Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BKA Trojaner: FRST, was nun?

BKA Trojaner: FRST, was nun?


Log-Analyse und Auswertung: BKA Trojaner: FRST, was nun?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 23.11.2013, 21:27   #1
schak
 
BKA Trojaner: FRST, was nun? - Standard

BKA Trojaner: FRST, was nun?


Guten Abend!

Auf meinem Laptop hat sich ein BKA-Trojaner eingeschlichen... Betriebssystem ist Windows 7. Ein Boot im abgesicherten Modus war nicht möglich. FRST habe ich durchgeführt und Ergebnis hochgeladen:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013 03
Ran by SYSTEM on MININT-QS4BRRI on 22-11-2013 21:03:49
Running from H:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2009-12-11] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [36864 2009-10-13] ()
HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5879608 2009-08-26] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo dCute] - C:\Program Files\Lenovo\ThinkPad USB Port Replicator with Digital Video\dcute.exe [686080 2010-02-26] (Lenovo)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe [415816 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093128 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4271688 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.Exe [236544 2008-10-10] (Logitech, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [Bdagent] - C:\Program Files\BitDefender\Bitdefender\bdagent.exe [1738968 2013-10-23] (Bitdefender)
HKLM-x32\...\Run: [PWMTRV] - C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1101672 2010-01-05] (Lenovo Group Limited)
HKLM-x32\...\Run: [Message Center Plus] - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2010-07-12] (Nullsoft, Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [273544 2011-02-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-10-31] (LogMeIn Inc.)
HKU\Default\...\RunOnce: [wlstart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-08-19] (Microsoft Corporation)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [wlstart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-08-19] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
Lsa: [Notification Packages] scecli ACGina

