Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A)

WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A)


Plagegeister aller Art und deren Bekämpfung: WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.04.2014, 12:26   #1
Jaaasen
 
WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A) - Standard

WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A)


Verehrte Community,

bei meinem heutigen Scan hat Gdata folgenden Fund gemeldet:

Trojan.GenericKD.1631929 (Engine A)

Kam anscheinend als Anhang in einer Spam-Mail. Ich habe die Mail gelöscht und die Datei in die Quarantäne geschoben.

Wäre super, wenn sich das jemand mal anschauen könnte...


Hier das Protokoll von Gdata:

Code:
ATTFilter
Virenprüfung mit G Data InternetSecurity 2014
Version 24.0.3.4 (15.10.2013)
Virensignaturen vom 07.04.2014
Startzeit: 07.04.2014 11:00:56
Engine(s): Engine A (AVA 24.1358), Engine B (GD 25.3081)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein
Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 07.04.2014 11:56:22
126738 Dateien überprüft
1 infizierte Dateien gefunden
0 verdächtige Dateien gefunden
Archiv: Inbox
Pfad: C:\Users\***\AppData\Roaming\Thunderbird\Profiles\qtnfsddr.default\Mail\pop3.web-2.de
Status: Datei in Quarantäne verschoben
Virus: Trojan.GenericKD.1631929 (Engine A)
Der Zugriff auf die folgenden Dateien wurde verweigert:
Die folgenden Dateien sind Passwortgeschützt:
Objekt: (message 56)=>[Subject: Rechnung][Date: Fri, 04 Apr 2014 14:39:09 -0300]=>(MIME part)
=>Rechnung-April.exe
In Archiv: C:\Users\***\AppData\Roaming\Thunderbird\Profiles\qtnfsddr.default\Mail\pop3.web
2.de\Inbox
Status: Virus gefunden
Virus: Trojan.GenericKD.1631929 (Engine A)
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMuroc System Trace.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f0cf40990b58db75aa933b56f7809941_f8337a71
4a79-45ec-9a57-69d3ce9348f0
C:\System Volume Information\MountPointManagerRemoteDatabase
C:\System Volume Information\Syscache.hve
C:\System Volume Information\Syscache.hve.LOG1
C:\System Volume Information\Syscache.hve.LOG2
C:\Program Files\Common Files\PDF Architect\Statistics.xml
G Data Protokoll ID 1356 Seite 1 von 1
about:blank 07.04.2014
Hier die Logfile von defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:22 on 07/04/2014 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Hier die Logfile von Farbar:

Code:
ATTFilter

	
Code: 

 
ATTFilter


  

	
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by *** (administrator) on APPARAT on 07-04-2014 12:32:15
Running from C:\Users\***\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Lenovo) C:\Windows\system32\ibmpmsvc.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
(Intel Corporation) C:\Program Files\Intel\AMT\UNS.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2270504 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3110200 2011-12-13] (Lenovo Group Limited)
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [55120 2010-12-08] (UPEK Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13556256 2008-11-15] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-11-15] (NVIDIA Corporation)
HKLM\...\Run: [PWMTRV] - C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [4395104 2012-05-16] (Lenovo Group Limited)
HKLM\...\Run: [atchk] - C:\Program Files\Intel\AMT\atchk.exe [401408 2009-11-30] (Intel Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [TpShocks] - C:\Windows\system32\\TpShocks.exe [337256 2011-03-29] (Lenovo.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [G Data AntiVirus Tray] - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)
HKLM\...\Run: [GDFirewallTray] - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM\...\Run: [G Data ASM] - C:\Program Files\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files\g data\internetsecurity\avkkid\avkcks.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-1575497497-273483109-2788137214-1000\...\Policies\Explorer: [] 
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

==================== Internet (Whitelisted) ====================

BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\\mscoree.dll (Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\\mscoree.dll (Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default
FF Homepage: hxxp://www.bing.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flashblock - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-11-21]
FF Extension: WOT - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: DownloadHelper - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Ghostery - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\Extensions\firefox@ghostery.com.xpi [2013-11-21]
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-21]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-12-10]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2014-01-21]
FF HKCU\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12 [2012-08-24]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-12-10]

