Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Polizei Trojaner - schwarzer Schirm mit weißem Mauszeiger nach Systemwiederherstellung

Polizei Trojaner - schwarzer Schirm mit weißem Mauszeiger nach Systemwiederherstellung


Log-Analyse und Auswertung: Polizei Trojaner - schwarzer Schirm mit weißem Mauszeiger nach Systemwiederherstellung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 31.07.2013, 14:50   #1
MaxSound
 
Polizei Trojaner - schwarzer Schirm mit weißem Mauszeiger nach Systemwiederherstellung - Standard

Polizei Trojaner - schwarzer Schirm mit weißem Mauszeiger nach Systemwiederherstellung


Wäre toll wenn hier jemand weiter wüßte, vielen Dank im Voraus

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by SYSTEM on 31-07-2013 15:25:23
Running from H:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-25] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [212480 2010-03-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [316784 2010-01-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\birni\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\birni\...\Run: [] -  [x]
HKU\birni\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe [814472 2013-06-12] (Adobe Systems Incorporated)

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-11-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-11-25] (Sonic Solutions)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-08] (Sony Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-18] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 TVICHW32; C:\Windows\system32\DRIVERS\TVICHW32.SYS [21200 2010-12-23] (EnTech Taiwan)
S3 TVICHW32; C:\Windows\system32\DRIVERS\TVICHW32.SYS [21200 2010-12-23] (EnTech Taiwan)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-10 02:06 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 02:06 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 02:06 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 02:06 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 02:06 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 02:06 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 02:06 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 02:06 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 02:06 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 02:06 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 02:06 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 02:06 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 02:06 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 02:06 - 2013-06-12 00:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 02:06 - 2013-06-12 00:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 02:06 - 2013-06-12 00:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 02:06 - 2013-06-12 00:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 02:06 - 2013-06-12 00:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 02:06 - 2013-06-12 00:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 02:06 - 2013-06-12 00:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 02:06 - 2013-06-12 00:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 02:06 - 2013-06-12 00:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 02:06 - 2013-06-12 00:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 02:06 - 2013-06-12 00:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 02:06 - 2013-06-12 00:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 02:06 - 2013-06-12 00:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 02:06 - 2013-06-12 00:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 02:06 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 02:06 - 2013-06-11 23:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 02:06 - 2013-06-07 04:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 02:06 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 22:43 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-09 22:43 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 22:43 - 2013-05-06 07:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-09 22:43 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 22:42 - 2013-06-05 04:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-09 22:42 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 22:42 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-02 02:02 - 2013-07-02 02:02 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-02 02:02 - 2013-07-02 02:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-02 02:02 - 2013-07-02 02:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-02 02:02 - 2013-07-02 02:02 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-02 02:02 - 2013-07-02 02:02 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-02 02:02 - 2013-07-02 02:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-02 02:02 - 2013-07-02 02:02 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-02 02:02 - 2013-07-02 02:02 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-02 02:00 - 2013-07-02 02:07 - 00009534 _____ C:\Windows\IE10_main.log
113

==================== One Month Modified Files and Folders =======

2013-07-31 15:24 - 2013-07-31 15:24 - 00000000 ____D C:\FRST
2013-07-31 14:10 - 2010-05-15 12:54 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-31 14:05 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 14:05 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 14:03 - 2011-11-22 20:42 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation
2013-07-31 14:03 - 2010-12-27 14:56 - 00000000 ____D C:\Users\birni\AppData\Roaming\dd_bookmarks
2013-07-31 14:03 - 2010-12-27 14:05 - 00000000 ____D C:\ProgramData\HP
2013-07-31 14:03 - 2010-12-23 07:24 - 00000000 ____D C:\Users\birni\AppData\Roaming\ArcSoft
2013-07-31 14:03 - 2010-12-13 21:46 - 00000000 ____D C:\users\birni
2013-07-31 14:03 - 2010-03-26 00:44 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-07-31 14:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-07-31 14:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-31 14:02 - 2010-12-23 07:24 - 00000000 ____D C:\ProgramData\ArcSoft
2013-07-31 13:57 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-31 06:26 - 2009-07-14 08:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-27 21:13 - 2012-10-17 16:48 - 00000000 ____D C:\Users\birni\AppData\Roaming\HpUpdate
2013-07-23 22:39 - 2010-12-13 21:46 - 01345168 _____ C:\Windows\WindowsUpdate.log
2013-07-23 22:34 - 2012-04-13 05:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 13:37 - 2010-12-13 21:51 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{87B92A33-D942-4107-B032-3887E1EBC567}
2013-07-23 09:09 - 2010-05-15 12:54 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 15:29 - 2010-05-15 22:40 - 00657910 _____ C:\Windows\System32\perfh007.dat
2013-07-13 15:29 - 2010-05-15 22:40 - 00131250 _____ C:\Windows\System32\perfc007.dat
2013-07-13 15:29 - 2009-07-14 06:13 - 01507406 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-13 06:19 - 2012-03-16 16:19 - 00000000 ____D C:\Users\birni\Desktop\anzeige willhaben
2013-07-12 09:04 - 2010-05-15 12:54 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 09:04 - 2010-05-15 12:54 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-10 22:22 - 2012-01-07 18:47 - 00000000 ____D C:\Users\birni\Desktop\Gym
2013-07-10 02:34 - 2009-07-14 05:51 - 00079306 _____ C:\Windows\setupact.log
2013-07-10 02:34 - 2009-07-14 05:45 - 00441536 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 02:33 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 02:33 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 02:32 - 2009-07-14 08:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 02:32 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 02:32 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 02:17 - 2010-12-23 07:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 02:08 - 2010-12-22 14:35 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-02 03:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-07-02 02:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-02 02:07 - 2013-07-02 02:00 - 00009534 _____ C:\Windows\IE10_main.log
2013-07-02 02:02 - 2013-07-02 02:02 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-02 02:02 - 2013-07-02 02:02 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-02 02:02 - 2013-07-02 02:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-02 02:02 - 2013-07-02 02:02 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-02 02:02 - 2013-07-02 02:02 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-02 02:02 - 2013-07-02 02:02 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-02 02:02 - 2013-07-02 02:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-02 02:02 - 2013-07-02 02:02 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-02 02:02 - 2013-07-02 02:02 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-02 02:02 - 2013-07-02 02:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-02 02:02 - 2013-07-02 02:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

