Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
PC durch "Interpol Trojaner" gesperrt

PC durch "Interpol Trojaner" gesperrt


Log-Analyse und Auswertung: PC durch "Interpol Trojaner" gesperrt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 08.08.2013, 08:53   #1
hollepit
 
PC durch "Interpol Trojaner" gesperrt - Standard

PC durch "Interpol Trojaner" gesperrt


Hallo,

ich habe meinen PC durch den Interpol Trojaner gesperrt bekommen, wie im Beitrag

http://www.trojaner-board.de/139493-...gesprerrt.html

beschrieben ist.

Das FRST Logfile hat folgende Informationen ausgespuckt:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-08-2013
Ran by SYSTEM on 08-08-2013 09:36:34
Running from J:\
Windows Vista (TM) Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [Cmiboot] - C:\Windows\cmiboot.exe [65536 2007-02-07] ()
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [NMSSupport] - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [439512 2007-06-27] (Intel Corporation)
HKLM\...\Run: [CCUTRAYICON] - C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe [215256 2007-06-27] (Intel(R) Corporation)
HKLM\...\Run: [MedionVFD] - C:\Program Files\Medion Info Display\MdionLCMLH.exe [208896 2006-12-29] (Dritek System Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7600672 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TrueImageMonitor.exe] - E:\Acronis TrueImageHome\TrueImageMonitor.exe [4393112 2009-05-15] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - E:\Acronis TrueImageHome\TimounterMonitor.exe [962640 2009-05-15] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [377640 2009-05-15] (Acronis)
HKLM\...\Run: [Adobe Reader Speed Launcher] - E:\Adobe Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-26] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - E:\Canon\My Printer\BJMyPrt.exe [1848648 2008-03-18] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128352 2007-11-19] (CANON INC.)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] - E:\OmniPageSE4\OpwareSE4.exe [73728 2007-06-13] (Nuance Communications, Inc.)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-11-13] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - E:\Adobe CS4\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [Adobe_ID0ENQBO] - C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKLM\...\Run: [NokiaMusic FastStart] - E:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe [2090272 2009-11-06] (Nokia)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [ZoneAlarm Client] - E:\ZoneAlarm\zlclient.exe [1043968 2010-06-28] (Check Point Software Technologies LTD)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [738808 2010-06-15] (Check Point Software Technologies)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [901800 2011-11-21] ({StringFileInfo_CompanyName})
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM\...\Run: [AVMFBoxMonitor] - C:\Program Files\FRITZ!Box Monitor\FRITZBoxMonitor.exe [1503232 2009-07-06] (AVM Berlin)
HKLM\...\Run: [PDFPrint] - E:\PDF24\pdf24.exe [160872 2012-05-22] (Geek Software GmbH)
HKLM\...\Run: [KiesTrayAgent] - E:\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [BingDesktop] - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM\...\Run: [Plantronics MyHeadset Updater] - C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe [76288 2012-12-12] (Plantronics)
HKLM\...\Run: [avgnt] - E:\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-07] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [217088 2009-04-11] (Microsoft Corporation)
HKU\Admin\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Admin\...\Run: [SpybotSD TeaTimer] - E:\Spybot - Search & Destroy\TeaTimer.exe [ 2009-01-26] (Safer Networking Limited)
HKU\Admin\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2009-11-20] (Hewlett-Packard Company)
HKU\Admin\...\Run: [Polar Sync] -  [x]
HKU\Admin\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Admin\...\Run: [] -  [x]
HKU\Admin\...\Run: [KiesPreload] - E:\Kies\Kies.exe [ 2012-12-20] (Samsung)
HKU\Admin\...\Run: [KiesAirMessage] - E:\Kies\KiesAirMessage.exe [ 2012-12-18] (Samsung Electronics)
HKU\Admin\...\Run: [Vidalia] - E:\Vidalia Bridge Bundle\Vidalia\vidalia.exe [ 2012-12-02] ()
HKU\Admin\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-03] (Skype Technologies S.A.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\IUSR_NMPR\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\IUSR_NMPR\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\User\...\Run: [PC Suite Tray] - "E:\Nokia PC Suite\Nokia PC Suite 7\PCSuite.exe" -onlytray [x]
HKU\User\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2009-11-20] (Hewlett-Packard Company)
HKU\User\...\Run: [Polar Sync] -  [x]
HKU\User\...\Run: [AdobeBridge] -  [x]
HKU\User\...\Run: [] - E:\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2012-12-20] (Samsung)
HKU\User\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\09qj.lnk
ShortcutTarget: 09qj.lnk -> C:\Users\Admin\AppData\Local\Temp\jq90.dat (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.~lock.Aufgaben_privat.xls# ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\09qj.lnk
ShortcutTarget: 09qj.lnk -> c:\progra~2\jq90.dat (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Aufgaben_privat.xls ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> E:\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> E:\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> E:\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> E:\Personal Backup 4\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vxtoivckjmpvfifpkwm.lnk
ShortcutTarget: vxtoivckjmpvfifpkwm.lnk -> C:\Users\User\AppData\Local\Temp\mwkpfifvpmjkcviotxv.bfg (Microsoft Corporation)
BootExecute: autocheck autochk /r \??\I:autocheck autochk * 

