Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Bundestrojaner legt meinen PC lahm

Bundestrojaner legt meinen PC lahm


Plagegeister aller Art und deren Bekämpfung: Bundestrojaner legt meinen PC lahm

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 18.11.2013, 17:29   #1
Peregrino
 
Bundestrojaner legt meinen PC lahm - Standard

Bundestrojaner legt meinen PC lahm


Hallo,
mich hat wie viele andere der BKA-Trojaner erwischt. Der Bildschirm hängt fest. Der abgesicherte Modus hat nicht funktioniert.
Jetzt habe ich nach Durchstöbern der Themen das Farabr Recovery Scan Tool erfolgreich laufen lassen. Da ich nicht einschätzen kann, ob ich anderen Anleitungen folgen kann, hier das Logfile. Der PC ist noch im abgesicherten Modus nach dem Scan, da ich nicht weiß wie ich jetzt weiter verfahren soll.

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013 02
Ran by SYSTEM on MININT-BB1HU3V on 18-11-2013 16:50:35
Running from M:\
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [Ocs_SM] - C:\Users\Thom\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-07-07] (OCS)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1738968 2013-10-23] (Bitdefender)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-17] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-03] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-21] ()
HKU\Gast\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKU\Gast\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-09] (Google Inc.)
HKU\Thom\...\Run: [MultiScreen] - C:\Program Files (x86)\MultiScreen\MultiScreen.exe [303104 2009-08-11] ()
HKU\Thom\...\Run: [Bitdefender-Geldbörse-Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [564256 2013-10-28] (Bitdefender)
HKU\Thom\...\Run: [Bitdefender-Geldbörse] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1004608 2013-10-23] (Bitdefender)
HKU\Thom\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [621448 2013-10-23] (Bitdefender)
HKU\Thom2\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-21] ()
Startup: C:\Users\Thom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7wl7jwlh.lnk
ShortcutTarget: 7wl7jwlh.lnk -> C:\PROGRA~3\hlwj7lw7.dss ()

==================== Services (Whitelisted) =================

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77120 2013-10-14] (Bitdefender)
S2 GFilterSvc; C:\Windows\System32\GFilterSvc.exe [121856 2013-07-07] ()
S2 lsm32; C:\Windows\system32\Wwanqref.exe [117760 2013-07-10] ()
S2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-26] ()
S2 SearchAnonymizer; C:\Users\Thom\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2013-07-07] ()
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1506736 2013-10-23] (Bitdefender)
S2 Winmgmt; C:\ProgramData\7wl7jwlh.pss [61024 2013-11-18] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
S3 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [x]

