Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bundestrojaner, benötige fixlist.txt

Bundestrojaner, benötige fixlist.txt


Log-Analyse und Auswertung: Bundestrojaner, benötige fixlist.txt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 28.03.2014, 00:16   #1
MrPizza
 
Bundestrojaner, benötige fixlist.txt - Standard

Bundestrojaner, benötige fixlist.txt


Guten Abend,

auch ich habe mir eine Version des BKA-Trojaners eingefangen. Der abgesicherte Modus funktioniert nicht mehr. Habe also FRST über einen USB-stick und "Computer reparieren" zum Laufen bekommen und nach dem Scan die folgende FRST.txt Datei erhalten.

Vielen Dank für jede Hilfe!!



Code:
ATTFilter
 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by SYSTEM on MININT-TJ20HQ3 on 27-03-2014 23:44:56
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-07-30] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ROC_ROC_NT] - "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-27] (Easybits)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$33772778fb4a943f16ddbc18e0bf204b\o. ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Default\...\Run: [HPADVISOR] - [X]
HKU\Default User\...\Run: [HPADVISOR] - [X]
HKU\Marcel\...\Run: [Reabewweiq] - C:\Users\Marcel\AppData\Roaming\Ugepab\ydyt.exe
HKU\Marcel\...\Run: [FNModuleUpdater] - C:\Users\Marcel\AppData\Roaming\fnmod_32.exe
HKU\Marcel\...\Run: [Google Update] - C:\Users\Marcel\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-30] (Google Inc.)
HKU\Marcel\...\Run: [Ixzxsoft] - regsvr32.exe C:\Users\Marcel\AppData\Local\Ixzxsoft\AcxUserMan32.dll <===== ATTENTION
HKU\Marcel\...\Run: [hyqntser] - regsvr32.exe "C:\ProgramData\hyqntser.dat"
HKU\Marcel\...\Policies\system: [DisableLockWorkstation] 0
HKU\Marcel\...\Policies\system: [DisableChangePassword] 0
HKU\Marcel\...\Policies\Explorer: [HideSCAHealth] 1
HKU\masquerader\...\Run: [HPADVISOR] - [X]
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe (Microsoft Corporation)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashsec.lnk
ShortcutTarget: flashsec.lnk ->  (No File)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashupdate.lnk
ShortcutTarget: flashupdate.lnk ->  (No File)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gfrivod7.lnk
ShortcutTarget: gfrivod7.lnk -> C:\ProgramData\7dovirfg.gsa ()
HKLM\...\AppCertDlls: [rdrlkeng] -> C:\Windows\system32\ezShSVCS.dll