========================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [619336 2009-05-15] (Acronis)
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
S2 AlertService; C:\Programme\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel(R) Corporation)
S2 AntiVirSchedulerService; E:\Avira\AntiVir Desktop\sched.exe [84024 2013-08-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; E:\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; E:\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-07] (Avira Operations GmbH & Co. KG)
S2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel(R) Corporation)
S2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] ()
S2 ISSM; C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel(R) Corporation)
S2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [493048 2010-06-15] (Check Point Software Technologies)
S2 M1 Server; C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S2 MCLServiceATL; C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel(R) Corporation)
S2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel(R) Corporation)
S2 Polar Daemon; C:\Program Files\Polar\Daemon\polard.exe [411648 2012-04-02] ()
S2 QualityManager; C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel(R) Corporation)
S2 RalinkRegistryWriter; C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe [69632 2008-04-23] (Ralink Technology, Corp.)
S2 Remote UI Service; C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel(R) Corporation)
S2 SBSDWSCService; E:\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 vsmon; C:\Windows\System32\ZoneLabs\vsmon.exe [2435592 2010-06-28] (Check Point Software Technologies LTD)
S2 Winmgmt; C:\PROGRA~2\jq90.dat [117760 2013-08-07] (Microsoft Corporation)
S2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [99344 2010-07-15] (ATI Technologies, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-08-07] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-08-07] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-07] (Avira Operations GmbH & Co. KG)
S3 CMISTOR; C:\Windows\System32\DRIVERS\cmiucr.SYS [93056 2007-01-12] (C-Media Corporation)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx86.sys [27136 2012-04-09] (CSR/PLT)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
S3 GigasetGenericUSB; C:\Windows\System32\DRIVERS\GigasetGenericUSB.sys [44032 2009-02-20] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2009-07-19] (Intel Corporation)
S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [26872 2010-06-15] (Check Point Software Technologies)
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [22016 2007-10-11] ()
S2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [30336 2003-04-04] (Politecnico di Torino)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908832 2007-07-17] (NXP Semiconductors Germany GmbH)
S3 RT2500USB; C:\Windows\System32\DRIVERS\rt2500usb.sys [245376 2005-10-18] (Ralink Technology Inc.)
S3 rt70x86; C:\Windows\System32\DRIVERS\netr70.sys [306016 2010-04-27] (Ralink Technology Corp.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-07] (Avira GmbH)
S0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [902592 2009-07-27] (Acronis)
S2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2009-07-27] (Acronis)
S3 TSHWMDTCP; C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [457304 2010-05-15] (Check Point Software Technologies LTD)
S3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-30 19:26 - 2011-11-27 17:12 - 00000000 ____D C:\ProgramData\FLEXnet
2013-08-30 19:26 - 2009-09-19 19:44 - 00000000 ____D C:\Users\Admin\Documents\Adobe
2013-08-08 09:33 - 2013-08-08 09:33 - 00000000 ____D C:\FRST
2013-08-07 23:46 - 2013-08-07 23:46 - 00000761 _____ C:\Windows\System32\09qj.lnk
2013-08-07 23:18 - 2013-08-07 23:18 - 00117760 _____ (Microsoft Corporation) C:\ProgramData\jq90.dat
2013-08-07 23:11 - 2013-08-07 23:11 - 00001960 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-08-07 23:11 - 2013-08-07 23:11 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-08-07 23:11 - 2013-08-07 23:11 - 00000000 ____D C:\ProgramData\McAfee
2013-08-07 23:11 - 2013-08-07 23:11 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-08-07 22:22 - 2013-08-07 22:22 - 00001984 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-07 14:04 - 2013-08-07 14:04 - 00000000 ____D C:\ProgramData\APN
2013-08-07 13:54 - 2013-08-07 13:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Avira
2013-08-07 13:49 - 2013-08-07 13:30 - 00135136 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-08-07 13:49 - 2013-08-07 13:30 - 00084744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-08-07 13:49 - 2013-08-07 13:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-08-07 13:49 - 2013-08-07 13:30 - 00028520 _____ (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-08-05 13:00 - 2013-08-05 13:00 - 00002086 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-29 21:55 - 2013-07-29 21:55 - 00142776 _____ C:\Windows\Minidump\Mini072913-01.dmp
2013-07-29 21:53 - 2013-08-07 23:45 - 00005416 _____ C:\Windows\PFRO.log
2013-07-29 21:53 - 2013-07-29 21:53 - 247655990 _____ C:\Windows\MEMORY.DMP
2013-07-27 10:21 - 2013-07-27 10:21 - 00000796 _____ C:\Windows\setupact.log
2013-07-27 10:21 - 2013-07-27 10:21 - 00000000 _____ C:\Windows\setuperr.log
2013-07-27 09:23 - 2013-07-27 09:23 - 00000000 ____D C:\Users\User\Documents\default
2013-07-14 02:19 - 2013-05-29 02:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-14 02:19 - 2013-05-29 02:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-14 02:19 - 2013-05-29 02:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-14 02:19 - 2013-05-29 02:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-14 02:19 - 2013-05-29 02:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-14 02:19 - 2013-05-29 02:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-14 02:19 - 2013-05-29 02:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-14 02:19 - 2013-05-29 02:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-14 02:19 - 2013-05-29 02:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-14 02:19 - 2013-05-29 02:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-14 02:19 - 2013-05-29 02:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-14 02:19 - 2013-05-29 02:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-14 02:19 - 2013-05-29 02:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-14 02:19 - 2013-05-29 02:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-14 02:19 - 2013-05-29 02:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-14 02:18 - 2013-05-29 02:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-13 10:00 - 2013-06-04 02:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-13 09:56 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-13 09:56 - 2013-05-08 05:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-13 09:56 - 2013-04-17 12:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-13 09:56 - 2013-04-17 12:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-13 09:56 - 2013-04-17 12:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-13 09:56 - 2013-04-17 12:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-13 09:56 - 2013-04-17 11:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-13 09:56 - 2013-04-17 11:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-13 09:56 - 2013-04-17 11:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-13 09:56 - 2013-04-17 11:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-13 09:56 - 2013-04-17 11:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll

