Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Fedpol Trojaner Schweiz FRST Analyse

Fedpol Trojaner Schweiz FRST Analyse


Plagegeister aller Art und deren Bekämpfung: Fedpol Trojaner Schweiz FRST Analyse

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 17.10.2013, 11:42   #1
peterzuerich
 
Fedpol Trojaner Schweiz FRST Analyse - Standard

Fedpol Trojaner Schweiz FRST Analyse


Guten Tag,

ich habe mir einen Fedpol Trojaner eingefangen, und habe die hier im Forum beschriebenen Tipps durchgelesen. Ich habe die Farbar Recovery Software scannen lassen und den untenstehenden FRST.txt abgespeichert. Kann mir jemand helfen was ich nun machen muss?
Es handelt sich um Windows 7.

Vielen Dank für eure Hilfe
Gruss Peter



Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-LGDM1UE on 17-10-2013 12:28:12
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [160840 2012-05-07] (Geek Software GmbH)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [384800 2012-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [MailCheck IE Broker] - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1459848 2012-10-05] (1und1 Mail und Media GmbH)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Mongo-Peter\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\Mongo-Peter\...\Run: [GameXN GO] - C:\ProgramData\GameXN\GameXNGO.exe [347008 2011-12-12] (EasyBits Software AS)
HKU\Mongo-Peter\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [81912 2012-01-02] (PC Utilities Pro)
HKU\Mongo-Peter\...\Run: [Facebook Update] - C:\Users\Mongo-Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-04] (Facebook Inc.)
HKU\Mongo-Peter\...\Run: [sobowac] - rundll32 "C:\Users\Mongo-Peter\AppData\Local\sobowac.dll",sobowac <===== ATTENTION
HKU\Mongo-Peter\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-10-02] (Google Inc.)
HKU\Mongo-Peter\...\Run: [BlSfHOJeYEE.exe] - C:\Users\Mongo-Peter\AppData\Local\6yptipNs7U\BlSfHOJeYEE.exe [111472 2013-10-10] (Microsoft Corporation)
HKU\Mongo-Peter\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe [515464 2013-10-02] (Adobe Systems Incorporated)
HKU\Mongo-Peter\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Mongo-Peter\...\Command Processor: "C:\Users\Mongo-Peter\AppData\Local\6yptipNs7U\BlSfHOJeYEE.exe" <===== ATTENTION!
AppInit_DLLs-x32: c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll  [2202728 2012-12-25] ()

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [85280 2012-12-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [109344 2012-12-11] (Avira Operations GmbH & Co. KG)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2547816 2012-12-25] ()
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-28] (Lavasoft Limited)
S2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2009-11-18] (Chris Pietschmann (hxxp://pietschsoft.com))