========================== Services (Whitelisted) =================

S4 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-11-30] (Intel Corporation)
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2101280 2013-10-15] (G Data Software AG)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064752 2014-02-24] (Flexera Software LLC)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2373712 2013-10-17] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2011-04-04] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S4 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1665120 2012-05-16] (Lenovo Group Limited)
S3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567256 2012-11-25] (Mister Group)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [130920 2011-04-20] (Lenovo Group Limited)
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [988472 2011-12-13] (Lenovo)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [1458176 2009-11-30] (Intel Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\system32\\winhttp.dll [351232 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [45912 2013-11-29] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [96600 2013-11-29] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [52056 2013-11-29] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [54104 2013-11-29] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [30040 2013-12-01] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [51032 2013-11-29] (G Data Software AG)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [12560 2009-03-13] (UPEK Inc.)
S3 swmx01; C:\Windows\system32\drivers\swmx01.sys [72576 2007-04-10] (Sierra Wireless Inc.)
S3 SWUMX01; C:\Windows\system32\drivers\swumx01.sys [70656 2007-01-12] (Sierra Wireless Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 12:32 - 2014-04-07 12:32 - 00014481 _____ () C:\Users\***\Desktop\FRST.txt
2014-04-07 12:30 - 2014-04-07 12:31 - 01145856 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2014-04-07 12:22 - 2014-04-07 12:23 - 00000472 _____ () C:\Users\***\Desktop\defogger_disable.log
2014-04-03 14:15 - 2014-04-03 14:15 - 00244394 _____ () C:\Users\***\Downloads\Release20080728.zip
2014-04-01 08:58 - 2014-04-01 08:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-30 16:47 - 2014-03-30 18:00 - 00000000 ____D () C:\Program Files\Common Files\DATAflor
2014-03-30 16:11 - 2014-03-30 16:11 - 00000000 ____D () C:\Users\***\AppData\Local\Autodesk
2014-03-30 16:08 - 2014-03-30 17:08 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2014-03-30 16:07 - 2014-03-30 17:12 - 00000000 ____D () C:\ProgramData\Autodesk
2014-03-30 16:07 - 2014-03-30 16:11 - 00000000 ____D () C:\Users\***\AppData\Roaming\Autodesk
2014-03-28 14:24 - 2014-03-30 17:12 - 00000000 ____D () C:\Program Files\DATAflor
2014-03-28 10:12 - 2014-03-28 10:12 - 00000000 ____H () C:\Users\***\Documents\Default.rdp
2014-03-26 17:11 - 2014-03-26 18:35 - 00000000 ____D () C:\Users\***\Downloads\Nuance PDF 6
2014-03-23 17:29 - 2014-03-23 17:29 - 01407472 _____ () C:\Users\***\Downloads\100210_Entwurf_Nägelstedt_***.dwg
2014-03-22 18:05 - 2014-03-22 18:05 - 00000000 ____D () C:\Users\***\AppData\Local\cache
2014-03-19 21:15 - 2014-03-19 21:16 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-16 17:30 - 2014-03-16 17:36 - 00000000 ____D () C:\Program Files\Defraggler
2014-03-16 17:30 - 2014-03-16 17:30 - 00001870 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-03-16 16:44 - 2014-03-16 16:53 - 00052116 _____ () C:\Users\***\Desktop\Extras.Txt
2014-03-16 16:42 - 2014-03-16 16:58 - 00062200 _____ () C:\Users\***\Desktop\OTL.Txt
2014-03-16 16:26 - 2014-03-16 16:26 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2014-03-14 16:49 - 2014-03-14 16:51 - 00000000 ____D () C:\ProgramData\SystemExplorer
2014-03-14 16:49 - 2014-03-14 16:49 - 00001051 _____ () C:\Users\Public\Desktop\System Explorer.lnk
2014-03-14 16:49 - 2014-03-14 16:49 - 00000000 ____D () C:\Program Files\System Explorer
2014-03-13 17:22 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 17:22 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 17:22 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 17:22 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 17:22 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 17:22 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 17:22 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 17:22 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 17:22 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 17:22 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 17:22 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 17:22 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 17:22 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 17:22 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 17:22 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 17:22 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 17:22 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 17:22 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 17:22 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 17:22 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 17:22 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 17:22 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 17:22 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 17:18 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 17:18 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 17:18 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 17:18 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

