Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Interpol Trojaner - Sperschirm//FRST.Log schon angehängt

Interpol Trojaner - Sperschirm//FRST.Log schon angehängt


Plagegeister aller Art und deren Bekämpfung: Interpol Trojaner - Sperschirm//FRST.Log schon angehängt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.08.2013, 16:43   #1
Oliver Ekni
 
Interpol Trojaner - Sperschirm//FRST.Log schon angehängt - Standard

Interpol Trojaner - Sperschirm//FRST.Log schon angehängt


Guten Tag,

ich habe das Problem das ich seit gestern einen Interpol Trojaner eingefangen habe.

Ich habe bereits ein FRST Scan duchgeführt und diesen auch angehängt.
allerdings hat der Scan nur über den abgesicherten Modus funktioniert.
Ich konnte über die Systemwiederherstellung nicht auf meinen USB Stick zugreifen.
Macht dies einen gravierenden Unterschied?

Kann es sein das dies der Übeltäter ist?
Code:
ATTFilter
ShortcutTarget: srenywvbgpqptdglxfe.lnk -> C:\Users\User\AppData\Local\Temp\efxlgdtpqpgbvwyners.bfg ()
Über eine schnelle Hilfe würde ich mich freuen.

Viele Grüße


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by User (administrator) on 09-08-2013 17:37:09
Running from J:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\userinit.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Zune Launcher] - c:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1807272 2013-07-27] (Valve Corporation)
HKCU\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.5\ICQ.exe [124480 2011-08-01] (ICQ, LLC.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)
HKCU\...\Run: [Google Update] - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-08] (Google Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe [846288 2013-07-25] (Google Inc.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MySig.lnk
ShortcutTarget: MySig.lnk -> C:\Program Files (x86)\MySig.exe (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srenywvbgpqptdglxfe.lnk
ShortcutTarget: srenywvbgpqptdglxfe.lnk -> C:\Users\User\AppData\Local\Temp\efxlgdtpqpgbvwyners.bfg ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=3a61a3f7000000000000701a04407626
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - DefaultScope {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 - {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKCU - DefaultScope {8D1DAE29-1D72-4A00-9DCF-CA352A457B5D} URL = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=3a61a3f7000000000000701a04407626&q={searchTerms}&r=77
SearchScopes: HKCU - {06DFFB3D-6221-4383-940E-1857E790E60C} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {8D1DAE29-1D72-4A00-9DCF-CA352A457B5D} URL = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=3a61a3f7000000000000701a04407626&q={searchTerms}&r=77
SearchScopes: HKCU - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKCU - {E310FE3E-9079-407F-86B2-E6A5D0718325} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\user.js
FF NetworkProxy: "type", 0
FF Homepage: hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=3a61a3f7000000000000701a04407626
FF SelectedSearchEngine: blekko
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF Plugin-x32: @esn/esnlaunch,version=1.116.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\spamfreesearch.xml
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF Extension: ciuvo-extension - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\Extensions\ciuvo-extension@icq.de.xpi
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-12] (Adobe Systems)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-03-11] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-06-06] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-07] (DT Soft Ltd)
S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-06-06] ()
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 MEMSWEEP2; C:\Windows\system32\4431.tmp [6144 2010-05-26] (Sophos Plc)
S3 MEMSWEEP2; C:\Windows\system32\4431.tmp [6144 2010-05-26] (Sophos Plc)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-09 17:37 - 2013-08-09 17:37 - 00000000 ____D C:\FRST
2013-08-08 22:13 - 2013-08-08 22:13 - 00000165 _____ C:\ProgramData\srenywvbgpqptdglxfe.reg
2013-08-08 22:13 - 2013-08-08 22:13 - 00000070 _____ C:\ProgramData\srenywvbgpqptdglxfe.bat
2013-07-26 02:01 - 2013-07-26 02:01 - 00000000 ____D C:\Users\User\Documents\NCSOFT
2013-07-25 08:47 - 2013-07-25 08:47 - 00001066 _____ C:\Users\User\Desktop\Wildstar.exe - Verknüpfung.lnk
2013-07-24 18:16 - 2013-07-24 18:16 - 00000000 ____D C:\Users\User\AppData\Roaming\NCSOFT
2013-07-18 18:48 - 2013-07-25 21:40 - 00000000 ____D C:\Users\User\AppData\Roaming\ICQ

