| |
| |||||||
Log-Analyse und Auswertung: Windows Vista: MSI Nettop: Interpol Trojaner Rechner gesperrtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.10.2013, 17:42
| #1 |
| |  Windows Vista: MSI Nettop: Interpol Trojaner Rechner gesperrt Hallo Trojaner-Board-Helfer, ich habe mir auf meinem Rechner den Interpol Trojaner eingefangen. Der Rechner ist jetzt gesperrt und ich kann nichts mehr machen.  Nach Eurer Anleitung habe ich über die Computerreparaturoption den frst.exe-scan durchgeführt. Inhalt der frst.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by SYSTEM on MINWINPC on 29-10-2013 16:53:03
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [OpwareSE4] - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroCheck] - C:\Windows\System32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [DATAMNGR] - C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe [1890744 2012-07-25] (Bandoo Media, inc)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [SearchSettings] - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [1360192 2013-09-02] (Spigot, Inc.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Happe\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2010-03-12] (Google Inc.)
HKU\Happe\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Happe\...\Run: [MediaGet2] - C:\Users\Happe\AppData\Local\MediaGet2\mediaget.exe [ 2013-02-24] (MediaGet LLC)
HKU\Happe\...\Run: [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe [ 2012-10-30] (PC Utilities Pro)
HKU\Happe\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Happe\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [ 2013-04-05] ()
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll [ 2012-07-25] (Bandoo Media, inc)
Startup: C:\Users\Happe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7oaj6bnb.lnk
ShortcutTarget: 7oaj6bnb.lnk -> C:\PROGRA~2\bnb6jao7.plz (Borland Software Corporation)
BootExecute: autocheck autochk /r \??\C:autocheck autochk *
========================== Services (Whitelisted) =================
S2 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [807800 2013-09-02] (Spigot, Inc.)
S2 BroadCamService; C:\Program Files\NCH Software\BroadCam\broadcam.exe [2584068 2012-08-04] (NCH Software)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S2 NAV; C:\Program Files\Norton AntiVirus\Engine\17.9.0.12\diMaster.dll [135032 2010-04-29] (Symantec Corporation)
S2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)
S2 Winmgmt; C:\PROGRA~2\bnb6jao7.plz [180224 2013-10-14] (Borland Software Corporation)
==================== Drivers (Whitelisted) ====================
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [691248 2010-11-22] (Symantec Corporation)
S1 ccHP; C:\Windows\system32\drivers\NAV\1109000.00C\ccHPx86.sys [485512 2011-08-03] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2010-07-13] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [102448 2010-05-27] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20110111.001\IDSvix86.sys [353912 2010-11-08] (Symantec Corporation)
S3 PDNMp50; C:\Windows\system32\drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\Windows\system32\drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 SRTSP; C:\Windows\System32\Drivers\NAV\1109000.00C\SRTSP.SYS [325680 2010-04-21] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NAV\1109000.00C\SRTSPX.SYS [43696 2010-04-21] (Symantec Corporation)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
S0 SymDS; C:\Windows\System32\drivers\NAV\1109000.00C\SYMDS.SYS [328752 2009-08-29] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NAV\1109000.00C\SYMEFA.SYS [173176 2011-08-21] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2010-01-06] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NAV\1109000.00C\Ironx86.SYS [116784 2010-04-28] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1109000.00C\SYMTDIV.SYS [340088 2011-08-21] (Symantec Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20110111.037\NAVENG.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20110111.037\NAVEX15.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-29 16:52 - 2013-10-29 16:52 - 00000000 ____D C:\FRST
2013-10-29 02:41 - 2013-09-22 02:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-29 02:41 - 2013-09-22 02:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-29 02:41 - 2013-09-22 02:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-29 02:41 - 2013-09-22 02:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-10-29 02:41 - 2013-09-22 02:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-29 02:41 - 2013-09-22 02:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-29 02:41 - 2013-09-22 02:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-10-29 02:41 - 2013-09-22 02:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-29 02:41 - 2013-09-22 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-10-29 02:41 - 2013-09-22 02:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-29 02:41 - 2013-09-22 02:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-10-29 02:41 - 2013-09-22 02:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-29 02:41 - 2013-09-22 02:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-29 02:41 - 2013-09-22 02:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-29 02:41 - 2013-09-22 02:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-10-29 02:41 - 2013-09-22 01:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-29 02:37 - 2013-10-29 02:37 - 00000000 ____D C:\ProgramData\UUdb
2013-10-29 02:27 - 2013-10-29 02:27 - 00000000 ____D C:\Users\Happe\AppData\Local\Canon Easy-PhotoPrint EX
2013-10-29 02:26 - 2013-10-29 02:26 - 00001929 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-14 22:19 - 2013-10-14 22:19 - 01303552 ____T C:\ProgramData\7oaj6bnb.fki
2013-10-14 22:16 - 2013-10-29 06:12 - 95025368 ____T C:\ProgramData\7oaj6bnb.pff
2013-10-14 22:16 - 2013-10-29 05:56 - 00000000 _____ C:\ProgramData\7oaj6bnb.ctrl
2013-10-14 22:16 - 2013-10-14 22:16 - 00180224 _____ (Borland Software Corporation) C:\ProgramData\bnb6jao7.plz