==================== One Month Modified Files and Folders =======

2013-08-08 09:33 - 2013-08-08 09:33 - 00000000 ____D C:\FRST
2013-08-08 07:35 - 2009-07-18 20:17 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-08-08 07:34 - 2006-11-02 13:47 - 00003264 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-08 07:34 - 2006-11-02 13:47 - 00003264 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-08 07:33 - 2009-07-18 20:16 - 01862098 _____ C:\Windows\WindowsUpdate.log
2013-08-07 23:55 - 2009-07-27 11:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-08-07 23:46 - 2013-08-07 23:46 - 00000761 _____ C:\Windows\System32\09qj.lnk
2013-08-07 23:45 - 2013-07-29 21:53 - 00005416 _____ C:\Windows\PFRO.log
2013-08-07 23:18 - 2013-08-07 23:18 - 00117760 _____ (Microsoft Corporation) C:\ProgramData\jq90.dat
2013-08-07 23:12 - 2009-07-27 12:09 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-08-07 23:11 - 2013-08-07 23:11 - 00001960 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-08-07 23:11 - 2013-08-07 23:11 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-08-07 23:11 - 2013-08-07 23:11 - 00000000 ____D C:\ProgramData\McAfee
2013-08-07 23:11 - 2013-08-07 23:11 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-08-07 23:11 - 2013-04-02 19:16 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-08-07 23:11 - 2013-04-02 19:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-08-07 22:22 - 2013-08-07 22:22 - 00001984 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-07 22:22 - 2009-07-27 11:32 - 00000000 ____D C:\Program Files\Google
2013-08-07 22:19 - 2009-08-23 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Google
2013-08-07 21:14 - 2010-07-17 22:53 - 00000000 ____D C:\Users\User\AppData\Local\FreePDF_XP
2013-08-07 21:13 - 2010-07-17 22:39 - 00004020 _____ C:\fpRedmon.log
2013-08-07 14:04 - 2013-08-07 14:04 - 00000000 ____D C:\ProgramData\APN
2013-08-07 13:54 - 2013-08-07 13:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Avira
2013-08-07 13:50 - 2006-11-02 11:33 - 01473770 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-07 13:49 - 2011-11-27 18:29 - 00000000 ____D C:\ProgramData\Avira
2013-08-07 13:30 - 2013-08-07 13:49 - 00135136 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-08-07 13:30 - 2013-08-07 13:49 - 00084744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-08-07 13:30 - 2013-08-07 13:49 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-08-07 13:30 - 2013-08-07 13:49 - 00028520 _____ (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-08-05 13:00 - 2013-08-05 13:00 - 00002086 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-31 23:24 - 2009-08-08 21:30 - 00071680 _____ C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-29 23:03 - 2009-07-24 21:40 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2013-07-29 21:55 - 2013-07-29 21:55 - 00142776 _____ C:\Windows\Minidump\Mini072913-01.dmp
2013-07-29 21:55 - 2010-03-20 14:26 - 00000000 ____D C:\Windows\Minidump
2013-07-29 21:53 - 2013-07-29 21:53 - 247655990 _____ C:\Windows\MEMORY.DMP
2013-07-27 10:21 - 2013-07-27 10:21 - 00000796 _____ C:\Windows\setupact.log
2013-07-27 10:21 - 2013-07-27 10:21 - 00000000 _____ C:\Windows\setuperr.log
2013-07-27 09:23 - 2013-07-27 09:23 - 00000000 ____D C:\Users\User\Documents\default
2013-07-14 03:09 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-14 02:59 - 2006-11-02 13:47 - 02210472 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-14 02:57 - 2011-12-03 02:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-14 02:55 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-07-14 02:21 - 2006-11-02 11:24 - 75699896 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-07-14 02:06 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 09:27 - 2009-08-19 21:06 - 00000000 ____D C:\Users\User\AppData\Roaming\Mp3tag

