Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: FRST.txt nach Interpol-Polizei Trojaner/Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 26.11.2013, 22:01   #1
Daffy
 
FRST.txt nach Interpol-Polizei Trojaner/Virus - Standard

FRST.txt nach Interpol-Polizei Trojaner/Virus



Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-11-2013 01
Ran by SYSTEM on MININT-NLP3O78 on 26-11-2013 21:53:18
Running from G:\
Windows 7 Starter (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2217256 2011-03-17] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [1138780 2011-06-30] (IDT, Inc.)
HKLM\...\Run: [HPQuickWebProxy] - C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [78904 2011-04-08] (Hewlett-Packard Company)
HKLM\...\Run: [HPConnectionManager] - C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM\...\Run: [HPOSD] - C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKU\user\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-03] (Skype Technologies S.A.)
HKU\user\...\Winlogon: [Shell] explorer.exe,C:\Users\user\AppData\Roaming\Other.res [ 2013-08-28] () <==== ATTENTION 

========================== Services (Whitelisted) =================

S2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [125496 2011-02-22] (Hewlett-Packard Company)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282706 2011-06-30] (IDT, Inc.)
S2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [671344 2012-04-10] (VMware, Inc.)
S2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2370560 2012-05-01] (VMware, Inc.)
S2 wsnm; C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [472176 2012-05-01] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130924.001\BHDrvx86.sys [1097304 2013-09-23] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-29] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-29] (Symantec Corporation)
S2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41456 2012-04-10] (VMware, Inc.)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130927.001\IDSvix86.sys [392792 2013-08-26] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130927.018\NAVENG.SYS [93272 2013-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130927.018\NAVEX15.SYS [1612376 2013-08-29] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1207020.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1207020.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1207020.003\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1207020.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2013-03-31] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [136312 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NIS\1207020.003\SYMNETS.SYS [299640 2011-04-20] (Symantec Corporation)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-04-10] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-26 21:53 - 2013-11-26 21:53 - 00000000 ____D C:\FRST
2013-11-16 06:15 - 2013-10-11 23:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-16 06:15 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-16 06:15 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-16 06:15 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-16 06:15 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-15 02:15 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-15 02:15 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-15 02:15 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-15 02:14 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-15 02:14 - 2013-10-11 18:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-15 02:14 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-15 02:14 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-15 02:14 - 2013-10-02 17:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-15 02:14 - 2013-09-24 18:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-15 02:14 - 2013-09-24 18:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-15 02:14 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-15 02:14 - 2013-09-24 17:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-15 02:14 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-15 02:14 - 2013-09-24 17:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-15 02:14 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-15 02:14 - 2013-09-24 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-15 02:14 - 2013-09-24 16:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-15 02:14 - 2013-07-04 04:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-05 11:09 - 2013-11-05 11:09 - 00000000 _____ C:\Windows\System32\shoC5C0.tmp
2013-11-04 08:05 - 2013-11-04 08:05 - 00000000 _____ C:\Windows\System32\shoAE3B.tmp
2013-11-04 07:26 - 2013-11-04 07:26 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-10-31 01:37 - 2013-09-03 17:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-31 01:37 - 2013-09-03 17:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-31 01:37 - 2013-09-03 17:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-31 01:37 - 2013-09-03 17:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-31 01:37 - 2013-09-03 17:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-31 01:37 - 2013-09-03 17:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-10-31 01:37 - 2013-09-03 17:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys

==================== One Month Modified Files and Folders =======

2013-11-26 21:53 - 2013-11-26 21:53 - 00000000 ____D C:\FRST
2013-11-26 12:43 - 2009-07-13 20:39 - 00059359 _____ C:\Windows\setupact.log
2013-11-26 11:13 - 2013-03-20 06:39 - 01270487 _____ C:\Windows\WindowsUpdate.log
2013-11-26 10:42 - 2010-11-20 13:01 - 01500018 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-26 08:40 - 2009-07-13 20:34 - 00016480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-26 08:40 - 2009-07-13 20:34 - 00016480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-26 07:44 - 2013-06-30 10:39 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-11-24 09:23 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-11-17 10:22 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-11-05 11:09 - 2013-11-05 11:09 - 00000000 _____ C:\Windows\System32\shoC5C0.tmp
2013-11-04 08:05 - 2013-11-04 08:05 - 00000000 _____ C:\Windows\System32\shoAE3B.tmp
2013-11-04 07:26 - 2013-11-04 07:26 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\lzchUSm.exe
C:\Users\user\AppData\Local\Temp\lzchUSm0.exe
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