==================== Drivers (Whitelisted) ====================

S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-07-19] (BitDefender)
S3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-07-19] (BitDefender)
S1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-07-23] (BitDefender SRL)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 X6va005; \??\C:\Users\Thom\AppData\Local\Temp\005BC3F.tmp [x]
S3 X6va006; \??\C:\Users\Thom\AppData\Local\Temp\0067AE0.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [x]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-18 16:50 - 2013-11-18 16:50 - 00000000 ____D C:\FRST
2013-11-18 06:51 - 2013-11-18 06:51 - 00000020 ___SH C:\Users\Thom2\ntuser.ini
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Vorlagen
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Startmenü
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Netzwerkumgebung
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Lokale Einstellungen
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Eigene Dateien
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Druckumgebung
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Documents\Eigene Musik
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Documents\Eigene Bilder
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\AppData\Local\Verlauf
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\AppData\Local\Anwendungsdaten
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Anwendungsdaten
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 ____D C:\users\Thom2
2013-11-18 06:47 - 2013-11-18 06:47 - 00000285 _____ C:\ProgramData\7wl7jwlh.reg
2013-11-18 06:46 - 2013-11-18 07:13 - 95025368 ____T C:\ProgramData\7wl7jwlh.bxx
2013-11-18 06:46 - 2013-11-18 07:12 - 00000000 _____ C:\ProgramData\7wl7jwlh.fvv
2013-11-18 06:46 - 2013-11-18 06:46 - 00180224 _____ C:\ProgramData\hlwj7lw7.dss
2013-11-18 06:46 - 2013-11-18 06:46 - 00061024 ____T (Microsoft Corporation) C:\ProgramData\7wl7jwlh.pss
2013-11-17 04:43 - 2013-11-17 05:08 - 00000000 ____D C:\Program Files (x86)\Virtual Magnifying Glass
2013-11-17 04:42 - 2013-11-17 04:42 - 01236307 _____ (                                                            ) C:\Users\Thom\Downloads\Virtualmagnifyer3.5_install.exe
2013-11-16 09:06 - 2013-11-16 09:32 - 00000000 ____D C:\Users\Thom\Documents\0000Selbständigkeit
2013-11-12 23:15 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-12 23:15 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-12 23:15 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-12 23:15 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-12 23:15 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-12 23:15 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-12 23:15 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-12 23:15 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-12 23:15 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-12 23:15 - 2013-10-12 00:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-12 23:15 - 2013-10-12 00:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-12 23:15 - 2013-10-12 00:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-12 23:15 - 2013-10-12 00:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-12 23:15 - 2013-10-12 00:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-12 23:15 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 23:15 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 23:15 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 23:15 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 23:15 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 23:15 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 23:15 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 23:15 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 23:15 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 23:15 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 23:15 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 23:15 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 23:15 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 23:15 - 2013-10-11 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-12 23:15 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 23:15 - 2013-10-11 21:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-12 23:15 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 22:48 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-12 22:48 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-12 22:47 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-12 22:47 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-12 22:47 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-12 22:47 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-12 22:47 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-12 22:47 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-12 22:47 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-12 22:47 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-12 22:47 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-12 22:47 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-12 22:47 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-12 22:47 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-12 22:47 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 