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [99912 2012-12-11] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [129216 2012-12-11] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27800 2012-09-23] (Avira Operations GmbH & Co. KG)
S3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-08-26] ()
S3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-08-26] ()
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-08-18] (Lavasoft AB)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-17 12:27 - 2013-10-17 12:27 - 00000000 ____D C:\FRST
2013-10-17 01:43 - 2013-10-17 01:43 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect
2013-10-17 01:40 - 2013-10-17 01:39 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\euYSWE2aLi
2013-10-17 01:40 - 2013-10-17 01:39 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\12R1a74cf
2013-10-17 01:40 - 2013-10-17 01:39 - 00237568 _____ C:\ProgramData\5jUQ3jL0M
2013-10-17 01:30 - 2013-10-17 01:30 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\uZyfA6ElN
2013-10-17 01:30 - 2013-10-17 01:30 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\7r1sW7eyr
2013-10-17 01:30 - 2013-10-17 01:30 - 00237568 _____ C:\ProgramData\br0jnL6V
2013-10-16 14:39 - 2013-10-16 14:39 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\p8KEJg7tuL
2013-10-16 14:39 - 2013-10-16 14:39 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\VacOH8XI
2013-10-16 14:39 - 2013-10-16 14:39 - 00237568 _____ C:\ProgramData\Wo9HPg5OarS
2013-10-16 14:35 - 2013-10-16 14:35 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\HE93i8GM
2013-10-16 14:35 - 2013-10-16 14:35 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\rWxF6cLhh
2013-10-16 14:35 - 2013-10-16 14:35 - 00237568 _____ C:\ProgramData\lUy7AgnlYxX
2013-10-16 14:12 - 2013-10-16 14:12 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\unnSEiuVTj8
2013-10-16 14:12 - 2013-10-16 14:12 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\FJVLhOccD
2013-10-16 14:12 - 2013-10-16 14:12 - 00237568 _____ C:\ProgramData\HGD2k3Ps5
2013-10-16 13:57 - 2013-10-16 13:57 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\aQuuBX4gbfj
2013-10-16 13:57 - 2013-10-16 13:57 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\IemmaQtK
2013-10-16 13:57 - 2013-10-16 13:57 - 00237568 _____ C:\ProgramData\uPoOKbT9
2013-10-16 12:50 - 2013-10-17 12:16 - 00000000 ____D C:\ProgramData\Recovery
2013-10-16 02:54 - 2013-10-16 02:53 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\MaEyUHUmshg
2013-10-16 02:54 - 2013-10-16 02:53 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\0plSuzqA
2013-10-16 02:54 - 2013-10-16 02:53 - 00237568 _____ C:\ProgramData\h5aZLPgE
2013-10-16 02:35 - 2013-10-16 02:34 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\9JmOKBhR
2013-10-16 02:35 - 2013-10-16 02:34 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\UFpxyN0nrQ
2013-10-16 02:35 - 2013-10-16 02:34 - 00237568 _____ C:\ProgramData\ZIICJluseO
2013-10-16 02:11 - 2013-10-16 02:11 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\rjXkMCkJ6TY
2013-10-16 02:11 - 2013-10-16 02:11 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\KmMOO6P9Vd
2013-10-16 02:11 - 2013-10-16 02:11 - 00237568 _____ C:\ProgramData\g04oA7baUk
2013-10-16 02:08 - 2013-10-16 02:08 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\5SovC3b25
2013-10-16 02:08 - 2013-10-16 02:08 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\eirqwdVQblr
2013-10-16 02:08 - 2013-10-16 02:08 - 00237568 _____ C:\ProgramData\P9K1BJkq
2013-10-16 02:05 - 2013-10-16 02:04 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\n5ImNNA23
2013-10-16 02:05 - 2013-10-16 02:04 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\4sEbr8hvY
2013-10-16 02:05 - 2013-10-16 02:04 - 00237568 _____ C:\ProgramData\cxiS22nk
2013-10-16 02:01 - 2013-10-16 02:01 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\iM9udsaBdao
2013-10-16 02:01 - 2013-10-16 02:01 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\ZvYo9BBRnL
2013-10-16 02:01 - 2013-10-16 02:01 - 00237568 _____ C:\ProgramData\nrJU0tmPi
2013-10-16 01:26 - 2013-10-16 01:26 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\polWZ7ccQlD
2013-10-16 01:26 - 2013-10-16 01:26 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\rraSWVIVb
2013-10-16 01:26 - 2013-10-16 01:26 - 00237568 _____ C:\ProgramData\fJ6tknSPT2g
2013-10-16 01:17 - 2013-10-16 01:17 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\Rqt1JO1lbjC
2013-10-16 01:17 - 2013-10-16 01:17 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\Rbn1yFpywF
2013-10-16 01:17 - 2013-10-16 01:17 - 00237568 _____ C:\ProgramData\abezXZPzr