==================== Services (Whitelisted) =================

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77120 2013-10-14] (Bitdefender)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-06-02] (Symantec Corporation)
S2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [126392 2011-11-07] (Symantec Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-10-01] ()
S2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [331512 2010-02-05] (QUALCOMM, Inc.)
S2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S2 ScrProj; C:\Program Files\Lenovo\ThinkPad USB Port Replicator with Digital Video\dqscrproj.exe [88576 2010-02-26] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()
S2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1506736 2013-10-23] (Bitdefender)
S2 Winmgmt; C:\ProgramData\rzj29j6jw.pss [60516 2013-11-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ALvldr; C:\Windows\System32\DRIVERS\ALvldr.sys [28736 2010-02-26] (Lenovo Soft Corporation(32))
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-07-19] (BitDefender)
S3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-07-19] (BitDefender)
S1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-07-23] (BitDefender SRL)
S1 Bdvedisk; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S1 dqBridge; C:\Windows\System32\DRIVERS\dqbridge.sys [57408 2010-02-26] ()
S3 dqusb; C:\Windows\System32\DRIVERS\dqusb.sys [29688 2009-08-06] (Lenovo)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 lvlddrv; C:\Windows\System32\DRIVERS\lvlddrv.sys [94784 2010-02-26] (Lenovo Soft Corporation(32))
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [6400 2010-02-05] (QUALCOMM Incorporated)
S3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [241664 2010-02-05] (QUALCOMM Incorporated)
S3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [121600 2010-02-05] (QUALCOMM Incorporated)
S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [116264 2009-05-25] (MCCI Corporation)
S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [19496 2009-05-25] (MCCI Corporation)
S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [158760 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [139304 2009-05-25] (MCCI Corporation)
S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [34856 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [135208 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [151592 2009-05-25] (MCCI Corporation)
S1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-01-05] ()
S0 Trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 PCDSRVC{127174DC-C366ED8B-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-23 10:57 - 2013-11-23 10:57 - 00003224 ____N C:\bootsqm.dat
2013-11-23 09:15 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-23 09:15 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-23 09:15 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-23 09:15 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-23 09:15 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-23 09:15 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-23 09:15 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-23 09:15 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-23 09:15 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-23 09:15 - 2013-10-12 00:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-23 09:15 - 2013-10-12 00:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-23 09:15 - 2013-10-12 00:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-23 09:15 - 2013-10-12 00:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-23 09:15 - 2013-10-12 00:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-23 09:15 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-23 09:15 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-23 09:15 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-23 09:15 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-23 09:15 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-23 09:15 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-23 09:15 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-23 09:15 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-23 09:15 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-23 09:15 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-23 09:15 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-23 09:15 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-23 09:15 - 2013-10-11 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-23 09:15 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-23 09:15 - 2013-10-11 21:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-23 09:15 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-23 09:14 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-23 09:08 - 2013-11-23 09:08 - 00000291 _____ C:\ProgramData\rzj29j6jw.reg
2013-11-23 09:07 - 2013-11-23 09:07 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\wj6j92jzr.dss
2013-11-23 09:07 - 2013-11-23 09:07 - 00060516 ____T (Microsoft Corporation) C:\ProgramData\rzj29j6jw.pss
2013-11-23 09:07 - 2013-11-22 11:40 - 95025368 ____T C:\ProgramData\rzj29j6jw.bxx
2013-11-23 09:07 - 2013-11-22 11:40 - 00000000 _____ C:\ProgramData\rzj29j6jw.fvv
2013-11-23 09:00 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-23 09:00 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-23 09:00 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-23 09:00 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-23 09:00 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-23 09:00 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-23 09:00 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-23 09:00 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-23 09:00 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-23 08:59 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-23 08:59 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-23 08:59 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-23 08:59 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-23 08:59 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-23 08:59 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-23 08:59 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-23 08:59 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-23 08:59 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-23 08:59 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-23 08:59 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-23 08:59 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-23 08:59 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-23 08:59 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-23 08:59 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-23 08:59 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-23 08:59 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-23 08:59 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-23 08:59 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-23 08:59 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-23 08:59 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-22 21:03 - 2013-11-22 21:03 - 00000000 ____D C:\FRST
2013-11-08 10:02 - 2013-11-23 09:22 - 00003216 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3112642421-3913958396-2466649522-1007
2013-11-08 09:33 - 2013-11-08 09:33 - 00789754 _____ C:\ProgramData\1383930215.bdinstall.bin
2013-11-08 09:18 - 2013-11-08 09:19 - 00000000 ____D C:\ProgramData\BDLogging
2013-11-08 09:18 - 2013-11-08 09:18 - 00000684 ____H C:\bdr-cf01
2013-11-08 09:18 - 2013-11-08 09:18 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2013-11-08 09:17 - 2013-07-23 06:50 - 00082824 _____ (BitDefender SRL) C:\Windows\System32\Drivers\bdsandbox.sys
2013-11-08 09:17 - 2013-07-19 08:08 - 00601360 _____ (BitDefender) C:\Windows\System32\Drivers\avckf.sys
2013-11-08 09:17 - 2013-07-19 08:04 - 00727592 _____ (BitDefender) C:\Windows\System32\Drivers\avc3.sys
2013-11-08 09:17 - 2013-02-22 09:46 - 00093600 _____ (BitDefender LLC) C:\Windows\System32\Drivers\BdfNdisf6.sys
2013-11-08 09:17 - 2012-11-02 04:17 - 00261056 _____ (BitDefender) C:\Windows\System32\Drivers\avchv.sys
2013-11-08 09:17 - 2012-04-17 04:34 - 00076944 _____ (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
2013-11-08 09:17 - 2007-04-11 01:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2013-11-08 09:09 - 2013-11-08 09:18 - 00253404 ____H C:\bdr-ld01
2013-11-08 09:09 - 2013-11-08 09:18 - 00009216 ____H C:\bdr-ld01.mbr
2013-11-08 09:09 - 2013-09-24 06:38 - 46879860 ____H C:\bdr-im01.gz
2013-11-08 09:09 - 2013-08-13 03:38 - 03271472 ____H C:\bdr-bz01
2013-11-08 09:03 - 2013-08-23 03:48 - 00150256 _____ (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys
2013-11-08 09:03 - 2013-08-07 03:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2013-11-08 08:57 - 2013-11-08 09:00 - 00000000 _____ C:\Windows\System32\獷楬汢捯污
2013-11-04 07:53 - 2013-11-04 07:53 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-02 11:07 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-11-02 11:07 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-11-02 11:07 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-11-02 11:07 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-11-02 11:07 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-11-02 11:07 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-11-02 11:07 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-11-02 11:04 - 2013-11-02 11:04 - 00004865 _____ C:\WirelessDiagLog.csv
2013-11-02 10:12 - 2012-01-13 20:41 - 00068864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys
2013-11-02 10:10 - 2013-11-02 10:10 - 00000030 _____ C:\Windows\success32.log
2013-11-02 10:09 - 2013-11-02 10:09 - 00000030 _____ C:\Windows\success64.log