==================== One Month Modified Files and Folders =======

2014-04-07 12:32 - 2014-04-07 12:32 - 00014481 _____ () C:\Users\***\Desktop\FRST.txt
2014-04-07 12:32 - 2013-11-27 17:21 - 00000000 ____D () C:\FRST
2014-04-07 12:31 - 2014-04-07 12:30 - 01145856 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2014-04-07 12:23 - 2014-04-07 12:22 - 00000472 _____ () C:\Users\***\Desktop\defogger_disable.log
2014-04-07 12:14 - 2014-01-05 13:37 - 00000000 ____D () C:\Users\***\AppData\Local\FreePDF_XP
2014-04-07 11:01 - 2013-11-21 17:59 - 01688299 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 21:13 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 21:13 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 21:06 - 2014-03-02 02:00 - 00004572 _____ () C:\Windows\setupact.log
2014-04-06 21:06 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 18:52 - 2013-12-06 17:20 - 00000000 ____D () C:\Users\***\Documents\5_AUTO
2014-04-06 16:06 - 2010-11-20 23:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 06:52 - 2013-11-21 23:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-03 14:15 - 2014-04-03 14:15 - 00244394 _____ () C:\Users\***\Downloads\Release20080728.zip
2014-04-01 11:48 - 2013-11-21 18:13 - 00067912 _____ () C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-01 08:59 - 2014-04-01 08:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-31 07:47 - 2009-07-14 06:33 - 00306672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-30 18:00 - 2014-03-30 16:47 - 00000000 ____D () C:\Program Files\Common Files\DATAflor
2014-03-30 17:12 - 2014-03-30 16:07 - 00000000 ____D () C:\ProgramData\Autodesk
2014-03-30 17:12 - 2014-03-28 14:24 - 00000000 ____D () C:\Program Files\DATAflor
2014-03-30 17:12 - 2014-01-25 12:28 - 00000000 ____D () C:\ProgramData\DATAflor
2014-03-30 17:08 - 2014-03-30 16:08 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2014-03-30 17:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-30 16:50 - 2014-01-25 12:28 - 00000000 ____D () C:\ProgramData\System
2014-03-30 16:11 - 2014-03-30 16:11 - 00000000 ____D () C:\Users\***\AppData\Local\Autodesk
2014-03-30 16:11 - 2014-03-30 16:07 - 00000000 ____D () C:\Users\***\AppData\Roaming\Autodesk
2014-03-29 02:19 - 2013-11-21 23:45 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc
2014-03-29 00:59 - 2013-12-13 21:44 - 00000000 ____D () C:\Users\***\AppData\Roaming\dvdcss
2014-03-28 10:12 - 2014-03-28 10:12 - 00000000 ____H () C:\Users\***\Documents\Default.rdp
2014-03-26 18:35 - 2014-03-26 17:11 - 00000000 ____D () C:\Users\***\Downloads\Nuance PDF 6
2014-03-25 17:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-23 17:29 - 2014-03-23 17:29 - 01407472 _____ () C:\Users\***\Downloads\100210_Entwurf_Nägelstedt_***.dwg
2014-03-22 18:05 - 2014-03-22 18:05 - 00000000 ____D () C:\Users\***\AppData\Local\cache
2014-03-19 21:16 - 2014-03-19 21:15 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-19 09:10 - 2012-08-24 13:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-19 09:10 - 2012-08-24 13:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-18 23:40 - 2013-11-25 08:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 23:37 - 2013-11-25 08:33 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-16 21:05 - 2013-11-21 23:45 - 00001031 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-16 17:36 - 2014-03-16 17:30 - 00000000 ____D () C:\Program Files\Defraggler
2014-03-16 17:30 - 2014-03-16 17:30 - 00001870 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-03-16 17:10 - 2012-08-24 13:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 16:58 - 2014-03-16 16:42 - 00062200 _____ () C:\Users\***\Desktop\OTL.Txt
2014-03-16 16:53 - 2014-03-16 16:44 - 00052116 _____ () C:\Users\***\Desktop\Extras.Txt
2014-03-16 16:26 - 2014-03-16 16:26 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2014-03-16 15:20 - 2013-12-02 13:43 - 00000000 ____D () C:\Users\***\Documents\4_BÜROKRATIE
2014-03-16 15:14 - 2013-02-06 10:11 - 00000000 ____D () C:\Users\***\Documents\14_GUDRUN
2014-03-14 16:51 - 2014-03-14 16:49 - 00000000 ____D () C:\ProgramData\SystemExplorer
2014-03-14 16:49 - 2014-03-14 16:49 - 00001051 _____ () C:\Users\Public\Desktop\System Explorer.lnk
2014-03-14 16:49 - 2014-03-14 16:49 - 00000000 ____D () C:\Program Files\System Explorer

Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\AcDeltree.exe
C:\Users\***\AppData\Local\Temp\DATAflor.UpdateManager.exe
C:\Users\***\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\***\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 15:30

==================== End Of Log ============================
Und zu guter Letzt die Logfile von GMER:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-07 13:03:13
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HITACHI_ rev.BBBZ 74,53GB
Running: Gmer-19357.exe; Driver: C:\Users\***\AppData\Local\Temp\kwddrpow.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                                                                                 82C7B9A5 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                                                                   82C9B512 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                                  Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                                  Tppwr32v.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                                                  Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                                                  Tppwr32v.sys