Files to move or delete:
====================
C:\ProgramData\jq90.dat

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-31 21:01:11
Restore point made on: 2013-08-02 16:21:25
Restore point made on: 2013-08-05 14:26:51
Restore point made on: 2013-08-06 16:11:50
Restore point made on: 2013-08-07 15:36:42

==================== Memory info =========================== 

Percentage of memory in use: 22%
Total physical RAM: 2045.88 MB
Available physical RAM: 1594.95 MB
Total Pagefile: 1861.66 MB
Available Pagefile: 1697.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.5 MB

==================== Drives ================================

Drive c: (Windows Vista) (Fixed) (Total:58.59 GB) (Free:6.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Windows 8 CP) (Fixed) (Total:39.06 GB) (Free:28.32 GB) NTFS
Drive e: (Programme) (Fixed) (Total:146.48 GB) (Free:79.18 GB) NTFS
Drive f: (Daten) (Fixed) (Total:1153.12 GB) (Free:454.45 GB) NTFS
Drive h: (MEDHOPRDEU) (CDROM) (Total:2.39 GB) (Free:0 GB) CDFS
Drive j: () (Removable) (Total:0.49 GB) (Free:0.37 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 913912F5)
Partition 1: (Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=-960867860480) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 500 MB) (Disk ID: 007CE597)
Partition 1: (Active) - (Size=500 MB) - (Type=06)


LastRegBack: 2013-08-08 07:58

==================== End Of Log ============================
Wre kann mir bei den Angaben für die Datei Fixlist.txt helfen.

Vielen Dank

Alt 08.08.2013, 09:15   #2
schrauber
/// the machine
/// TB-Ausbilder
 
PC durch "Interpol Trojaner" gesperrt - Standard

PC durch "Interpol Trojaner" gesperrt


hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\09qj.lnk
ShortcutTarget: 09qj.lnk -> C:\Users\Admin\AppData\Local\Temp\jq90.dat (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.~lock.Aufgaben_privat.xls# ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\09qj.lnk
ShortcutTarget: 09qj.lnk -> c:\progra~2\jq90.dat (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Aufgaben_privat.xls ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vxtoivckjmpvfifpkwm.lnk
ShortcutTarget: vxtoivckjmpvfifpkwm.lnk -> C:\Users\User\AppData\Local\Temp\mwkpfifvpmjkcviotxv.bfg (Microsoft Corporation)
2013-08-07 23:46 - 2013-08-07 23:46 - 00000761 _____ C:\Windows\System32\09qj.lnk
2013-08-07 23:18 - 2013-08-07 23:18 - 00117760 _____ (Microsoft Corporation) C:\ProgramData\jq90.dat
C:\Users\User\AppData\Local\Temp\mwkpfifvpmjkcviotxv.bfg
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________