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-09-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-09-02] (Avira Operations GmbH & Co. KG)
S2 FreemiumSystemStoreService; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe [7244800 2012-09-18] ()
S2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827560 2012-07-14] (Check Point Software Technologies)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation)
S2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-01-31] (PostgreSQL Global Development Group)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445880 2012-07-30] (Check Point Software Technologies LTD)
S2 Winmgmt; C:\ProgramData\gfrivod7.faa [333556 2014-03-25] (Microsoft Corporation)
S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-01-21] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-09-02] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-09-02] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-09-02] (Avira GmbH)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-19] (AVM Berlin)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-28] (DT Soft Ltd)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-19] (AVM GmbH)
S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-07-14] (Check Point Software Technologies)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-01-21] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-07-21] (Duplex Secure Ltd.)
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-26 17:30 - 2014-03-27 23:44 - 00000000 ____D () C:\FRST
2014-03-25 09:47 - 2014-03-25 09:47 - 00333556 ____T (Microsoft Corporation) C:\ProgramData\eeirjl4.faa
2014-03-25 09:45 - 2014-03-27 14:39 - 95027928 ____T () C:\ProgramData\gfrivod7.bbr
2014-03-25 09:45 - 2014-03-25 09:45 - 00333556 ____T (Microsoft Corporation) C:\ProgramData\gfrivod7.faa
2014-03-25 09:44 - 2014-03-26 06:33 - 95027928 ____T () C:\ProgramData\eeirjl4.bbr
2014-03-25 09:44 - 2014-03-25 09:44 - 00147456 _____ () C:\ProgramData\7dovirfg.gsa
2014-03-25 09:43 - 2014-03-25 09:43 - 00147456 _____ () C:\ProgramData\4ljriee.gsa
2014-03-24 22:54 - 2014-03-24 22:54 - 00229624 _____ (Microsoft Corporation) C:\ProgramData\vdinyzfi.dat
2014-03-21 15:55 - 2014-03-27 23:37 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Flash
2014-03-21 15:55 - 2014-03-21 15:55 - 00000761 _____ () C:\Windows\System32\Drivers\etc\hosts.txt
2014-03-17 09:38 - 2014-03-27 23:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-15 10:10 - 2014-03-25 07:23 - 00208896 _____ () C:\ProgramData\hyqntser.dat
2014-03-15 07:30 - 2014-03-15 07:30 - 00000000 _____ () C:\Windows\SysWOW64\0.0
2014-03-15 04:29 - 2014-03-15 04:29 - 00005911 _____ () C:\Users\Marcel\AppData\Local\jtaswxgq
2014-03-15 04:27 - 2014-03-15 04:27 - 00012326 _____ () C:\Users\Marcel\AppData\Local\qsifqodl
2014-03-15 04:26 - 2014-03-15 04:26 - 00045664 _____ () C:\Users\Marcel\AppData\Local\otgdrcrb
2014-03-15 04:25 - 2014-03-15 04:25 - 01031856 _____ () C:\Users\Marcel\AppData\Local\ugeiuhwe
2014-03-15 04:24 - 2014-03-15 04:24 - 00068465 _____ () C:\Users\Marcel\AppData\Local\cwwsuppr
2014-03-15 04:23 - 2014-03-15 04:23 - 00000000 _____ () C:\Users\Marcel\AppData\Roaming\SharedSettings.ccs
2014-03-13 15:27 - 2014-03-15 16:22 - 00000000 __SHD () C:\Windows\SysWOW64\Windows Server
2014-03-13 12:36 - 2014-03-13 12:36 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\{6F7AEB52-9C1C-4CF0-8D94-4AE9AAADBD03}
2014-03-08 04:32 - 2014-03-08 04:32 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\{D9309E38-1298-4D90-9341-676ADB3688CC}
2014-03-07 14:07 - 2014-03-07 14:07 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\{E60A54F7-2D3F-49DD-901A-0B5645D47FD9}
2014-03-07 13:12 - 2014-03-07 13:12 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\{B6AA2831-774E-4E0D-8827-5D714C6998FE}
2014-03-06 16:24 - 2014-03-15 07:07 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Exopq
2014-03-05 15:53 - 2014-03-05 15:56 - 95027928 ____T () C:\ProgramData\8vmqej6mq.fee
2014-03-05 15:53 - 2014-03-05 15:53 - 00331504 ____T (Microsoft Corporation) C:\ProgramData\rlcwllarj.zvv
2014-03-05 15:53 - 2014-03-05 15:53 - 00331504 ____T (Microsoft Corporation) C:\ProgramData\8vmqej6mq.zvv
2014-03-05 15:52 - 2014-03-05 15:56 - 95027928 ____T () C:\ProgramData\rlcwllarj.fee
2014-03-05 15:52 - 2014-03-05 15:52 - 00228393 _____ (Microsoft Corporation) C:\ProgramData\qm6jeqmv8.cpp
2014-03-05 15:52 - 2014-03-05 15:52 - 00228393 _____ (Microsoft Corporation) C:\ProgramData\jrallwclr.cpp
2014-03-04 15:16 - 2014-03-05 15:50 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Orvao
2014-03-04 15:16 - 2014-03-04 15:30 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Ducuir
2014-03-04 15:16 - 2014-03-04 15:16 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Guogp
2014-03-04 07:41 - 2014-03-05 15:31 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Yvameb
2014-03-04 07:41 - 2014-03-05 15:26 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Ittaco
2014-03-02 16:39 - 2014-03-02 16:42 - 95027928 ____T () C:\ProgramData\r2eiq0.fee
2014-03-02 16:39 - 2014-03-02 16:39 - 00191529 _____ (Microsoft Corporation) C:\ProgramData\0qie2r.cpp
2014-03-02 16:38 - 2014-03-02 16:42 - 95027928 ____T () C:\ProgramData\9a7trjlf1.fee
2014-03-02 16:38 - 2014-03-02 16:38 - 00191529 _____ (Microsoft Corporation) C:\ProgramData\1fljrt7a9.cpp
2014-03-01 08:26 - 2014-03-02 16:42 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Ynizm
2014-02-26 16:33 - 2014-02-26 16:37 - 95027928 ____T () C:\ProgramData\7ij6mqr7t.fee
2014-02-26 16:33 - 2014-02-26 16:33 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\7ij6mqr7t.zvv
2014-02-25 15:22 - 2014-03-27 23:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware3
2014-02-25 08:08 - 2014-02-25 08:08 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\dgeffv.zvv
2014-02-25 08:07 - 2014-02-25 08:10 - 95027928 ____T () C:\ProgramData\dgeffv.fee
2014-02-25 05:48 - 2014-02-25 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2

