Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundespolizeitrojaner (https://www.trojaner-board.de/159355-bundespolizeitrojaner.html)

FrankReich 03.10.2014 20:37
Bundespolizeitrojaner
 
habe den Bundespolizeitrojaner. Es geht kein abgesicherter Modus. Die Registrierung ist in den Beschriebenen Pfaden ok. Habe den FRST Scan durchgeführt.
hier das logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by SYSTEM on MININT-4F068IU on 03-10-2014 21:06:48
Running from F:\
Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1702400 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [FirefaceMixTray2] => C:\Windows\system32\TotalMixFX.exe [5417984 2012-12-11] (RME)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [4081008 2012-03-07] (ESET)
HKLM\...\Run: [FirefaceUsbTray1] => C:\Windows\system32\firefaceusb.exe [91648 2012-12-11] (RME)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
HKU\Asus\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\Asus\...\Policies\Explorer: [HideSCAHealth] 1
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [913144 2012-03-07] (ESET)
S4 Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software)
S2 Winmgmt; C:\ProgramData\AB82936.dot [332028 2014-09-04] (Microsoft Corporation)
S4 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 a2djavs; C:\Windows\System32\Drivers\a2djavs.sys [353360 2010-10-20] (Native Instruments GmbH)
S3 a2djusb_svc; C:\Windows\System32\Drivers\a2djusb.sys [92240 2010-10-20] (Native Instruments GmbH)
S3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [58368 2009-06-25] (Atheros Communications, Inc.)
S3 automap; C:\Windows\System32\DRIVERS\automap.sys [11264 2009-10-16] (Novation Digital Music Systems Limited)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin)
S3 CLAVIAUSB64; C:\Windows\System32\DRIVERS\ClaviaUSB64.sys [26496 2011-10-06] (Clavia DMI AB)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [209768 2012-03-14] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [148528 2012-03-14] (ESET)
S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2012-03-14] (ESET)
S1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2012-03-14] (ESET)
S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2012-03-14] (ESET)
S3 firefaceu64; C:\Windows\System32\drivers\fireface_usb_64.sys [102016 2012-12-11] (RME)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
S3 gbxavs; C:\Windows\System32\Drivers\gbxavs.sys [353360 2010-10-20] (Native Instruments GmbH)
S3 gbxavs_x64; C:\Windows\System32\Drivers\gbxavs_x64.sys [46096 2008-11-20] (Native Instruments GmbH)
S3 gbxusb_svc; C:\Windows\System32\Drivers\gbxusb.sys [68688 2010-10-20] (Native Instruments GmbH)
S3 gbxusb_x64; C:\Windows\System32\Drivers\gbxusb_x64.sys [300624 2009-10-08] (Native Instruments GmbH)
S3 MODEMCSA; C:\Windows\system32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [50232 2011-02-16] (Novation DMS Ltd.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                          )
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
S0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
S0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
S3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-10-26] (Motorola Inc.)
S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
S3 ta2avs; C:\Windows\System32\Drivers\ta2avs.sys [358480 2012-02-22] (Native Instruments GmbH)
S3 ta2usb_svc; C:\Windows\System32\Drivers\ta2usb.sys [79952 2012-02-22] (Native Instruments GmbH)
S3 VIRUSUSB; C:\Windows\System32\Drivers\VirusUSB.sys [468032 2010-05-27] (access)
S3 VTIAUDIO; C:\Windows\System32\drivers\vtiaudio.sys [49728 2010-05-27] (usb-audio.de)
S3 VTIMIDEV01; C:\Windows\System32\drivers\vtimidi.sys [32768 2009-05-29] (Kemper Digital Gmbh)
S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 MFWAMIDI64; system32\drivers\MFWAMIDI64.sys [X]
S3 MFWAWAVE64; system32\drivers\MFWAWAVE64.sys [X]
S3 motubus; system32\drivers\MotuBus64.sys [X]
S3 MotuFWA64; system32\drivers\Motufwa64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 21:06 - 2014-10-03 21:06 - 00000000 ____D () C:\FRST
2014-10-03 18:20 - 2013-09-12 20:38 - 58089472 _____ () C:\Users\Asus\Desktop\ess_nt32_deu.msi
2014-09-11 21:38 - 2014-09-11 21:38 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-11 20:51 - 2014-09-11 20:51 - 00000000 ____D () C:\Windows\pss
2014-09-04 07:21 - 2014-09-04 07:21 - 00332028 ____T (Microsoft Corporation) C:\ProgramData\AB82936.dot
2014-09-04 07:20 - 2014-09-04 07:20 - 00015623 _____ () C:\Users\Asus\Desktop\hs_err_pid7516.log
2014-09-04 07:19 - 2014-09-04 07:19 - 00419328 _____ (MONOGRAM Multimedia, s.r.o.) C:\ProgramData\63928BA.cpp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 19:51 - 2014-02-23 12:38 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 19:51 - 2013-12-09 09:57 - 00039873 _____ () C:\Windows\setupact.log
2014-10-03 19:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 19:51 - 2009-07-14 05:45 - 00013568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 19:51 - 2009-07-14 05:45 - 00013568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 19:37 - 2014-02-23 12:39 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 19:34 - 2012-04-04 06:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 14:50 - 2012-09-18 06:40 - 00000000 ____D () C:\Program Files\Google
2014-09-21 14:50 - 2010-03-07 21:17 - 00133528 _____ () C:\Windows\PFRO.log
2014-09-11 22:02 - 2010-02-07 22:08 - 01603680 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 21:59 - 2012-09-18 06:39 - 00000000 ____D () C:\Users\Asus\AppData\Local\Google
2014-09-11 21:59 - 2012-09-18 06:38 - 00000000 ____D () C:\Program Files (x86)\Google

Files to move or delete:
====================
C:\ProgramData\ociwmirod.dat


Some content of TEMP:
====================
C:\Users\Asus\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Asus\AppData\Local\Temp\Delta.exe
C:\Users\Asus\AppData\Local\Temp\DeltaTB.exe
C:\Users\Asus\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Asus\AppData\Local\Temp\ply.dll
C:\Users\Asus\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\Asus\AppData\Local\Temp\WSSetup.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-09-21 16:54:16

==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 2047.24 MB
Available physical RAM: 1475.55 MB
Total Pagefile: 2047.24 MB
Available Pagefile: 1505.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:0.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:67.69 GB) (Free:1.62 GB) NTFS
Drive f: (FLASH) (Removable) (Total:0.94 GB) (Free:0.87 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: F98D6E74)
Partition 1: (Not Active) - (Size=6.8 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=67.7 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 966 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-09-21 16:27

==================== End Of Log ============================

schrauber 03.10.2014 21:50
hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
S2 Winmgmt; C:\ProgramData\AB82936.dot [332028 2014-09-04] (Microsoft Corporation)
2014-09-04 07:21 - 2014-09-04 07:21 - 00332028 ____T (Microsoft Corporation) C:\ProgramData\AB82936.dot
2014-09-04 07:20 - 2014-09-04 07:20 - 00015623 _____ () C:\Users\Asus\Desktop\hs_err_pid7516.log
2014-09-04 07:19 - 2014-09-04 07:19 - 00419328 _____ (MONOGRAM Multimedia, s.r.o.) C:\ProgramData\63928BA.cpp
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131