2013-10-16 01:09 - 2013-10-16 01:09 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\DRmUEw1Or5
2013-10-16 01:09 - 2013-10-16 01:09 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\zqRa21yC
2013-10-16 01:09 - 2013-10-16 01:09 - 00237568 _____ C:\ProgramData\X6xeKiOA
2013-10-16 00:55 - 2013-10-16 00:54 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\yNPHcZcuI
2013-10-16 00:55 - 2013-10-16 00:54 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\KF2RLgBA7iM
2013-10-16 00:55 - 2013-10-16 00:54 - 00237568 _____ C:\ProgramData\vfR1Yps2g6
2013-10-10 06:54 - 2013-10-16 02:00 - 00000000 ____D C:\Users\Mongo-Peter\AppData\Local\6yptipNs7U
2013-10-10 06:54 - 2013-10-10 06:54 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\b9KZB0DV
2013-10-10 06:54 - 2013-10-10 06:54 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\nsQJXRd4C
2013-10-10 06:54 - 2013-10-10 06:54 - 00237568 _____ C:\ProgramData\4ilI3xT6r
2013-10-02 03:24 - 2013-10-10 06:57 - 00000000 ____D C:\Users\Mongo-Peter\AppData\Roaming\Google
2013-10-02 03:23 - 2013-10-10 07:00 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-02 03:22 - 2013-10-17 01:43 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-02 03:22 - 2013-10-16 13:33 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-02 03:22 - 2013-10-10 06:57 - 00000000 ____D C:\Users\Mongo-Peter\AppData\Local\Google
2013-10-02 03:22 - 2013-10-02 03:28 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-02 03:22 - 2013-10-02 03:28 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-02 03:22 - 2013-10-02 03:23 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-02 03:22 - 2013-10-02 03:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-02 03:22 - 2013-10-02 03:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-02 03:22 - 2013-10-02 03:22 - 00000000 ____D C:\ProgramData\Google
2013-10-02 03:22 - 2013-10-02 03:22 - 00000000 ____D C:\Program Files\Google
2013-10-02 02:11 - 2013-10-02 02:11 - 00022528 _____ C:\Users\Mongo-Peter\AppData\Local\sobowac.dll
2013-09-29 10:57 - 2013-09-29 10:58 - 00000000 ____D C:\Users\Mongo-Peter\Desktop\scans
2013-09-29 09:11 - 2013-08-09 21:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-29 09:11 - 2013-08-09 21:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-29 09:11 - 2013-08-09 21:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-29 09:11 - 2013-08-09 21:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-29 09:11 - 2013-08-09 21:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-29 09:11 - 2013-08-09 21:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-29 09:11 - 2013-08-09 21:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-29 09:11 - 2013-08-09 21:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-29 09:11 - 2013-08-09 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-29 09:11 - 2013-08-09 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-29 09:11 - 2013-08-09 19:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-29 09:11 - 2013-08-09 19:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-29 09:11 - 2013-08-09 19:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-29 09:11 - 2013-08-09 19:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-29 09:11 - 2013-08-09 19:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-29 09:11 - 2013-08-09 19:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-29 09:11 - 2013-08-09 19:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-29 09:11 - 2013-08-09 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-29 09:11 - 2013-08-09 19:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-29 09:11 - 2013-08-09 19:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-29 09:11 - 2013-08-09 19:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-29 09:11 - 2013-08-09 18:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-29 09:11 - 2013-08-09 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-29 09:11 - 2013-08-07 17:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-29 09:10 - 2013-08-09 21:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-29 09:10 - 2013-08-09 21:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-29 09:10 - 2013-08-09 21:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-29 09:10 - 2013-08-09 21:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-29 09:10 - 2013-08-09 19:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-29 09:10 - 2013-08-09 19:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-29 09:10 - 2013-08-09 19:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-29 09:10 - 2013-08-09 19:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