22:47 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-12 22:47 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-12 22:47 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-12 22:47 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-12 22:47 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-12 22:47 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-12 22:47 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-12 22:47 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-12 22:47 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-12 22:47 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-12 22:47 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-12 22:47 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-12 22:47 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-12 22:47 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-12 22:47 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-10 05:59 - 2013-11-10 06:08 - 00002675 _____ C:\Users\Public\Desktop\QuickSteuer 2013.lnk
2013-11-10 00:44 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-11-10 00:44 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-11-10 00:44 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-11-10 00:44 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-11-10 00:44 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-11-10 00:44 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-11-10 00:44 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-11-06 10:13 - 2013-11-06 10:13 - 00000385 _____ C:\Users\Thom\AppData\Roaminguser_gensett.xml
2013-11-04 14:48 - 2013-11-04 14:48 - 00076944 _____ (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
2013-11-04 14:37 - 2013-11-04 14:37 - 00660914 _____ C:\ProgramData\1383603996.bdinstall.bin
2013-11-04 14:36 - 2013-11-04 14:36 - 00002194 _____ C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2013-11-04 14:36 - 2013-11-04 14:36 - 00002075 _____ C:\Users\Public\Desktop\Bitdefender Internet Security.lnk
2013-11-04 14:36 - 2013-11-04 14:36 - 00000684 ____H C:\bdr-cf01
2013-11-04 14:36 - 2013-11-04 14:36 - 00000385 _____ C:\Windows\System32\user_gensett.xml
2013-11-04 14:36 - 2013-11-04 14:36 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2013-11-04 14:36 - 2013-11-04 14:36 - 00000000 ____D C:\ProgramData\BDLogging
2013-11-04 14:36 - 2013-07-23 06:50 - 00082824 _____ (BitDefender SRL) C:\Windows\System32\Drivers\bdsandbox.sys
2013-11-04 14:36 - 2013-07-19 08:08 - 00601360 _____ (BitDefender) C:\Windows\System32\Drivers\avckf.sys
2013-11-04 14:36 - 2013-07-19 08:04 - 00727592 _____ (BitDefender) C:\Windows\System32\Drivers\avc3.sys
2013-11-04 14:36 - 2013-02-22 09:46 - 00093600 _____ (BitDefender LLC) C:\Windows\System32\Drivers\BdfNdisf6.sys
2013-11-04 14:36 - 2012-11-02 04:17 - 00261056 _____ (BitDefender) C:\Windows\System32\Drivers\avchv.sys
2013-11-04 14:36 - 2009-07-14 15:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2013-11-04 14:36 - 2007-04-11 01:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2013-11-04 14:30 - 2013-11-04 14:36 - 00253404 ____H C:\bdr-ld01
2013-11-04 14:30 - 2013-11-04 14:36 - 00009216 ____H C:\bdr-ld01.mbr
2013-11-04 14:30 - 2013-11-04 14:30 - 00000000 ____D C:\Users\Thom\AppData\Roaming\Bitdefender
2013-11-04 14:30 - 2013-09-24 06:38 - 46879860 ____H C:\bdr-im01.gz
2013-11-04 14:30 - 2013-08-13 03:38 - 03271472 ____H C:\bdr-bz01
2013-11-04 14:26 - 2013-11-04 14:49 - 00000000 ____D C:\ProgramData\Bitdefender
2013-11-04 14:26 - 2013-11-04 14:26 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-11-04 14:26 - 2013-11-04 14:26 - 00000000 ____D C:\Program Files\Bitdefender
2013-11-04 14:26 - 2013-08-23 03:48 - 00150256 _____ (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys
2013-11-04 14:26 - 2013-08-07 03:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2013-11-04 13:51 - 2013-11-04 13:51 - 05701712 _____ C:\Users\Thom\Downloads\bitdefender-isecurity.exe
2013-11-01 02:34 - 2013-11-18 07:37 - 00004163 _____ C:\Windows\setupact.log
2013-11-01 02:34 - 2013-11-01 02:34 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2013-11-18 16:50 - 2013-11-18 16:50 - 00000000 ____D C:\FRST
2013-11-18 07:38 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-18 07:37 - 2013-11-01 02:34 - 00004163 _____ C:\Windows\setupact.log
2013-11-18 07:19 - 2009-09-13 03:40 - 01845734 _____ C:\Windows\WindowsUpdate.log
2013-11-18 07:19 - 2009-07-13 20:45 - 00014832 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-18 07:19 - 2009-07-13 20:45 - 00014832 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-18 07:14 - 2012-03-29 22:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-18 07:13 - 2013-11-18 06:46 - 95025368 ____T C:\ProgramData\7wl7jwlh.bxx
2013-11-18 07:12 - 2013-11-18 06:46 - 00000000 _____ C:\ProgramData\7wl7jwlh.fvv
2013-11-18 07:12 - 2010-01-23 15:20 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-18 06:51 - 2013-11-18 06:51 - 00000020 ___SH C:\Users\Thom2\ntuser.ini
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Vorlagen
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Startmenü
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Netzwerkumgebung
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Lokale Einstellungen
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Eigene Dateien