__________________
Alt 08.08.2013, 09:28   #3
hollepit
 
PC durch "Interpol Trojaner" gesperrt - Standard

PC durch "Interpol Trojaner" gesperrt


Hallo Schrauber,

hier der Inhalt des Fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-08-2013
Ran by SYSTEM at 2013-08-08 10:24:47 Run:1
Running from I:\
Boot Mode: Recovery

==============================================

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\09qj.lnk => Moved successfully.
C:\Users\Admin\AppData\Local\Temp\jq90.dat => Moved successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.~lock.Aufgaben_privat.xls# => Moved successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\09qj.lnk => Moved successfully.
c:\progra~2\jq90.dat => Moved successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Aufgaben_privat.xls => Moved successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk => Moved successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vxtoivckjmpvfifpkwm.lnk => Moved successfully.
C:\Users\User\AppData\Local\Temp\mwkpfifvpmjkcviotxv.bfg => Moved successfully.
C:\Windows\System32\09qj.lnk => Moved successfully.
"C:\ProgramData\jq90.dat" => File/Directory not found.
"C:\Users\User\AppData\Local\Temp\mwkpfifvpmjkcviotxv.bfg" => File/Directory not found.

==== End of Fixlog ====
__________________
Alt 08.08.2013, 11:58   #4
schrauber
/// the machine
/// TB-Ausbilder
 
PC durch "Interpol Trojaner" gesperrt - Standard

PC durch "Interpol Trojaner" gesperrt


Rechner neu und normal starten
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu PC durch "Interpol Trojaner" gesperrt
adobe, antivir, association, avg, avira, defender, explorer, farbar, farbar recovery scan tool, fixlist.txt, gesperrt, google, home, interpol trojaner, logfile, minidump, mozilla, mp3, realtek, registry, safer networking, security, server, services.exe, software, svchost.exe, system, temp, trojaner, usb, vista, winlogon.exe


« Plugin-container defekt,ständige abstürze und langsame ladezeit virus? | MyStart by Incredibar bei Mozilla Firefox entfernen »


Ähnliche Themen: PC durch "Interpol Trojaner" gesperrt


  1. Meldung Sperrung des Browsers durch "Interpol" mit Paysafe Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 29.06.2015 (14)
  2. Win7 64bit gesperrt von "schweizer Interpol"
    Plagegeister aller Art und deren Bekämpfung - 02.06.2014 (5)
  3. PC durch interpol Trojaner gesperrt
    Log-Analyse und Auswertung - 01.06.2014 (10)
  4. Win7 64bit gesperrt von "schweizer Interpol"
    Mülltonne - 30.05.2014 (0)
  5. 2x Computer gesperrt durch "BKA" ...Logfiles erstellt, aber konnten nicht gesendet werden -
    Mülltonne - 18.03.2014 (1)
  6. Videoquelle wählen -> Bildschirm gesperrt durch "BundesNachrichtenDienst"
    Plagegeister aller Art und deren Bekämpfung - 11.11.2013 (9)
  7. Desktop gesperrt, "Interpol-Trojaner"
    Log-Analyse und Auswertung - 04.11.2013 (12)
  8. Virus "gesperrt durch automatische Informationskontrolle"
    Log-Analyse und Auswertung - 25.11.2012 (6)
  9. Bundestrojaner Variante: "Ihr Computer wurde gesperrt"; " Ihr Computer wurde durch das Speichern der autom. Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 25.11.2012 (10)
  10. Trojaner: "ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (2)
  11. Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (22)
  12. "Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 19.09.2012 (1)
  13. "McAfee"-Windows durch Trojaner gesperrt
    Log-Analyse und Auswertung - 29.03.2012 (1)
  14. Windows gesperrt durch "illegale" Software
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (3)
  15. PC durch Trojaner gesperrt "Bundespolizei"
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (17)
  16. Windows gesperrt durch "50 Euro Virus"
    Log-Analyse und Auswertung - 19.02.2012 (28)
  17. Trojaner "Backdoor.Bifrose" ,Fund durch "Spyware Doctor"
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema PC durch "Interpol Trojaner" gesperrt - Hallo, ich habe meinen PC durch den Interpol Trojaner gesperrt bekommen, wie im Beitrag http://www.trojaner-board.de/139493-...gesprerrt.html beschrieben ist. Das FRST Logfile hat folgende Informationen ausgespuckt: Code: Alles auswählen Aufklappen ATTFilter Scan - PC durch "Interpol Trojaner" gesperrt...
Archiv
Du betrachtest: PC durch "Interpol Trojaner" gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131