Interpol Trojaner

Halla80 · 13.11.2013, 22:35

Moin habe schon vom Trojaner gelesen. Befinde mich im abgesicherten Modus. Wenn ich bisher alles richtig gemacht habe dann soll ich jetzt nach dem inst. von Farber Rec. die txt-Datai posten:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2013 01
Ran by Hali (administrator) on HALI-PC on 13-11-2013 22:18:05
Running from C:\Users\Hali\Downloads
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode:

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-21] (Microsoft Corporation)
MountPoints2: {ada87572-1833-11e0-87a2-806e6f6e6963} - E:\noop.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Hali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rejwodlfr.lnk
ShortcutTarget: rejwodlfr.lnk -> C:\PROGRA~3\rfldowjer.dss ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.krafthand.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {16BAD21A-347A-4DB9-8F41-E257E48EA828} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_de
SearchScopes: HKCU - {16BAD21A-347A-4DB9-8F41-E257E48EA828} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_de
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=18
SearchScopes: HKCU - {E3B199F5-2214-46EE-BABC-F8A4650F5859} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=A5F404B4-F148-4CD4-A2A8-AFF3CFB86A6D&apn_sauid=AB6244B3-4157-42F7-8A7C-4CA213AE7ACB
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-05-19] ()
R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [215128 2012-01-18] ()
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [x]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-10-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-10-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131112.002\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-21] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131113.001\ENG64.SYS [126040 2013-10-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131113.001\EX64.SYS [2099288 2013-10-09] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMTDIV.SYS [507992 2013-09-26] (Symantec Corporation)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-13 22:18 - 2013-11-13 22:18 - 00007183 _____ C:\Users\Hali\Downloads\FRST.txt
2013-11-13 22:18 - 2013-11-13 22:18 - 00000000 ____D C:\FRST
2013-11-13 22:13 - 2013-11-13 22:13 - 01957626 _____ (Farbar) C:\Users\Hali\Downloads\FRST64.exe
2013-11-13 18:38 - 2013-11-13 18:38 - 00061536 ____T C:\ProgramData\rejwodlfr.pss
2013-11-13 18:36 - 2013-11-13 18:39 - 00000291 _____ C:\ProgramData\rejwodlfr.reg
2013-11-13 18:35 - 2013-11-13 20:01 - 95025368 ____T C:\ProgramData\rejwodlfr.bxx
2013-11-13 18:35 - 2013-11-13 19:59 - 00000000 _____ C:\ProgramData\rejwodlfr.fvv
2013-11-13 18:35 - 2013-11-13 18:35 - 00151552 _____ C:\ProgramData\rfldowjer.dss
2013-10-29 22:39 - 2013-10-29 22:40 - 95025368 ____T C:\ProgramData\lh7mqjwr.bxx
2013-10-21 18:54 - 2013-10-21 18:54 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security

==================== One Month Modified Files and Folders =======

2013-11-13 22:18 - 2013-11-13 22:18 - 00007183 _____ C:\Users\Hali\Downloads\FRST.txt
2013-11-13 22:18 - 2013-11-13 22:18 - 00000000 ____D C:\FRST
2013-11-13 22:13 - 2013-11-13 22:13 - 01957626 _____ (Farbar) C:\Users\Hali\Downloads\FRST64.exe
2013-11-13 21:57 - 2012-04-07 09:01 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-13 20:13 - 2008-01-21 02:53 - 02094581 _____ C:\Windows\WindowsUpdate.log
2013-11-13 20:04 - 2006-11-02 16:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-13 20:02 - 2006-11-02 16:42 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-13 20:01 - 2013-11-13 18:35 - 95025368 ____T C:\ProgramData\rejwodlfr.bxx
2013-11-13 19:59 - 2013-11-13 18:35 - 00000000 _____ C:\ProgramData\rejwodlfr.fvv
2013-11-13 19:59 - 2006-11-02 16:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-13 19:59 - 2006-11-02 16:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-13 18:45 - 2008-01-21 12:10 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-13 18:45 - 2008-01-21 12:09 - 00628742 _____ C:\Windows\system32\perfh007.dat
2013-11-13 18:45 - 2008-01-21 12:09 - 00126486 _____ C:\Windows\system32\perfc007.dat
2013-11-13 18:39 - 2013-11-13 18:36 - 00000291 _____ C:\ProgramData\rejwodlfr.reg
2013-11-13 18:38 - 2013-11-13 18:38 - 00061536 ____T C:\ProgramData\rejwodlfr.pss
2013-11-13 18:35 - 2013-11-13 18:35 - 00151552 _____ C:\ProgramData\rfldowjer.dss
2013-11-13 18:35 - 2011-01-06 16:42 - 00000000 ___RD C:\Users\Hali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-02 13:22 - 2008-01-21 04:26 - 00156518 _____ C:\Windows\PFRO.log
2013-10-29 22:40 - 2013-10-29 22:39 - 95025368 ____T C:\ProgramData\lh7mqjwr.bxx
2013-10-21 18:54 - 2013-10-21 18:54 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-10-21 18:49 - 2012-08-08 01:05 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-10-21 18:49 - 2011-03-11 16:02 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-10-21 18:48 - 2013-10-09 21:43 - 00002291 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk

Files to move or delete:
====================
C:\ProgramData\rejwodlfr.reg
C:\ProgramData\rfldowjer.dss

Some content of TEMP:
====================
C:\Users\Hali\AppData\Local\Temp\ApnStub.exe
C:\Users\Hali\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Hali\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Hali\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Hali\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Hali\AppData\Local\Temp\ose00000.exe
C:\Users\Hali\AppData\Local\Temp\ose00001.exe
C:\Users\Hali\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Hali\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Hali\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Hali\AppData\Local\Temp\~tmf3629807825291806763.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-13 20:47

Wie es dann weitergeht habe ich aber noch nicht kapiert. Bin auch totaler Anfänger was Pc´s angeht.

Interpol Trojaner

Plagegeister aller Art und deren Bekämpfung: Interpol Trojaner

Interpol Trojaner

Ähnliche Themen: Interpol Trojaner