==================== One Month Modified Files and Folders =======

2013-11-23 11:23 - 2009-07-13 21:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-23 10:57 - 2013-11-23 10:57 - 00003224 ____N C:\bootsqm.dat
2013-11-23 09:29 - 2011-02-25 11:06 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-23 09:23 - 2010-11-10 13:45 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{729EE656-F272-42D3-AAC6-5756CB503C55}
2013-11-23 09:22 - 2013-11-08 10:02 - 00003216 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3112642421-3913958396-2466649522-1007
2013-11-23 09:20 - 2011-02-25 11:06 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-23 09:20 - 2009-07-24 09:29 - 00000000 ____D C:\Windows\Panther
2013-11-23 09:13 - 2013-08-15 04:32 - 00000000 ____D C:\Windows\System32\MRT
2013-11-23 09:10 - 2010-07-07 11:50 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-23 09:10 - 2010-04-24 21:09 - 04031904 _____ C:\Windows\System32\perfh007.dat
2013-11-23 09:10 - 2010-04-24 21:09 - 01225272 _____ C:\Windows\System32\perfc007.dat
2013-11-23 09:10 - 2009-07-13 21:13 - 00006264 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-23 09:08 - 2013-11-23 09:08 - 00000291 _____ C:\ProgramData\rzj29j6jw.reg
2013-11-23 09:07 - 2013-11-23 09:07 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\wj6j92jzr.dss
2013-11-23 09:07 - 2013-11-23 09:07 - 00060516 ____T (Microsoft Corporation) C:\ProgramData\rzj29j6jw.pss
2013-11-23 08:44 - 2012-10-24 12:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-22 21:03 - 2013-11-22 21:03 - 00000000 ____D C:\FRST
2013-11-22 11:59 - 2010-04-24 11:19 - 02058211 _____ C:\Windows\WindowsUpdate.log
2013-11-22 11:52 - 2009-07-13 20:45 - 00020704 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-22 11:52 - 2009-07-13 20:45 - 00020704 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-22 11:45 - 2010-12-10 12:13 - 00000000 ____D C:\Windows\SysWOW64\logishrd
2013-11-22 11:45 - 2010-12-10 12:13 - 00000000 ____D C:\Windows\System32\logishrd
2013-11-22 11:45 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-22 11:44 - 2013-10-22 10:08 - 00006694 _____ C:\Windows\setupact.log
2013-11-22 11:40 - 2013-11-23 09:07 - 95025368 ____T C:\ProgramData\rzj29j6jw.bxx
2013-11-22 11:40 - 2013-11-23 09:07 - 00000000 _____ C:\ProgramData\rzj29j6jw.fvv
2013-11-22 11:40 - 2010-07-25 07:03 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-12 05:33 - 2012-10-24 12:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-12 05:33 - 2012-10-24 12:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-12 05:33 - 2011-06-08 09:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-08 12:00 - 2010-04-24 11:55 - 00000340 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-11-08 10:29 - 2013-10-04 04:44 - 00000000 ____D C:\ProgramData\LogMeIn
2013-11-08 09:48 - 2010-11-08 08:39 - 00000000 ____D C:\ProgramData\BitDefender
2013-11-08 09:33 - 2013-11-08 09:33 - 00789754 _____ C:\ProgramData\1383930215.bdinstall.bin
2013-11-08 09:19 - 2013-11-08 09:18 - 00000000 ____D C:\ProgramData\BDLogging
2013-11-08 09:18 - 2013-11-08 09:18 - 00000684 ____H C:\bdr-cf01
2013-11-08 09:18 - 2013-11-08 09:18 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2013-11-08 09:18 - 2013-11-08 09:09 - 00253404 ____H C:\bdr-ld01
2013-11-08 09:18 - 2013-11-08 09:09 - 00009216 ____H C:\bdr-ld01.mbr
2013-11-08 09:09 - 2010-11-08 08:47 - 00000000 ____D C:\Program Files\BitDefender
2013-11-08 09:00 - 2013-11-08 08:57 - 00000000 _____ C:\Windows\System32\獷楬汢捯污
2013-11-08 09:00 - 2010-11-08 08:39 - 00073192 _____ C:\ProgramData\bdinstall.bin
2013-11-04 07:53 - 2013-11-04 07:53 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-03 09:58 - 2010-07-25 01:19 - 00000000 ____D C:\ProgramData\debugout
2013-11-02 11:04 - 2013-11-02 11:04 - 00004865 _____ C:\WirelessDiagLog.csv
2013-11-02 11:01 - 2010-04-24 11:54 - 00000000 ____D C:\ProgramData\PCDr
2013-11-02 10:10 - 2013-11-02 10:10 - 00000030 _____ C:\Windows\success32.log
2013-11-02 10:10 - 2010-04-24 11:59 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-11-02 10:10 - 2010-04-24 11:26 - 00000000 ____D C:\Program Files\Lenovo
2013-11-02 10:09 - 2013-11-02 10:09 - 00000030 _____ C:\Windows\success64.log