Files to move or delete:
====================
C:\Users\birni\AppData\Roaming\cache.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-23 23:00:05
Restore point made on: 2013-07-26 16:15:36
Restore point made on: 2013-07-30 16:15:21
Restore point made on: 2013-07-31 05:56:36

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 4014.08 MB
Available physical RAM: 3360.11 MB
Total Pagefile: 4012.23 MB
Available Pagefile: 3348.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:228.75 GB) (Free:51.06 GB) NTFS (Disk=0 Partition=3)
Drive d: (Daten) (Fixed) (Total:226.65 GB) (Free:126.58 GB) NTFS (Disk=0 Partition=4)
Drive f: (Recovery) (Fixed) (Total:10.26 GB) (Free:0.82 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive h: (MINI128) (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6B62875C)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=229 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=227 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 127 MB) (Disk ID: 126B3FDD)
Partition 1: (Not Active) - (Size=133 MB) - (Type=0B)


LastRegBack: 2013-07-22 23:10

==================== End Of Log ============================

 

Themen zu Polizei Trojaner - schwarzer Schirm mit weißem Mauszeiger nach Systemwiederherstellung
adobe, adobe flash player, anzeige, association, desktop, dll, explorer, explorer.exe, farbar, farbar recovery scan tool, flash player, frst.txt, home, log, microsoft, realtek, registry, rundll, rundll32.exe, scan, security, services.exe, software, svchost.exe, system, system32, systemwiederherstellung, trojaner, winlogon.exe


« Schwarzer Desktop / GVU-Trojaner - explorer.exe gelöscht | Viele Probleme auf den Laptop »


Ähnliche Themen: Polizei Trojaner - schwarzer Schirm mit weißem Mauszeiger nach Systemwiederherstellung


  1. Nach anmeldung schwarzer bildschirm mit mauszeiger, alles ausprobiert nichts funktionert!
    Plagegeister aller Art und deren Bekämpfung - 21.04.2015 (12)
  2. Windows 7: Boot nicht möglich; schwarzer Bildschirm mit Mauszeiger nach Windowslogo
    Log-Analyse und Auswertung - 11.11.2014 (17)
  3. Windows 8.1: schwarzer Bildschirm nach Start, Mauszeiger da, FRST lässt sich nicht ausführen
    Plagegeister aller Art und deren Bekämpfung - 27.08.2014 (1)
  4. Windows 8.1: schwarzer Bildschirm nach Start, Mauszeiger da
    Alles rund um Windows - 27.08.2014 (2)
  5. schwarzer Bildschirm mit Mauszeiger nach Start des Betriebssystems Windows7
    Log-Analyse und Auswertung - 17.04.2014 (7)
  6. Windows 8.1 schwarzer Schirm Maus lässt sich bewegen
    Plagegeister aller Art und deren Bekämpfung - 31.03.2014 (6)
  7. [Windows 7] Nach Login bei Windows erscheint nur noch ein schwarzer Bildschirm mit Mauszeiger
    Plagegeister aller Art und deren Bekämpfung - 12.03.2014 (1)
  8. Regelmäßig Schirm mit weißem Flimmern nach Ruhezustand
    Log-Analyse und Auswertung - 12.02.2014 (5)
  9. Schwarzer Bildschim mit Mauszeiger nach Malwareentfernung
    Plagegeister aller Art und deren Bekämpfung - 26.01.2014 (21)
  10. Windows 7 schwarzer Bildschirm + Mauszeiger
    Plagegeister aller Art und deren Bekämpfung - 18.01.2014 (4)
  11. Windows 8 schwarzer Bildschirm + Mauszeiger
    Alles rund um Windows - 05.01.2014 (1)
  12. Windows 7: Polizei Virus mit weißem Bildschirm
    Log-Analyse und Auswertung - 27.09.2013 (13)
  13. Windows 7 nach Start schwarzer Bildschirm + Mauszeiger
    Plagegeister aller Art und deren Bekämpfung - 23.09.2013 (15)
  14. Nach Systemwiederherstellung nur mehr Mauszeiger und schwarzer Bs (GVU Trojaner)
    Log-Analyse und Auswertung - 08.08.2013 (2)
  15. Schwarzer Bildschirm nach hochfahren mit beweglichem Mauszeiger
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (5)
  16. Windows 7 startet nicht mehr, schwarzer Bildschirm beim Booten mit weißem Mauszeiger
    Log-Analyse und Auswertung - 19.03.2013 (0)
  17. schwarzer Bildschirm mit Mauszeiger... nix geht mehr
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Polizei Trojaner - schwarzer Schirm mit weißem Mauszeiger nach Systemwiederherstellung - Wäre toll wenn hier jemand weiter wüßte, vielen Dank im Voraus Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03 Ran by - Polizei Trojaner - schwarzer Schirm mit weißem Mauszeiger nach Systemwiederherstellung...
Archiv
Du betrachtest: Polizei Trojaner - schwarzer Schirm mit weißem Mauszeiger nach Systemwiederherstellung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131