==================== One Month Modified Files and Folders =======

2014-03-27 23:44 - 2014-03-26 17:30 - 00000000 ____D () C:\FRST
2014-03-27 23:37 - 2014-03-21 15:55 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Flash
2014-03-27 23:37 - 2013-12-16 10:39 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Battle.net
2014-03-27 23:37 - 2013-07-29 12:49 - 00000000 ____D () C:\Users\Marcel\AppData\Local\PokerStars.EU
2014-03-27 23:37 - 2012-09-18 08:28 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\OpenCandy
2014-03-27 23:37 - 2012-04-04 12:58 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\loadtbs
2014-03-27 23:37 - 2009-12-31 05:58 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\vlc
2014-03-27 23:37 - 2009-12-30 11:40 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Adobe
2014-03-27 23:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-03-27 23:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-27 23:36 - 2014-03-17 09:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-27 23:36 - 2014-02-25 15:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware3
2014-03-27 23:36 - 2013-12-16 10:41 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-27 23:36 - 2013-12-16 10:39 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-27 23:36 - 2013-10-02 13:48 - 00000000 ____D () C:\Program Files (x86)\af0.net
2014-03-27 23:36 - 2013-07-21 14:10 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-03-27 23:36 - 2013-06-28 10:19 - 00000000 ____D () C:\Program Files (x86)\w3arena
2014-03-27 23:36 - 2013-06-07 11:01 - 00000000 ____D () C:\Program Files (x86)\War2Combat
2014-03-27 23:36 - 2012-09-02 07:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-27 23:36 - 2012-06-24 16:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-27 23:36 - 2012-01-15 15:29 - 00000000 ____D () C:\Program Files (x86)\PC Tools Security
2014-03-27 23:36 - 2010-07-25 04:30 - 00000000 ____D () C:\Program Files (x86)\ExtractNow
2014-03-27 23:36 - 2010-06-06 09:41 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Mozilla
2014-03-27 23:36 - 2010-03-19 09:44 - 00000000 ____D () C:\Program Files (x86)\Warcraft III
2014-03-27 23:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-03-27 23:35 - 2012-09-02 07:33 - 00000000 ____D () C:\ProgramData\Avira
2014-03-27 23:35 - 2011-09-13 06:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 14:39 - 2014-03-25 09:45 - 95027928 ____T () C:\ProgramData\gfrivod7.bbr
2014-03-27 14:39 - 2013-02-28 05:13 - 00000000 ___RD () C:\Users\Marcel\Dropbox
2014-03-27 14:39 - 2012-06-25 23:53 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Dropbox
2014-03-27 14:38 - 2012-08-25 17:52 - 00066647 _____ () C:\Windows\setupact.log
2014-03-27 14:38 - 2011-12-15 14:10 - 00000000 ____D () C:\users\masquerader
2014-03-27 14:38 - 2009-12-30 11:33 - 00000000 ____D () C:\users\Marcel
2014-03-27 14:38 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-26 06:33 - 2014-03-25 09:44 - 95027928 ____T () C:\ProgramData\eeirjl4.bbr
2014-03-25 09:47 - 2014-03-25 09:47 - 00333556 ____T (Microsoft Corporation) C:\ProgramData\eeirjl4.faa
2014-03-25 09:45 - 2014-03-25 09:45 - 00333556 ____T (Microsoft Corporation) C:\ProgramData\gfrivod7.faa
2014-03-25 09:44 - 2014-03-25 09:44 - 00147456 _____ () C:\ProgramData\7dovirfg.gsa
2014-03-25 09:43 - 2014-03-25 09:43 - 00147456 _____ () C:\ProgramData\4ljriee.gsa
2014-03-25 07:23 - 2014-03-15 10:10 - 00208896 _____ () C:\ProgramData\hyqntser.dat
2014-03-24 22:54 - 2014-03-24 22:54 - 00229624 _____ (Microsoft Corporation) C:\ProgramData\vdinyzfi.dat
2014-03-23 11:37 - 2012-08-30 09:22 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-60238041-3923662099-510594299-1000UA.job
2014-03-23 11:22 - 2009-07-13 20:45 - 00015568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 11:22 - 2009-07-13 20:45 - 00015568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 11:19 - 2009-10-02 01:09 - 00696832 _____ () C:\Windows\System32\perfh007.dat
2014-03-23 11:19 - 2009-10-02 01:09 - 00148128 _____ () C:\Windows\System32\perfc007.dat
2014-03-23 11:19 - 2009-07-13 21:13 - 01613340 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-23 11:14 - 2012-08-27 17:38 - 00080074 _____ () C:\Windows\PFRO.log
2014-03-22 20:57 - 2010-03-06 12:16 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{19F1688F-7CCF-46AA-A4D6-D889619EFFC2}
2014-03-22 07:37 - 2012-08-30 09:22 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-60238041-3923662099-510594299-1000Core.job
