\Temp\FarmFrenzy3IceAge_1660.exe C:\Users\Alex\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe C:\Users\Alex\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe C:\Users\Alex\AppData\Local\Temp\FP_PL_PFS_INSTALLER-1.exe C:\Users\Alex\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\Alex\AppData\Local\Temp\fsprod.dll C:\Users\Alex\AppData\Local\Temp\fssfm.dll C:\Users\Alex\AppData\Local\Temp\glz25fip.dll C:\Users\Alex\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe C:\Users\Alex\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Alex\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe C:\Users\Alex\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe C:\Users\Alex\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Alex\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Alex\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Alex\AppData\Local\Temp\mejtrvfx.dll C:\Users\Alex\AppData\Local\Temp\nvStInst.exe C:\Users\Alex\AppData\Local\Temp\oi_{2F3721C9-2F45-48E3-A821-17F0907EEEA5}.exe C:\Users\Alex\AppData\Local\Temp\ose00000.exe C:\Users\Alex\AppData\Local\Temp\Paint.NET.3.5.8.Install.exe C:\Users\Alex\AppData\Local\Temp\preconfig.exe C:\Users\Alex\AppData\Local\Temp\qn5elkzf.dll C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe C:\Users\Alex\AppData\Local\Temp\Softonic_Deutsch.exe C:\Users\Alex\AppData\Local\Temp\tbSoft.dll C:\Users\Alex\AppData\Local\Temp\ubiE6E2.tmp.exe C:\Users\Alex\AppData\Local\Temp\vys.dll C:\Users\Alex\AppData\Local\Temp\yo0via0f.dll C:\Users\Alex\AppData\Local\Temp\z1amcgxy.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-02-27 21:27:20 Restore point made on: 2014-02-27 21:29:35 Restore point made on: 2014-02-27 21:41:09 Restore point made on: 2014-02-27 21:42:37 Restore point made on: 2014-02-27 21:43:49 Restore point made on: 2014-02-27 21:45:39 Restore point made on: 2014-02-27 21:46:35 Restore point made on: 2014-02-27 22:07:05 Restore point made on: 2014-02-27 22:09:05 Restore point made on: 2014-03-01 00:42:16 Restore point made on: 2014-03-09 16:01:08 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 4095.18 MB Available physical RAM: 3493.23 MB Total Pagefile: 4093.33 MB Available Pagefile: 3477.63 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:139.73 GB) (Free:43.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Daten) (Fixed) (Total:1397.26 GB) (Free:11.81 GB) NTFS Drive j: () (Removable) (Total:0.27 GB) (Free:0.26 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 140 GB) (Disk ID: C03FC8C5) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1397 GB) (Disk ID: 7F9DF4C9) Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS) ======================================================== Disk: 6 (Size: 15 GB) (Disk ID: 1A2CA942) Partition 1: (Active) - (Size=277 MB) - (Type=0B) LastRegBack: 2014-03-01 20:39 ==================== End Of Log ============================ lg dyoni |
Themen zu Interpol Trojaner |
adobe flash player, antivir, association, avg, avira, desktop, explorer, flash player, installation, monitor, opera, port, realtek, registry, rootkit, rundll, security, server, services.exe, software, svchost.exe, system, trojaner, vista, windows, winlogon.exe |