2013-10-14 22:11 - 2013-08-28 23:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-14 22:11 - 2013-08-26 18:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-10-14 22:11 - 2013-08-26 18:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-10-14 22:11 - 2013-08-26 18:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-10-14 22:11 - 2013-08-26 18:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-10-14 22:11 - 2013-08-26 17:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-10-14 22:11 - 2013-08-26 17:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-10-14 22:11 - 2013-08-26 17:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-10-14 22:11 - 2013-08-26 17:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-10-14 22:11 - 2013-08-26 17:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-10-14 22:11 - 2013-07-31 19:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-14 22:11 - 2013-07-31 18:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-10-14 22:11 - 2013-07-20 02:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-14 22:11 - 2013-06-28 18:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-14 22:11 - 2013-06-28 18:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-14 22:11 - 2013-06-28 18:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-14 22:11 - 2013-06-28 18:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-14 22:11 - 2011-05-05 05:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-14 22:11 - 2011-05-05 05:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-14 22:10 - 2013-07-03 20:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-14 22:10 - 2013-07-02 18:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-14 22:10 - 2013-07-02 18:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-14 22:10 - 2013-06-26 15:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-14 22:10 - 2013-06-26 15:01 - 00047720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-10-14 22:10 - 2013-06-26 15:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-10-14 22:10 - 2013-06-03 20:16 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-14 22:10 - 2013-06-03 17:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
==================== One Month Modified Files and Folders =======
2013-10-29 16:52 - 2013-10-29 16:52 - 00000000 ____D C:\FRST
2013-10-29 07:46 - 2006-11-02 04:47 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 07:46 - 2006-11-02 04:47 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 06:14 - 2010-01-06 04:11 - 01777833 _____ C:\Windows\WindowsUpdate.log
2013-10-29 06:12 - 2013-10-14 22:16 - 95025368 ____T C:\ProgramData\7oaj6bnb.pff
2013-10-29 06:03 - 2010-10-21 03:09 - 00001940 _____ C:\Users\Happe\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2013-10-29 05:56 - 2013-10-14 22:16 - 00000000 _____ C:\ProgramData\7oaj6bnb.ctrl
2013-10-29 05:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-29 05:19 - 2006-11-02 04:47 - 00240408 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-29 05:11 - 2013-10-29 02:27 - 00000000 ____D C:\Users\Happe\AppData\Local\Canon Easy-PhotoPrint EX
2013-10-29 02:58 - 2008-11-29 03:15 - 01468714 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-29 02:57 - 2013-02-17 02:16 - 00001981 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-29 02:53 - 2013-08-19 09:28 - 00000000 ____D C:\Windows\System32\MRT
2013-10-29 02:45 - 2006-11-02 02:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-10-29 02:37 - 2013-10-29 02:37 - 00000000 ____D C:\ProgramData\UUdb
2013-10-29 02:37 - 2011-12-06 00:21 - 00000000 ____D C:\Program Files\1und1Softwareaktualisierung
2013-10-29 02:26 - 2013-10-29 02:26 - 00001929 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-29 02:26 - 2011-05-29 02:01 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-29 02:20 - 2008-01-20 18:47 - 00030708 _____ C:\Windows\PFRO.log
2013-10-14 22:19 - 2013-10-14 22:19 - 01303552 ____T C:\ProgramData\7oaj6bnb.fki
2013-10-14 22:16 - 2013-10-14 22:16 - 00180224 _____ (Borland Software Corporation) C:\ProgramData\bnb6jao7.plz
Files to move or delete:
====================
C:\ProgramData\7oaj6bnb.ctrl
C:\ProgramData\7oaj6bnb.pff
C:\ProgramData\bnb6jao7.plz
Some content of TEMP:
====================
C:\Users\Happe\AppData\Local\Temp\doxillionsetup.exe
C:\Users\Happe\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Happe\AppData\Local\Temp\uninstall.exe
C:\Users\Happe\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe
C:\Users\Happe\AppData\Local\Temp\~tmf7602829900083398628.dll
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
2
Restore point made on: 2013-10-14 22:08:06
Restore point made on: 2013-10-29 02:26:28
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 2038.64 MB
Available physical RAM: 1764.11 MB
Total Pagefile: 1972.02 MB
Available Pagefile: 1828.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.82 MB
==================== Drives ================================
Drive c: (OS_Install) (Fixed) (Total:39.06 GB) (Free:4.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:420.84 GB) (Free:390.02 GB) NTFS
Drive g: () (Removable) (Total:3.82 GB) (Free:0.82 GB) FAT32
Drive x: (WinRE) (Fixed) (Total:5.86 GB) (Free:1.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 76A21766)
Partition 1: (Not Active) - (Size=6 GB) - (Type=27)
Partition 2: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=421 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 6E652072)
No partition Table on disk 2.
LastRegBack: 2013-10-29 06:01
==================== End Of Log ============================
Wie kann und soll ich weiter vorgehen? Besten Dank im Voraus und viele Grüße Ingrid |
| Themen zu Windows Vista: MSI Nettop: Interpol Trojaner Rechner gesperrt |
| adobe, antivirus, association, bandoo, cdburnerxp, defender, desktop, dll, explorer, explorer.exe, farbar, farbar recovery scan tool, gesperrt, google, home, microsoft, realtek, registry, rundll, security, services.exe, software, svchost.exe, symantec, system, temp, trojaner, vista, windows, winlogon.exe |
Baum-Darstellung