2014-03-21 15:55 - 2014-03-21 15:55 - 00000761 _____ () C:\Windows\System32\Drivers\etc\hosts.txt
2014-03-18 13:32 - 2013-12-16 10:39 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Battle.net
2014-03-16 07:03 - 2012-08-03 12:37 - 00415928 _____ () C:\Windows\System32\Drivers\vsconfig.xml
2014-03-15 16:22 - 2014-03-13 15:27 - 00000000 __SHD () C:\Windows\SysWOW64\Windows Server
2014-03-15 13:04 - 2012-08-30 09:24 - 00002366 _____ () C:\Users\Marcel\Desktop\Google Chrome.lnk
2014-03-15 07:32 - 2012-08-30 09:22 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-60238041-3923662099-510594299-1000UA
2014-03-15 07:32 - 2012-08-30 09:22 - 00003704 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-60238041-3923662099-510594299-1000Core
2014-03-15 07:30 - 2014-03-15 07:30 - 00000000 _____ () C:\Windows\SysWOW64\0.0
2014-03-15 07:07 - 2014-03-06 16:24 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Exopq
2014-03-15 04:29 - 2014-03-15 04:29 - 00005911 _____ () C:\Users\Marcel\AppData\Local\jtaswxgq
2014-03-15 04:27 - 2014-03-15 04:27 - 00012326 _____ () C:\Users\Marcel\AppData\Local\qsifqodl
2014-03-15 04:26 - 2014-03-15 04:26 - 00045664 _____ () C:\Users\Marcel\AppData\Local\otgdrcrb
2014-03-15 04:25 - 2014-03-15 04:25 - 01031856 _____ () C:\Users\Marcel\AppData\Local\ugeiuhwe
2014-03-15 04:24 - 2014-03-15 04:24 - 00068465 _____ () C:\Users\Marcel\AppData\Local\cwwsuppr
2014-03-15 04:23 - 2014-03-15 04:23 - 00000000 _____ () C:\Users\Marcel\AppData\Roaming\SharedSettings.ccs
2014-03-13 12:36 - 2014-03-13 12:36 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\{6F7AEB52-9C1C-4CF0-8D94-4AE9AAADBD03}
2014-03-08 04:32 - 2014-03-08 04:32 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\{D9309E38-1298-4D90-9341-676ADB3688CC}
2014-03-07 14:07 - 2014-03-07 14:07 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\{E60A54F7-2D3F-49DD-901A-0B5645D47FD9}
2014-03-07 13:12 - 2014-03-07 13:12 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\{B6AA2831-774E-4E0D-8827-5D714C6998FE}
2014-03-06 07:36 - 2012-02-05 18:39 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\0493C
2014-03-05 15:56 - 2014-03-05 15:53 - 95027928 ____T () C:\ProgramData\8vmqej6mq.fee
2014-03-05 15:56 - 2014-03-05 15:52 - 95027928 ____T () C:\ProgramData\rlcwllarj.fee
2014-03-05 15:53 - 2014-03-05 15:53 - 00331504 ____T (Microsoft Corporation) C:\ProgramData\rlcwllarj.zvv
2014-03-05 15:53 - 2014-03-05 15:53 - 00331504 ____T (Microsoft Corporation) C:\ProgramData\8vmqej6mq.zvv
2014-03-05 15:52 - 2014-03-05 15:52 - 00228393 _____ (Microsoft Corporation) C:\ProgramData\qm6jeqmv8.cpp
2014-03-05 15:52 - 2014-03-05 15:52 - 00228393 _____ (Microsoft Corporation) C:\ProgramData\jrallwclr.cpp
2014-03-05 15:50 - 2014-03-04 15:16 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Orvao
2014-03-05 15:31 - 2014-03-04 07:41 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Yvameb
2014-03-05 15:26 - 2014-03-04 07:41 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Ittaco
2014-03-04 15:30 - 2014-03-04 15:16 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Ducuir
2014-03-04 15:16 - 2014-03-04 15:16 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Guogp
2014-03-02 16:42 - 2014-03-02 16:39 - 95027928 ____T () C:\ProgramData\r2eiq0.fee
2014-03-02 16:42 - 2014-03-02 16:38 - 95027928 ____T () C:\ProgramData\9a7trjlf1.fee
2014-03-02 16:42 - 2014-03-01 08:26 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Ynizm
2014-03-02 16:39 - 2014-03-02 16:39 - 00191529 _____ (Microsoft Corporation) C:\ProgramData\0qie2r.cpp
2014-03-02 16:38 - 2014-03-02 16:38 - 00191529 _____ (Microsoft Corporation) C:\ProgramData\1fljrt7a9.cpp
2014-02-26 16:37 - 2014-02-26 16:33 - 95027928 ____T () C:\ProgramData\7ij6mqr7t.fee
2014-02-26 16:33 - 2014-02-26 16:33 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\7ij6mqr7t.zvv
2014-02-25 17:17 - 2014-02-25 05:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2
2014-02-25 08:10 - 2014-02-25 08:07 - 95027928 ____T () C:\ProgramData\dgeffv.fee
2014-02-25 08:08 - 2014-02-25 08:08 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\dgeffv.zvv
2014-02-25 07:33 - 2010-01-06 09:20 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Ufuxmi
2014-02-25 07:32 - 2014-02-23 15:31 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Vukiil
2014-02-25 07:24 - 2014-02-23 15:31 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Noik

ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-60238041-3923662099-510594299-1000\$33772778fb4a943f16ddbc18e0bf204b

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$33772778fb4a943f16ddbc18e0bf204b

ZeroAccess:
C:\Users\Marcel\AppData\Local\f4d4bec4
C:\Users\Marcel\AppData\Local\f4d4bec4\@

Files to move or delete:
====================
C:\ProgramData\7ij6mqr7t.fee
C:\ProgramData\7ij6mqr7t.zvv
C:\ProgramData\8vmqej6mq.fee
C:\ProgramData\8vmqej6mq.zvv
C:\ProgramData\9a7trjlf1.fee
C:\ProgramData\dgeffv.fee
C:\ProgramData\dgeffv.zvv
C:\ProgramData\hyqntser.dat
C:\ProgramData\r2eiq0.fee
C:\ProgramData\rlcwllarj.fee
C:\ProgramData\rlcwllarj.zvv
C:\ProgramData\vdinyzfi.dat


Some content of TEMP:
====================
C:\Users\Marcel\AppData\Local\Temp\12919-.exe
C:\Users\Marcel\AppData\Local\Temp\AskSLib.dll
C:\Users\Marcel\AppData\Local\Temp\avguidx.dll
C:\Users\Marcel\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Marcel\AppData\Local\Temp\CNB_0275.exe
C:\Users\Marcel\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Marcel\AppData\Local\Temp\Core.dll
C:\Users\Marcel\AppData\Local\Temp\dbghelp.dll
C:\Users\Marcel\AppData\Local\Temp\Engine.dll
C:\Users\Marcel\AppData\Local\Temp\gencomp.exe
C:\Users\Marcel\AppData\Local\Temp\IFC23.dll
C:\Users\Marcel\AppData\Local\Temp\jre-7u6-windows-i586-iftw.exe
C:\Users\Marcel\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Marcel\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Marcel\AppData\Local\Temp\MSVCR71.dll
C:\Users\Marcel\AppData\Local\Temp\msxml6-KB927977-enu-x86.exe
C:\Users\Marcel\AppData\Local\Temp\ogg.dll
C:\Users\Marcel\AppData\Local\Temp\oi_{651DBCC0-AFBA-4509-B66E-02EA64043E61}.exe
C:\Users\Marcel\AppData\Local\Temp\Setup.exe
C:\Users\Marcel\AppData\Local\Temp\SIntf16.dll
C:\Users\Marcel\AppData\Local\Temp\SIntf32.dll
C:\Users\Marcel\AppData\Local\Temp\SIntfNT.dll
C:\Users\Marcel\AppData\Local\Temp\tmp45C7.tmp.exe
C:\Users\Marcel\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Marcel\AppData\Local\Temp\TubeBoxSetup.exe
C:\Users\Marcel\AppData\Local\Temp\UNINSTALL.exe
C:\Users\Marcel\AppData\Local\Temp\vorbis.dll
C:\Users\Marcel\AppData\Local\Temp\vorbisfile.dll
C:\Users\Marcel\AppData\Local\Temp\Window.dll
C:\Users\Marcel\AppData\Local\Temp\WQtSvg_Ad_4.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-03-08 09:51:37
Restore point made on: 2014-03-08 09:54:33
Restore point made on: 2014-03-15 19:46:06
Restore point made on: 2014-03-23 12:33:07