Files to move or delete:
====================
C:\ProgramData\hpe80D2.dll
C:\ProgramData\rzj29j6jw.bxx
C:\ProgramData\rzj29j6jw.fvv
C:\ProgramData\rzj29j6jw.pss
C:\ProgramData\rzj29j6jw.reg
C:\ProgramData\wj6j92jzr.dss
C:\Users\Warcraft III\bncache.dat
C:\Users\Warcraft III\BNUpdate.exe
C:\Users\Warcraft III\Frozen Throne.exe
C:\Users\Warcraft III\Frozen_Throne.exe
C:\Users\Warcraft III\game.dll
C:\Users\Warcraft III\ijl15.dll
C:\Users\Warcraft III\Kopie von Frozen Throne.exe
C:\Users\Warcraft III\Mss32.dll
C:\Users\Warcraft III\Storm.dll
C:\Users\Warcraft III\war3.exe
C:\Users\Warcraft III\War3TFT_120e_121a_Deutsch.exe
C:\Users\Warcraft III\Warcraft_III.exe
C:\Users\Warcraft III\World Editor.exe
C:\Users\Warcraft III\worldedit.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

12
Restore point made on: 2013-10-22 04:30:35
Restore point made on: 2013-10-22 08:07:20
Restore point made on: 2013-10-22 08:08:31
Restore point made on: 2013-10-22 08:09:21
Restore point made on: 2013-10-22 08:11:17
Restore point made on: 2013-10-29 06:44:44
Restore point made on: 2013-11-02 10:11:57
Restore point made on: 2013-11-02 10:24:15
Restore point made on: 2013-11-02 11:07:48
Restore point made on: 2013-11-08 09:56:30
Restore point made on: 2013-11-12 05:37:13
Restore point made on: 2013-11-23 09:10:27