14
Restore point made on: 2013-06-27 04:25:18
Restore point made on: 2013-06-29 08:36:25
Restore point made on: 2013-06-29 09:25:32
Restore point made on: 2013-06-30 12:24:40
Restore point made on: 2013-07-04 04:14:09
Restore point made on: 2013-07-18 02:36:02
Restore point made on: 2013-07-21 07:34:54
Restore point made on: 2013-08-20 06:16:37
Restore point made on: 2013-09-16 08:57:48
Restore point made on: 2013-09-16 11:13:29
Restore point made on: 2013-10-10 00:39:42
Restore point made on: 2013-10-11 02:22:16
Restore point made on: 2013-11-04 05:24:37
Restore point made on: 2013-11-16 06:14:44

==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 1011.87 MB
Available physical RAM: 494.62 MB
Total Pagefile: 1011.87 MB
Available Pagefile: 495.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.98 GB) (Free:244.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Recovery) (Fixed) (Total:12.95 GB) (Free:1.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.1 GB) FAT32
Drive g: () (Removable) (Total:1.97 GB) (Free:0.55 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 6B5E644B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 003D6837)
Partition 1: (Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2013-07-21 08:10

==================== End Of Log ============================
         

 

Themen zu FRST.txt nach Interpol-Polizei Trojaner/Virus
adobe, appdata, association, check, code, crypt, explorer, explorer.exe, free, ics, launch, microsoft, norton internet security, recovery, registry, roaming, scan, security, service.exe, services.exe, sttray.exe, svchost.exe, symantec, system, system32, temp, trojaner/virus, winlogon, winlogon.exe




Ähnliche Themen: FRST.txt nach Interpol-Polizei Trojaner/Virus


  1. ich habe einen Virus eingefangen der aus FRST.txt ein FRST.txt!___prosschiff@gmail.com_ macht
    Log-Analyse und Auswertung - 27.09.2015 (3)
  2. Polizei Virus ! interpol Association National security Agency
    Log-Analyse und Auswertung - 14.04.2015 (13)
  3. Interpol Polizei Trojaner - Österreich
    Log-Analyse und Auswertung - 13.09.2014 (8)
  4. Windows 7: Interpol-Trojaner, FRST-Scan angefügt
    Log-Analyse und Auswertung - 02.04.2014 (10)
  5. Interpol Virus - FRST.exe
    Plagegeister aller Art und deren Bekämpfung - 25.03.2014 (21)
  6. Windows XP - Interpol GVU Virus sperrt PC nach dem Booten
    Log-Analyse und Auswertung - 16.02.2014 (3)
  7. Interpol Trojaner Windows 7 Statusfenster von frst erscheint nicht
    Log-Analyse und Auswertung - 08.12.2013 (3)
  8. BKA Trojaner: was nun nach FRST?
    Plagegeister aller Art und deren Bekämpfung - 25.11.2013 (12)
  9. FRST Logfile analysieren, nach BKA Trojaner, weißer Bildschirm etc
    Log-Analyse und Auswertung - 03.11.2013 (3)
  10. Windows 7 : Interpol Virus - nach Start --> Sperrbildschirm
    Log-Analyse und Auswertung - 16.10.2013 (21)
  11. WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan
    Log-Analyse und Auswertung - 10.10.2013 (14)
  12. GUV Trojaner mit Sperrbildschirm --> Schritte nach FRST Scan
    Log-Analyse und Auswertung - 01.10.2013 (9)
  13. nach Interpol Virus kein starten mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (9)
  14. Interpol Trojaner hat PC gesperrt - frst Scan bereits durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (7)
  15. Interpol Trojaner - FRST Logfile includiert
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (13)
  16. Interpol Trojaner - Sperschirm//FRST.Log schon angehängt
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (9)
  17. Weißer Bildschirm nach Neustart, scan via FRST.exe --> FRST.txt
    Log-Analyse und Auswertung - 06.08.2013 (5)

Zum Thema FRST.txt nach Interpol-Polizei Trojaner/Virus - Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-11-2013 01 Ran by SYSTEM on MININT-NLP3O78 on 26-11-2013 21:53:18 Running from G:\ Windows 7 - FRST.txt nach Interpol-Polizei Trojaner/Virus...
Archiv
Du betrachtest: FRST.txt nach Interpol-Polizei Trojaner/Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.