==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 3839.3 MB
Available physical RAM: 3082.54 MB
Total Pagefile: 3837.45 MB
Available Pagefile: 3064.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:452.47 GB) (Free:122.03 GB) NTFS
Drive e: (FACTORY_IMAGE) (Fixed) (Total:13.19 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:0.25 GB) (Free:0.24 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 252 MB) (Disk ID: FF6CF73F)

Partition: GPT Partition Type.


LastRegBack: 2014-03-20 07:59

==================== End Of Log ============================

 

Themen zu Bundestrojaner, benötige fixlist.txt
.dll, antivir, association, avg, avira, computer, desktop, download, explorer, explorer.exe, google, home, malwarebytes, microsoft, mozilla, opera, realtek, registry, scan, secure, secure search, services.exe, software, svchost.exe, system, temp, winlogon.exe


« Win 7 64bit Avira-Sicherheitshinweis WPM\Update\update.exe + sonstige Funde (siehe Log-Files) | TaskMgr,Windows Sicherheitsdient, Firewall lassen sich nicht starten und hohe CPU-Auslastung. »


Ähnliche Themen: Bundestrojaner, benötige fixlist.txt


  1. Bundestrojaner Fixlist
    Log-Analyse und Auswertung - 01.07.2014 (4)
  2. Bundestrojaner Fixlist
    Log-Analyse und Auswertung - 16.03.2014 (5)
  3. Interpool Trojaner, brauche Fixlist.txt
    Plagegeister aller Art und deren Bekämpfung - 03.03.2014 (3)
  4. BKA-Trojaner benötige Fixlist.txt
    Plagegeister aller Art und deren Bekämpfung - 19.11.2013 (9)
  5. Interpol Virus - wie erstelle ich den Fixlist.txt ?
    Log-Analyse und Auswertung - 14.10.2013 (4)
  6. Brauche Fixlist für Farbar
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (11)
  7. Bundestrojaner benötige persönliche FIX.txt Datei
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (2)
  8. benötige hilfe bei Bundestrojaner 1.13
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (19)
  9. Benötige BKA OTL.txt fix
    Log-Analyse und Auswertung - 09.08.2011 (7)
  10. Benötige Hilfe!
    Mülltonne - 01.11.2008 (0)
  11. Benötige Hilfe
    Log-Analyse und Auswertung - 06.04.2008 (1)
  12. benötige hilfe
    Plagegeister aller Art und deren Bekämpfung - 02.11.2006 (4)
  13. Benötige Hilfe
    Log-Analyse und Auswertung - 27.08.2005 (1)
  14. Benötige Hilfe
    Plagegeister aller Art und deren Bekämpfung - 05.08.2005 (5)
  15. benötige hilfe
    Alles rund um Windows - 08.07.2005 (5)
  16. Benötige Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 11.06.2005 (8)
  17. benötige hilfe
    Log-Analyse und Auswertung - 18.02.2005 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundestrojaner, benötige fixlist.txt - Guten Abend, auch ich habe mir eine Version des BKA-Trojaners eingefangen. Der abgesicherte Modus funktioniert nicht mehr. Habe also FRST über einen USB-stick und "Computer reparieren" zum Laufen bekommen und - Bundestrojaner, benötige fixlist.txt...
Archiv
Du betrachtest: Bundestrojaner, benötige fixlist.txt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131