==================== One Month Modified Files and Folders =======

2013-10-17 12:27 - 2013-10-17 12:27 - 00000000 ____D C:\FRST
2013-10-17 12:16 - 2013-10-16 12:50 - 00000000 ____D C:\ProgramData\Recovery
2013-10-17 01:43 - 2013-10-17 01:43 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect
2013-10-17 01:43 - 2013-10-02 03:22 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-17 01:43 - 2013-06-08 11:16 - 00003616 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2013-10-17 01:43 - 2012-11-18 12:03 - 00000414 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2013-10-17 01:43 - 2012-10-14 03:32 - 00000376 ____H C:\Windows\Tasks\CodecUpdaterTask{7DCC82C3-FB97-476B-AD71-C0BA999A22B8}.job
2013-10-17 01:43 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-17 01:42 - 2011-10-02 13:55 - 00018907 _____ C:\Windows\setupact.log
2013-10-17 01:40 - 2011-09-05 12:39 - 00000064 _____ C:\Windows\SysWOW64\rp_stats.dat
2013-10-17 01:40 - 2011-09-05 12:39 - 00000044 _____ C:\Windows\SysWOW64\rp_rules.dat
2013-10-17 01:39 - 2013-10-17 01:40 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\euYSWE2aLi
2013-10-17 01:39 - 2013-10-17 01:40 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\12R1a74cf
2013-10-17 01:39 - 2013-10-17 01:40 - 00237568 _____ C:\ProgramData\5jUQ3jL0M
2013-10-17 01:39 - 2012-12-07 06:04 - 00000441 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2013-10-17 01:32 - 2009-07-13 20:45 - 00024576 _____ C:\Windows\System32\umstartup.etl
2013-10-17 01:30 - 2013-10-17 01:30 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\uZyfA6ElN
2013-10-17 01:30 - 2013-10-17 01:30 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\7r1sW7eyr
2013-10-17 01:30 - 2013-10-17 01:30 - 00237568 _____ C:\ProgramData\br0jnL6V
2013-10-16 14:39 - 2013-10-16 14:39 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\p8KEJg7tuL
2013-10-16 14:39 - 2013-10-16 14:39 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\VacOH8XI
2013-10-16 14:39 - 2013-10-16 14:39 - 00237568 _____ C:\ProgramData\Wo9HPg5OarS
2013-10-16 14:35 - 2013-10-16 14:35 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\HE93i8GM
2013-10-16 14:35 - 2013-10-16 14:35 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\rWxF6cLhh
2013-10-16 14:35 - 2013-10-16 14:35 - 00237568 _____ C:\ProgramData\lUy7AgnlYxX
2013-10-16 14:12 - 2013-10-16 14:12 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\unnSEiuVTj8
2013-10-16 14:12 - 2013-10-16 14:12 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\FJVLhOccD
2013-10-16 14:12 - 2013-10-16 14:12 - 00237568 _____ C:\ProgramData\HGD2k3Ps5
2013-10-16 14:04 - 2010-08-16 15:40 - 01887349 _____ C:\Windows\WindowsUpdate.log
2013-10-16 13:57 - 2013-10-16 13:57 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\aQuuBX4gbfj
2013-10-16 13:57 - 2013-10-16 13:57 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\IemmaQtK
2013-10-16 13:57 - 2013-10-16 13:57 - 00237568 _____ C:\ProgramData\uPoOKbT9
2013-10-16 13:47 - 2011-03-18 09:10 - 00309030 _____ C:\Windows\PFRO.log
2013-10-16 13:33 - 2013-10-02 03:22 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-16 12:03 - 2013-01-04 15:58 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1695920781-605370332-2860346752-1000UA.job
2013-10-16 11:36 - 2012-11-28 12:27 - 00000000 ____D C:\Users\Mongo-Peter\AppData\Roaming\FreeFileViewer
2013-10-16 11:36 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-16 11:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-10-16 03:01 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-16 03:01 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-16 02:53 - 2013-10-16 02:54 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\MaEyUHUmshg
2013-10-16 02:53 - 2013-10-16 02:54 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\0plSuzqA
2013-10-16 02:53 - 2013-10-16 02:54 - 00237568 _____ C:\ProgramData\h5aZLPgE
2013-10-16 02:34 - 2013-10-16 02:35 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\9JmOKBhR
2013-10-16 02:34 - 2013-10-16 02:35 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\UFpxyN0nrQ
2013-10-16 02:34 - 2013-10-16 02:35 - 00237568 _____ C:\ProgramData\ZIICJluseO
2013-10-16 02:11 - 2013-10-16 02:11 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\rjXkMCkJ6TY
2013-10-16 02:11 - 2013-10-16 02:11 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\KmMOO6P9Vd
2013-10-16 02:11 - 2013-10-16 02:11 - 00237568 _____ C:\ProgramData\g04oA7baUk
2013-10-16 02:08 - 2013-10-16 02:08 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\5SovC3b25