==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 3956.55 MB
Available physical RAM: 3203.32 MB
Total Pagefile: 3954.7 MB
Available Pagefile: 3195.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:263.9 GB) (Free:181 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Lars) (Fixed) (Total:190.92 GB) (Free:133.15 GB) NTFS
Drive f: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.23 GB) NTFS
Drive h: (STORE N GO) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: BE9C27D8)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=264 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=191 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0E)


LastRegBack: 2013-11-01 04:25

==================== End Of Log ============================
Vielen Dank vorab schon für die Hilfe!

Gruß

 

Themen zu BKA Trojaner: FRST, was nun?
adobe, adobe flash player, association, crypt, defender, download, explorer, explorer.exe, firewall, flash player, launch, lws.exe, micro, microsoft, monitor, port, pwmtr64v.dll, realplayer, registry, scan, security, services.exe, software, svchost.exe, symantec, trojaner, usb, windows, winlogon.exe


« Interpol Trojaner von Rechner entfernen | Sicherheitswarnung der Telekom wegen Versendung von Schadsoftware »


Ähnliche Themen: BKA Trojaner: FRST, was nun?


  1. ich habe einen Virus eingefangen der aus FRST.txt ein FRST.txt!___prosschiff@gmail.com_ macht
    Log-Analyse und Auswertung - 27.09.2015 (3)
  2. GVU Trojaner auf Windows 7 - FRST.TXT enthalten
    Log-Analyse und Auswertung - 04.01.2014 (5)
  3. BKA Trojaner: was nun nach FRST?
    Plagegeister aller Art und deren Bekämpfung - 25.11.2013 (12)
  4. GVU-Trojaner Windows 8 / FRST 64bit
    Log-Analyse und Auswertung - 31.10.2013 (11)
  5. GVU Trojaner - FRST.txt
    Plagegeister aller Art und deren Bekämpfung - 23.08.2013 (4)
  6. Trojaner verdacht?, FRST.txt ansehen...
    Plagegeister aller Art und deren Bekämpfung - 22.08.2013 (11)
  7. Interpol Trojaner - FRST Logfile includiert
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (13)
  8. Weißer Bildschirm nach Neustart, scan via FRST.exe --> FRST.txt
    Log-Analyse und Auswertung - 06.08.2013 (5)
  9. GVU Trojaner Logfile bereits mit frst erstellt
    Log-Analyse und Auswertung - 30.07.2013 (1)
  10. GVU TROJANER- WINDOWS 8- frst.text anbei
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (3)
  11. GVU-Trojaner Windows 7 / FRST.exe
    Log-Analyse und Auswertung - 19.07.2013 (19)
  12. GVU-Trojaner auf Win7 - frst.txt erstellt
    Log-Analyse und Auswertung - 17.07.2013 (9)
  13. GVU Trojaner, frst durchgeführt, txt datei
    Log-Analyse und Auswertung - 17.07.2013 (9)
  14. GVU-Trojaner Logfiles von FRST
    Log-Analyse und Auswertung - 04.07.2013 (6)
  15. GUV Trojaner -- LOG FRST
    Log-Analyse und Auswertung - 24.06.2013 (1)
  16. Bundespolizei Trojaner WIN7 64bit mit FRST Log
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (21)
  17. GVU-Trojaner Scan-Ergebnis mit Frst.exe
    Log-Analyse und Auswertung - 18.05.2013 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA Trojaner: FRST, was nun? - Guten Abend! Auf meinem Laptop hat sich ein BKA-Trojaner eingeschlichen... Betriebssystem ist Windows 7. Ein Boot im abgesicherten Modus war nicht möglich. FRST habe ich durchgeführt und Ergebnis hochgeladen: Code: - BKA Trojaner: FRST, was nun?...
Archiv
Du betrachtest: BKA Trojaner: FRST, was nun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131