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Druckumgebung
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Documents\Eigene Musik
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Documents\Eigene Bilder
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\AppData\Local\Verlauf
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\AppData\Local\Anwendungsdaten
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 _SHDL C:\Users\Thom2\Anwendungsdaten
2013-11-18 06:51 - 2013-11-18 06:51 - 00000000 ____D C:\users\Thom2
2013-11-18 06:47 - 2013-11-18 06:47 - 00000285 _____ C:\ProgramData\7wl7jwlh.reg
2013-11-18 06:46 - 2013-11-18 06:46 - 00180224 _____ C:\ProgramData\hlwj7lw7.dss
2013-11-18 06:46 - 2013-11-18 06:46 - 00061024 ____T (Microsoft Corporation) C:\ProgramData\7wl7jwlh.pss
2013-11-18 06:32 - 2010-01-23 15:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-18 06:27 - 2013-03-16 02:52 - 00000000 ____D C:\Users\Thom\Desktop\DSO
2013-11-17 12:39 - 2013-08-18 08:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 05:08 - 2013-11-17 04:43 - 00000000 ____D C:\Program Files (x86)\Virtual Magnifying Glass
2013-11-17 04:42 - 2013-11-17 04:42 - 01236307 _____ (                                                            ) C:\Users\Thom\Downloads\Virtualmagnifyer3.5_install.exe
2013-11-16 16:47 - 2011-09-09 13:18 - 00001025 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-16 16:47 - 2009-12-06 07:22 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-11-16 09:34 - 2009-09-08 14:47 - 00666512 _____ C:\Windows\System32\perfh007.dat
2013-11-16 09:34 - 2009-09-08 14:47 - 00135440 _____ C:\Windows\System32\perfc007.dat
2013-11-16 09:34 - 2009-07-13 21:13 - 01527740 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-16 09:32 - 2013-11-16 09:06 - 00000000 ____D C:\Users\Thom\Documents\0000Selbständigkeit
2013-11-16 09:07 - 2010-01-03 04:24 - 00000000 ____D C:\Users\Thom\Documents\01 Büro
2013-11-15 08:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 23:38 - 2013-07-20 13:26 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-13 10:43 - 2009-12-25 06:40 - 00000000 ____D C:\Users\Thom\AppData\Local\Adobe
2013-11-13 10:21 - 2012-03-29 22:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-13 10:21 - 2012-03-29 22:27 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-13 10:21 - 2011-06-02 04:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-13 10:16 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2013-11-12 23:15 - 2013-08-14 14:56 - 00000000 ____D C:\Windows\System32\MRT
2013-11-12 23:13 - 2009-12-06 01:53 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-10 06:08 - 2013-11-10 05:59 - 00002675 _____ C:\Users\Public\Desktop\QuickSteuer 2013.lnk
2013-11-10 06:01 - 2010-12-28 06:18 - 00000000 ____D C:\Users\Thom\AppData\Local\Lexware
2013-11-08 16:44 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Microsoft Games
2013-11-06 10:13 - 2013-11-06 10:13 - 00000385 _____ C:\Users\Thom\AppData\Roaminguser_gensett.xml
2013-11-04 14:49 - 2013-11-04 14:26 - 00000000 ____D C:\ProgramData\Bitdefender
2013-11-04 14:48 - 2013-11-04 14:48 - 00076944 _____ (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
2013-11-04 14:39 - 2013-01-29 15:14 - 00000000 ____D C:\Program Files (x86)\SaveAs
2013-11-04 14:37 - 2013-11-04 14:37 - 00660914 _____ C:\ProgramData\1383603996.bdinstall.bin
2013-11-04 14:36 - 2013-11-04 14:36 - 00002194 _____ C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2013-11-04 14:36 - 2013-11-04 14:36 - 00002075 _____ C:\Users\Public\Desktop\Bitdefender Internet Security.lnk
2013-11-04 14:36 - 2013-11-04 14:36 - 00000684 ____H C:\bdr-cf01
2013-11-04 14:36 - 2013-11-04 14:36 - 00000385 _____ C:\Windows\System32\user_gensett.xml
2013-11-04 14:36 - 2013-11-04 14:36 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2013-11-04 14:36 - 2013-11-04 14:36 - 00000000 ____D C:\ProgramData\BDLogging
2013-11-04 14:36 - 2013-11-04 14:30 - 00253404 ____H C:\bdr-ld01
2013-11-04 14:36 - 2013-11-04 14:30 - 00009216 ____H C:\bdr-ld01.mbr
2013-11-04 14:30 - 2013-11-04 14:30 - 00000000 ____D C:\Users\Thom\AppData\Roaming\Bitdefender
2013-11-04 14:26 - 2013-11-04 14:26 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-11-04 14:26 - 2013-11-04 14:26 - 00000000 ____D C:\Program Files\Bitdefender
2013-11-04 13:51 - 2013-11-04 13:51 - 05701712 _____ C:\Users\Thom\Downloads\bitdefender-isecurity.exe
2013-11-01 02:34 - 2013-11-01 02:34 - 00000000 _____ C:\Windows\setuperr.log
2013-10-28 13:59 - 2011-04-21 16:29 - 00298584 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-28 13:59 - 2011-04-21 16:28 - 00298584 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-28 13:58 - 2010-06-23 10:40 - 00000000 ____D C:\Users\Thom\AppData\Local\Deployment
2013-10-27 05:40 - 2009-12-06 08:06 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-10-26 04:56 - 2011-04-21 16:28 - 00298584 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-26 04:54 - 2011-04-21 16:28 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-23 13:42 - 2009-12-06 03:14 - 00000000 ____D C:\Users\Thom\Documents\000 Dänemark
2013-10-23 11:21 - 2013-08-03 06:01 - 00000000 ____D C:\Program Files (x86)\Opera
2013-10-20 06:43 - 2009-07-13 21:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\ProgramData\7wl7jwlh.pss
C:\ProgramData\7wl7jwlh.reg
C:\ProgramData\hlwj7lw7.dss