2013-10-16 02:08 - 2013-10-16 02:08 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\eirqwdVQblr
2013-10-16 02:08 - 2013-10-16 02:08 - 00237568 _____ C:\ProgramData\P9K1BJkq
2013-10-16 02:04 - 2013-10-16 02:05 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\n5ImNNA23
2013-10-16 02:04 - 2013-10-16 02:05 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\4sEbr8hvY
2013-10-16 02:04 - 2013-10-16 02:05 - 00237568 _____ C:\ProgramData\cxiS22nk
2013-10-16 02:01 - 2013-10-16 02:01 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\iM9udsaBdao
2013-10-16 02:01 - 2013-10-16 02:01 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\ZvYo9BBRnL
2013-10-16 02:01 - 2013-10-16 02:01 - 00237568 _____ C:\ProgramData\nrJU0tmPi
2013-10-16 02:00 - 2013-10-10 06:54 - 00000000 ____D C:\Users\Mongo-Peter\AppData\Local\6yptipNs7U
2013-10-16 02:00 - 2013-01-04 15:57 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1695920781-605370332-2860346752-1000Core.job
2013-10-16 02:00 - 2011-03-18 09:16 - 00000000 ____D C:\users\Mongo-Peter
2013-10-16 01:26 - 2013-10-16 01:26 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\polWZ7ccQlD
2013-10-16 01:26 - 2013-10-16 01:26 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\rraSWVIVb
2013-10-16 01:26 - 2013-10-16 01:26 - 00237568 _____ C:\ProgramData\fJ6tknSPT2g
2013-10-16 01:17 - 2013-10-16 01:17 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\Rqt1JO1lbjC
2013-10-16 01:17 - 2013-10-16 01:17 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\Rbn1yFpywF
2013-10-16 01:17 - 2013-10-16 01:17 - 00237568 _____ C:\ProgramData\abezXZPzr
2013-10-16 01:09 - 2013-10-16 01:09 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\DRmUEw1Or5
2013-10-16 01:09 - 2013-10-16 01:09 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\zqRa21yC
2013-10-16 01:09 - 2013-10-16 01:09 - 00237568 _____ C:\ProgramData\X6xeKiOA
2013-10-16 00:54 - 2013-10-16 00:55 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\yNPHcZcuI
2013-10-16 00:54 - 2013-10-16 00:55 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\KF2RLgBA7iM
2013-10-16 00:54 - 2013-10-16 00:55 - 00237568 _____ C:\ProgramData\vfR1Yps2g6
2013-10-10 07:00 - 2013-10-02 03:23 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-10 06:57 - 2013-10-02 03:24 - 00000000 ____D C:\Users\Mongo-Peter\AppData\Roaming\Google
2013-10-10 06:57 - 2013-10-02 03:22 - 00000000 ____D C:\Users\Mongo-Peter\AppData\Local\Google
2013-10-10 06:54 - 2013-10-10 06:54 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Roaming\b9KZB0DV
2013-10-10 06:54 - 2013-10-10 06:54 - 00237568 _____ C:\Users\Mongo-Peter\AppData\Local\nsQJXRd4C
2013-10-10 06:54 - 2013-10-10 06:54 - 00237568 _____ C:\ProgramData\4ilI3xT6r
2013-10-10 06:53 - 2011-11-19 06:05 - 00000000 ____D C:\Users\Mongo-Peter\AppData\Roaming\go
2013-10-10 06:53 - 2011-11-02 16:45 - 00000000 ____D C:\ProgramData\GameXN
2013-10-02 03:28 - 2013-10-02 03:22 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-02 03:28 - 2013-10-02 03:22 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-02 03:24 - 2011-03-19 05:40 - 00000000 ____D C:\Users\Mongo-Peter\AppData\Local\Adobe
2013-10-02 03:23 - 2013-10-02 03:22 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-02 03:22 - 2013-10-02 03:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-02 03:22 - 2013-10-02 03:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-02 03:22 - 2013-10-02 03:22 - 00000000 ____D C:\ProgramData\Google
2013-10-02 03:22 - 2013-10-02 03:22 - 00000000 ____D C:\Program Files\Google
2013-10-02 02:11 - 2013-10-02 02:11 - 00022528 _____ C:\Users\Mongo-Peter\AppData\Local\sobowac.dll
2013-10-01 11:55 - 2012-07-25 05:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 11:20 - 2012-11-16 12:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-01 11:20 - 2011-03-18 14:39 - 00000000 ____D C:\Users\Mongo-Peter\AppData\Local\Mozilla
2013-10-01 08:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-10-01 08:06 - 2009-07-13 20:45 - 00304000 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-29 18:58 - 2010-08-17 01:27 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-29 18:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-29 11:01 - 2011-04-06 09:00 - 00000000 ____D C:\Cargolux Bewerbung
2013-09-29 11:01 - 2011-03-19 07:39 - 00000000 ____D C:\Users\Mongo-Peter\AppData\Roaming\SoftGrid Client
2013-09-29 10:58 - 2013-09-29 10:57 - 00000000 ____D C:\Users\Mongo-Peter\Desktop\scans