Device          \Driver\SynTP \Device\00000072                                                                                                                                           Tppwr32v.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                 fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002268ef072f                                                                                              
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002268ef072f (not active ControlSet)                                                                          
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP\HP\xa0Update.lnk  1
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP\xa0Update.lnk                  1

---- EOF - GMER 2.1 ----

Alt 07.04.2014, 12:50   #2
schrauber
/// the machine
/// TB-Ausbilder
 
WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A) - Standard

WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A)


hi,

Rechner ist sauber. War nur die eine Mail
__________________

__________________
Alt 07.04.2014, 12:55   #3
Jaaasen
 
WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A) - Standard

WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A)


Wow, das ging ja schnell....

Super, hab ich wohl noch mal Glück gehabt.

Besten Dank!!!
__________________
Alt 08.04.2014, 09:16   #4
schrauber
/// the machine
/// TB-Ausbilder
 
WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A) - Standard

WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A)


Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A)
administrator, antivirus, browser, converter, explorer, festplatte, firefox, firewall, gdata, home, homepage, infizierte, mozilla, prozesse, prüfen, registry, scan, security, services.exe, sierra, software, super, svchost.exe, temp, windows, winlogon.exe, wmi


« Windows 8: "Der Windows-Sicheheitsdienst konnte nicht gestartet werden." | Frage zu Adware (oder doch Trojaner?) »


Ähnliche Themen: WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A)


  1. Windows 7: Trojan.GenericKD.2460578 (B) gefunden
    Log-Analyse und Auswertung - 05.06.2015 (10)
  2. Trojan.GenericKD.2269178 (B) + Trojan.Generic.13051484 (B) + Trojan.Generic.12905642 (B)
    Log-Analyse und Auswertung - 10.04.2015 (12)
  3. Trojan.GenericKD.1991409
    Plagegeister aller Art und deren Bekämpfung - 11.12.2014 (3)
  4. Win 8.1: Virusfund Trojan.GenericKD.2011851 (Engine A)
    Plagegeister aller Art und deren Bekämpfung - 07.12.2014 (4)
  5. Viren : Trojan.GenericKD.1843822 - Gen:Variant.Adware.BHO.Agent.4 - Trojan.Ciusky.Gen.13
    Plagegeister aller Art und deren Bekämpfung - 08.09.2014 (3)
  6. Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 30.08.2014 (5)
  7. W 8.1,Trojaner kann von mir nicht entfernt werden.Virus: Trojan.GenericKD.1673711 (Engine A),Virus: Win32.Trojan.Pirpi.A (Engine B)
    Plagegeister aller Art und deren Bekämpfung - 21.08.2014 (3)
  8. Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a.
    Log-Analyse und Auswertung - 11.07.2014 (19)
  9. Win 8: Virusfund Trojan.GenericKD 1687892 (Engine A)
    Plagegeister aller Art und deren Bekämpfung - 03.06.2014 (3)
  10. W7: Phising-Page bei Onlinebanking in FF + Trojan.GenericKD.1659055 ?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2014 (14)
  11. Trojan.GenericKD.1582797 und 1574997 werden nicht gelöscht
    Plagegeister aller Art und deren Bekämpfung - 23.03.2014 (33)
  12. Bitdefender meldet Trojan.GenericKD.1440205
    Log-Analyse und Auswertung - 16.01.2014 (12)
  13. Win32:Malware-gen [Engine B] und Trojan.GenericKDZ.18343 [Engine A] u.a.
    Log-Analyse und Auswertung - 02.11.2013 (24)
  14. Trojan.GenericKD.1242803 / download malwarebytes funzt nicht
    Plagegeister aller Art und deren Bekämpfung - 13.10.2013 (28)
  15. Infizierte Webseite: Trojan.JS.Agent.EUZ (Engine A), HTML:ImgHack-A [Trj] (Engine B)
    Log-Analyse und Auswertung - 31.01.2012 (1)
  16. Trojan.FakeAv.KSP (Engine A)
    Antiviren-, Firewall- und andere Schutzprogramme - 03.03.2010 (3)
  17. Virusfund:Trojan.Banker
    Plagegeister aller Art und deren Bekämpfung - 14.11.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A) - Verehrte Community, bei meinem heutigen Scan hat Gdata folgenden Fund gemeldet: Trojan.GenericKD.1631929 (Engine A) Kam anscheinend als Anhang in einer Spam-Mail. Ich habe die Mail gelöscht und die Datei in - WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A)...
Archiv
Du betrachtest: WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131