==================== One Month Modified Files and Folders =======

2013-08-10 03:16 - 2013-08-10 03:16 - 00000000 ____D C:\ProgramData\Recovery
2013-08-09 17:37 - 2013-08-09 17:37 - 00000000 ____D C:\FRST
2013-08-09 17:37 - 2012-04-29 16:31 - 00000000 ____D C:\Users\User\AppData\Roaming\NetSpeedMonitor
2013-08-09 17:36 - 2012-11-13 21:10 - 00000000 _____ C:\Windows\system32\Ikeext.etl
2013-08-09 17:31 - 2009-09-22 17:27 - 00880272 _____ C:\Windows\PFRO.log
2013-08-09 17:30 - 2009-09-22 17:28 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-09 17:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 17:30 - 2009-07-14 06:51 - 02322340 _____ C:\Windows\setupact.log
2013-08-09 17:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-08-08 22:25 - 2013-01-07 18:51 - 00000000 ___RD C:\Users\User\Dropbox
2013-08-08 22:25 - 2013-01-07 18:49 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2013-08-08 22:25 - 2011-05-09 15:11 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-08 22:22 - 2009-10-16 11:58 - 01718123 _____ C:\Windows\WindowsUpdate.log
2013-08-08 22:22 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-08 22:22 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-08 22:13 - 2013-08-08 22:13 - 00000165 _____ C:\ProgramData\srenywvbgpqptdglxfe.reg
2013-08-08 22:13 - 2013-08-08 22:13 - 00000070 _____ C:\ProgramData\srenywvbgpqptdglxfe.bat
2013-08-08 22:13 - 2009-11-04 13:29 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-08 22:00 - 2012-08-08 10:21 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4130136908-467914500-1083429523-1000UA.job
2013-08-08 22:00 - 2010-09-05 13:53 - 00000000 ____D C:\Users\User\AppData\Local\PMB Files
2013-08-08 22:00 - 2010-09-05 13:53 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-08 22:00 - 2010-05-18 19:54 - 00000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2013-08-08 20:00 - 2012-08-08 10:21 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4130136908-467914500-1083429523-1000Core.job
2013-08-04 21:35 - 2010-08-23 21:40 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-07-30 19:02 - 2012-08-08 10:22 - 00002361 _____ C:\Users\User\Desktop\Google Chrome.lnk
2013-07-30 18:21 - 2009-09-23 03:14 - 00762144 _____ C:\Windows\system32\perfh007.dat
2013-07-30 18:21 - 2009-09-23 03:14 - 00172530 _____ C:\Windows\system32\perfc007.dat
2013-07-30 18:21 - 2009-07-14 07:13 - 01796610 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-26 02:01 - 2013-07-26 02:01 - 00000000 ____D C:\Users\User\Documents\NCSOFT
2013-07-25 21:40 - 2013-07-18 18:48 - 00000000 ____D C:\Users\User\AppData\Roaming\ICQ
2013-07-25 08:47 - 2013-07-25 08:47 - 00001066 _____ C:\Users\User\Desktop\Wildstar.exe - Verknüpfung.lnk
2013-07-24 20:02 - 2013-04-22 19:20 - 00014059 _____ C:\Windows\system32\lvcoinst.log
2013-07-24 18:16 - 2013-07-24 18:16 - 00000000 ____D C:\Users\User\AppData\Roaming\NCSOFT
2013-07-24 15:39 - 2010-05-18 19:05 - 00000000 ____D C:\Spiele
2013-07-24 15:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-23 08:37 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-18 18:58 - 2010-07-10 11:21 - 00002082 ____H C:\Users\User\Documents\Default.rdp
2013-07-18 18:50 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-12 19:55 - 2012-08-08 10:21 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4130136908-467914500-1083429523-1000UA
2013-07-12 19:55 - 2012-08-08 10:21 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4130136908-467914500-1083429523-1000Core
2013-07-10 19:07 - 2010-08-23 21:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-10 19:07 - 2010-08-23 21:40 - 00000000 ____D C:\ProgramData\Skype