Files to move or delete:
====================
C:\Users\Mongo-Peter\AppData\Local\6yptipNs7U\BlSfHOJeYEE.exe


Some content of TEMP:
====================
C:\Users\Mongo-Peter\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Mongo-Peter\AppData\Local\Temp\ezGameXN.dll
C:\Users\Mongo-Peter\AppData\Local\Temp\GameXNGO.exe
C:\Users\Mongo-Peter\AppData\Local\Temp\htmlayout.dll
C:\Users\Mongo-Peter\AppData\Local\Temp\lj1020_1022-HB-pd-win32-enp.exe
C:\Users\Mongo-Peter\AppData\Local\Temp\oefjwbxbjkvndabtlmi.dll
C:\Users\Mongo-Peter\AppData\Local\Temp\oefjwbxbjkvndabtlmi.exe
C:\Users\Mongo-Peter\AppData\Local\Temp\Refresh.exe
C:\Users\Mongo-Peter\AppData\Local\Temp\SendMsg.dll
C:\Users\Mongo-Peter\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mongo-Peter\AppData\Local\Temp\tbedrs.dll
C:\Users\Mongo-Peter\AppData\Local\Temp\tbFile.dll
C:\Users\Mongo-Peter\AppData\Local\Temp\tbVisu.dll
C:\Users\Mongo-Peter\AppData\Local\Temp\vbmz2.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

11
Restore point made on: 2013-08-18 06:07:46
Restore point made on: 2013-08-20 01:38:45
Restore point made on: 2013-08-31 11:50:12
Restore point made on: 2013-09-08 02:41:39
Restore point made on: 2013-09-11 08:04:24
Restore point made on: 2013-09-29 09:08:15
Restore point made on: 2013-09-29 11:02:26
Restore point made on: 2013-10-10 07:08:58
Restore point made on: 2013-10-13 22:22:29
Restore point made on: 2013-10-16 00:59:04
Restore point made on: 2013-10-16 02:59:47