Some content of TEMP:
====================
C:\Users\Thom\AppData\Local\Temp\~tmf6128170155661299304.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

4
Restore point made on: 2013-11-08 16:44:28
Restore point made on: 2013-11-09 07:21:41
Restore point made on: 2013-11-10 00:44:58
Restore point made on: 2013-11-12 23:13:03

==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 6143.18 MB
Available physical RAM: 5360.55 MB
Total Pagefile: 6141.33 MB
Available Pagefile: 5358.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:999.99 GB) (Free:811.14 GB) NTFS
Drive d: (X) (Fixed) (Total:382.17 GB) (Free:382.04 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:15 GB) (Free:3.13 GB) NTFS
Drive m: (USB DISK) (Removable) (Total:7.27 GB) (Free:6.52 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 3A331294)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1000 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=382 GB) - (Type=OF Extended)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)


LastRegBack: 2013-11-10 05:45

==================== End Of Log ============================
--- --- ---

--- --- ---


Bitte entschuldigt. Ich vergaß in all der Aufregung:

Dankeschön im voraus für die Hilfe

Peregrino

ich habe Win 7 (x64)

 

Themen zu Bundestrojaner legt meinen PC lahm
adobe, adobe flash player, association, bildschirm, combofix, defender, explorer, explorer.exe, farbar recovery scan tool, firewall, flash player, google, hotkey, hängt, microsoft, mozilla, realtek, registry, scan, secur, services.exe, software, svchost.exe, system, temp, windows xp, winlogon.exe


« Nationzoom | AviraScan hat jede menge Viren gefunden und in Quarantäne geschoben! Rechner jetzt clean??? »


Ähnliche Themen: Bundestrojaner legt meinen PC lahm


  1. PassWidget als Add-On legt meinen Browser lahm - wie kann ich das entfernen?
    Log-Analyse und Auswertung - 18.02.2014 (11)
  2. Interpol Trojaner legt meinen PC lahm
    Log-Analyse und Auswertung - 17.09.2013 (8)
  3. GVU legt XP lahm
    Log-Analyse und Auswertung - 11.09.2013 (7)
  4. Bitte um Hilfe -Virus legt meinen PC lahm
    Log-Analyse und Auswertung - 07.07.2013 (31)
  5. BKA Trojaner legt meinen Festrechner mitsamt 1TB Externe Festplatte lahm....
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (3)
  6. Folgende Fehlermeldung legt meinen LapTop lahm: "ihr computer wurde durch das system der automatischen informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 28.09.2012 (32)
  7. svchost legt meinen pc lahm
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (9)
  8. Was legt meinen PC und das Internet so lahm?
    Log-Analyse und Auswertung - 07.05.2012 (13)
  9. Bundeskriminalamt-Virus legt meinen Laptop lahm
    Plagegeister aller Art und deren Bekämpfung - 19.01.2012 (41)
  10. Programm "Spyware Protection" legt meinen Computer lahm und will gekauft werden.
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (2)
  11. avp.exe legt pc lahm
    Plagegeister aller Art und deren Bekämpfung - 15.12.2010 (25)
  12. Antispyware soft demo legt meinen Rechner lahm
    Plagegeister aller Art und deren Bekämpfung - 17.05.2010 (1)
  13. WIJZCLUE.exe legt meinen PC lahm! Was ist das?
    Plagegeister aller Art und deren Bekämpfung - 08.02.2010 (1)
  14. Trojaner.Fakealert - Legt meinen PC lahm
    Plagegeister aller Art und deren Bekämpfung - 19.02.2009 (20)
  15. svchost. exe legt meinen Ton lahm
    Log-Analyse und Auswertung - 06.02.2009 (5)
  16. Trojaner der meinen Sound lahm legt!
    Plagegeister aller Art und deren Bekämpfung - 27.03.2008 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundestrojaner legt meinen PC lahm - Hallo, mich hat wie viele andere der BKA-Trojaner erwischt. Der Bildschirm hängt fest. Der abgesicherte Modus hat nicht funktioniert. Jetzt habe ich nach Durchstöbern der Themen das Farabr Recovery Scan - Bundestrojaner legt meinen PC lahm...
Archiv
Du betrachtest: Bundestrojaner legt meinen PC lahm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19