Files to move or delete:
====================
C:\ProgramData\srenywvbgpqptdglxfe.bat
C:\ProgramData\srenywvbgpqptdglxfe.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-24 16:19

==================== End Of Log ============================
--- --- ---
 

Themen zu Interpol Trojaner - Sperschirm//FRST.Log schon angehängt
administrator, adobe, browser, desktop, explorer, farbar, farbar recovery scan tool, google, helper, home, homepage, iexplore.exe, lws.exe, microsoft, mozilla, performance, plug-in, problem, registry, scan, server, services.exe, software, stick, svchost.exe, temp, trojaner, usb, winlogon.exe


« TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 | Windows 7: C:\Program files\Desktop\Google\...usw-> TR/Sirefef.A.37 und TR/ATRAPS.Gen2, Antivir kann Sie nicht in die Quarantäne verschieben »


Ähnliche Themen: Interpol Trojaner - Sperschirm//FRST.Log schon angehängt


  1. ich habe einen Virus eingefangen der aus FRST.txt ein FRST.txt!___prosschiff@gmail.com_ macht
    Log-Analyse und Auswertung - 27.09.2015 (3)
  2. GVU Trojaner Interpol Merkel - Windows XP x86 - OTL.txt schon erstellt
    Plagegeister aller Art und deren Bekämpfung - 22.05.2014 (24)
  3. Windows 7: Interpol-Trojaner, FRST-Scan angefügt
    Log-Analyse und Auswertung - 02.04.2014 (10)
  4. Interpol Virus - FRST.exe
    Plagegeister aller Art und deren Bekämpfung - 25.03.2014 (21)
  5. Interpol Trojaner Windows 7 Statusfenster von frst erscheint nicht
    Log-Analyse und Auswertung - 08.12.2013 (3)
  6. FRST.txt nach Interpol-Polizei Trojaner/Virus
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (3)
  7. WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan
    Log-Analyse und Auswertung - 10.10.2013 (14)
  8. GVU Trojaner! FRST scan schon durchgeführt, wie gehts weiter?
    Log-Analyse und Auswertung - 16.09.2013 (10)
  9. Interpol Trojaner hat PC gesperrt - frst Scan bereits durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (7)
  10. Interpol Trojaner - FRST Logfile includiert
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (13)
  11. Interpol Trojaner - Logfile schon angehängt
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (3)
  12. Weißer Bildschirm nach Neustart, scan via FRST.exe --> FRST.txt
    Log-Analyse und Auswertung - 06.08.2013 (5)
  13. GVU Trojaner - PC gesperrt - defogger + OTL-Log angehängt
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (5)
  14. Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)
    Log-Analyse und Auswertung - 08.08.2012 (18)
  15. GVU Trojaner 2.07 / Logfiles angehängt
    Log-Analyse und Auswertung - 30.07.2012 (8)
  16. Bundespolizei-Trojaner, OTL-Logs angehängt
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (5)
  17. 50 € Trojaner, Win XP, OTL Logfiles angehängt
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (36)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Interpol Trojaner - Sperschirm//FRST.Log schon angehängt - Guten Tag, ich habe das Problem das ich seit gestern einen Interpol Trojaner eingefangen habe. Ich habe bereits ein FRST Scan duchgeführt und diesen auch angehängt. allerdings hat der Scan - Interpol Trojaner - Sperschirm//FRST.Log schon angehängt...
Archiv
Du betrachtest: Interpol Trojaner - Sperschirm//FRST.Log schon angehängt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131