==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 3002.92 MB
Available physical RAM: 2305.08 MB
Total Pagefile: 3001.07 MB
Available Pagefile: 2303.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:214.05 GB) (Free:139.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:18.54 GB) (Free:2.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: () (Removable) (Total:3.91 GB) (Free:2.25 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================





========================================================
Disk: 0 (Size: 233 GB) (Disk ID: F9122B8D)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=214 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: A54D0A3E)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-10-16 03:34

==================== End Of Log ============================

 

Themen zu Fedpol Trojaner Schweiz FRST Analyse
ad-aware, adobe, antivir, association, avg, avira, desktop, explorer, farbar, farbar recovery scan tool, fedpol, google, home, microsoft, mozilla, opera, registry, router, rundll, rundll32, scan, services.exe, software, svchost.exe, system, temp, trojaner, windows, winlogon.exe


« CPU-Auslastung ständig bei 100% | Hilfe! Werbungen überall »


Ähnliche Themen: Fedpol Trojaner Schweiz FRST Analyse


  1. FRST-Analyse nach Crypto-Tool-Removal
    Log-Analyse und Auswertung - 12.11.2015 (3)
  2. ich habe einen Virus eingefangen der aus FRST.txt ein FRST.txt!___prosschiff@gmail.com_ macht
    Log-Analyse und Auswertung - 27.09.2015 (3)
  3. Windows 7 langsam (PC 2): FRST Log Analyse und Hilfe für Dienste Prozesse
    Log-Analyse und Auswertung - 04.11.2014 (15)
  4. Interpol-Virus (BKA Trojaner Schweiz)
    Log-Analyse und Auswertung - 02.04.2014 (5)
  5. Interpol Trojaner Windows 7 64 Bit , Schweiz
    Log-Analyse und Auswertung - 05.02.2014 (8)
  6. Firefox durch Fedpol Trojaner gesperrt
    Log-Analyse und Auswertung - 20.01.2014 (20)
  7. Fedpol Trojaner Kobik CH-Edition
    Log-Analyse und Auswertung - 15.11.2013 (25)
  8. Windows7 Home: Fedpol-Trojaner
    Log-Analyse und Auswertung - 29.10.2013 (3)
  9. FEDPOL-Trojaner KOBIK (Schweizer Variante)
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (9)
  10. Fedpol bundespolizei trojaner auf pc windows 7 - wie weiter?
    Log-Analyse und Auswertung - 14.10.2013 (1)
  11. Fedpol trojaner bekommen und bezahlt..
    Plagegeister aller Art und deren Bekämpfung - 06.10.2013 (1)
  12. Netbook mit Windows 7 Starter von Fedpol/BKA Trojaner befallen.
    Log-Analyse und Auswertung - 16.09.2013 (18)
  13. Weißer Bildschirm nach Neustart, scan via FRST.exe --> FRST.txt
    Log-Analyse und Auswertung - 06.08.2013 (5)
  14. Polizei Trojaner Schweiz
    Log-Analyse und Auswertung - 20.05.2013 (9)
  15. Trojaner Schweiz Polizei Cyber Crime Investigation
    Plagegeister aller Art und deren Bekämpfung - 03.02.2013 (25)
  16. Polizei-Trojaner (Schweiz) - ist er schon weg?
    Log-Analyse und Auswertung - 05.12.2012 (40)
  17. Bundespolizei Trojaner Schweiz
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Fedpol Trojaner Schweiz FRST Analyse - Guten Tag, ich habe mir einen Fedpol Trojaner eingefangen, und habe die hier im Forum beschriebenen Tipps durchgelesen. Ich habe die Farbar Recovery Software scannen lassen und den untenstehenden FRST.txt - Fedpol Trojaner Schweiz FRST Analyse...
Archiv
Du betrachtest: Fedpol Trojaner Schweiz FRST Analyse auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131