GVU Trojaner ohne Abgesicherten Modus

Rossinho85 · 13.04.2014, 11:02

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2014 01
Ran by SYSTEM on MINWINPC on 13-04-2014 11:53:33
Running from G:\
Windows Vista (TM) Ultimate (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [86016 2007-07-19] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8466432 2007-07-19] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2007-07-19] (NVIDIA Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-04-25] (Intel Corporation)
HKLM\...\Run: [TrayServer] - C:\Program Files\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe [90112 2008-01-17] (MAGIX AG)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [lxctmon.exe] - C:\Program Files\Lexmark 5400 Series\lxctmon.exe [291760 2006-11-22] ()
HKLM\...\Run: [Lexmark 5400 Series Fax Server] - C:\Program Files\Lexmark 5400 Series\fm3032.exe [304048 2006-11-22] ()
HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark 5400 Series\ezprint.exe [82864 2006-11-22] (Lexmark International Inc.)
HKLM\...\Run: [LXCTCATS] - C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll [106496 2006-11-21] (Lexmark International Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-08-01] (RealNetworks, Inc.)
HKU\André\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\André\...\Run: [ICQ] - C:\Program Files\ICQ7.0\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\André\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [435672 2011-11-14] (TomTom)
HKU\André\...\Run: [NTRedirect] - C:\Windows\system32\rundll32.exe  "C:\Users\André\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
HKU\André\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-07-13] (Google Inc.)
HKU\André\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\André\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j7tlcmqlfe.lnk
ShortcutTarget: j7tlcmqlfe.lnk -> C:\ProgramData\2992199F9A\eflqmclt7j.cpp (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S2 gupdate1ca03fe296cc090; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-07-13] (Google Inc.)
S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [246520 2010-01-03] ()
S2 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
S2 O&O Defrag; C:\Windows\system32\oodag.exe [1050120 2007-05-11] (O&O Software GmbH)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-10-19] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [307968 2008-07-08] (TuneUp Software GmbH)
S2 VideoAcceleratorService; C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe [281768 2013-08-01] (SPEEDbit)
S2 Winmgmt; C:\ProgramData\2992199F9A\eflqmclt7j.cpp [186665 2014-04-09] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277736 2008-07-30] (Protect Software GmbH)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-01-01] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [28048 2010-02-05] (CSR, plc)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-01-01] ()
S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [90280 2009-05-25] (MCCI Corporation)
S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [15016 2009-05-25] (MCCI Corporation)
S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [122280 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [115880 2009-05-25] (MCCI Corporation)
S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [26024 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [111912 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [116904 2009-05-25] (MCCI Corporation)
S0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc)
S0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)
S0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-07-08] (Duplex Secure Ltd.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-10] (Avira GmbH)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [485920 2008-11-11] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45344 2008-11-11] (eMPIA Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 ____D () C:\FRST
2014-04-13 10:14 - 2014-04-13 10:14 - 00143496 _____ () C:\Windows\Minidump\Mini041314-01.dmp
2014-04-09 09:29 - 2014-04-13 10:17 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-08 21:32 - 2014-04-08 21:32 - 00143496 _____ () C:\Windows\Minidump\Mini040814-01.dmp
2014-03-31 17:01 - 2014-03-31 17:01 - 00143496 _____ () C:\Windows\Minidump\Mini033114-01.dmp
2014-03-20 20:19 - 2014-03-20 20:19 - 00000000 ____D () C:\Users\André\Documents\MAGIX_Filme_auf_DVD_7_TerraTec_Edition

==================== One Month Modified Files and Folders =======

2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 ____D () C:\FRST
2014-04-13 10:38 - 2008-07-08 16:35 - 00004268 _____ () C:\Windows\bthservsdp.dat
2014-04-13 10:38 - 2006-11-02 13:51 - 01811305 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 10:38 - 2006-11-02 13:46 - 00003664 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 10:38 - 2006-11-02 13:46 - 00003664 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 10:17 - 2014-04-09 09:29 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-13 10:16 - 2008-07-08 21:25 - 02882189 _____ () C:\Windows\System32\oodbs.lor
2014-04-13 10:14 - 2014-04-13 10:14 - 00143496 _____ () C:\Windows\Minidump\Mini041314-01.dmp
2014-04-13 10:14 - 2014-03-03 20:31 - 254352636 _____ () C:\Windows\MEMORY.DMP
2014-04-13 10:14 - 2008-09-23 15:00 - 00000000 ____D () C:\Windows\Minidump
2014-04-09 07:56 - 2006-11-02 11:33 - 01575894 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-08 21:39 - 2013-10-22 22:56 - 00048345 _____ () C:\Users\André\Desktop\Finanzen 2014.xlsx
2014-04-08 21:32 - 2014-04-08 21:32 - 00143496 _____ () C:\Windows\Minidump\Mini040814-01.dmp
2014-04-04 13:43 - 2008-08-16 15:21 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-04-04 10:58 - 2012-11-13 13:04 - 00000000 ____D () C:\ProgramData\Origin
2014-04-04 10:57 - 2012-11-13 13:04 - 00000000 ____D () C:\Program Files\Origin
2014-03-31 17:01 - 2014-03-31 17:01 - 00143496 _____ () C:\Windows\Minidump\Mini033114-01.dmp
2014-03-21 15:04 - 2010-08-10 09:26 - 00000000 ____D () C:\Program Files\Lx_cats
2014-03-20 20:19 - 2014-03-20 20:19 - 00000000 ____D () C:\Users\André\Documents\MAGIX_Filme_auf_DVD_7_TerraTec_Edition
2014-03-19 01:21 - 2013-07-23 10:50 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-19 01:19 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-03-14 21:09 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-14 20:53 - 2006-11-02 13:46 - 01762408 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-14 20:51 - 2008-08-10 10:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\André\AppData\Local\Temp\avgnt.exe
C:\Users\André\AppData\Local\Temp\YO28.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 4093.63 MB
Available physical RAM: 3608.28 MB
Total Pagefile: 3843 MB
Available Pagefile: 3681 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:52.73 GB) (Free:1.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:233.64 GB) (Free:29.58 GB) NTFS
Drive e: (CD_ROM) (CDROM) (Total:2.99 GB) (Free:0 GB) CDFS
Drive f: (WinRE) (Fixed) (Total:11.72 GB) (Free:5.04 GB) NTFS
Drive g: (USB DISK) (Removable) (Total:14.93 GB) (Free:2.93 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 5029B376)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=53 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=234 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)

Partition: GPT Partition Type.


LastRegBack: 2014-04-13 10:24

==================== End Of Log ============================

GVU Trojaner ohne Abgesicherten Modus

Log-Analyse und Auswertung: GVU Trojaner ohne Abgesicherten Modus

GVU Trojaner ohne Abgesicherten Modus

Ähnliche Themen: GVU Trojaner ohne Abgesicherten Modus