Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
InterpoolVirus

InterpoolVirus


Plagegeister aller Art und deren Bekämpfung: InterpoolVirus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 21.11.2013, 02:17   #1
asoka90
 
InterpoolVirus - Standard

InterpoolVirus


Hihi,
bin neu hier und hoffe habe alles richtig gepostet. Bitte um Help.
Lg

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by SYSTEM on MININT-9K447DJ on 21-11-2013 02:10:35
Running from E:\
Windows 8 (X64) OS Language: English(UK)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-11-11] (LogMeIn Inc.)
HKU\ErnstFriedlinde\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-03] ()
HKU\ErnstFriedlinde\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [203112 2012-10-12] (NVIDIA Corporation)
Startup: C:\Users\ErnstFriedlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgdjw9d.lnk
ShortcutTarget: tgdjw9d.lnk -> C:\PROGRA~3\d9wjdgt.dss (Корпорация Майкрософт)
Startup: C:\Users\ErnstFriedlinde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w2jw2bmq.lnk
ShortcutTarget: w2jw2bmq.lnk -> C:\PROGRA~3\qmb2wj2w.dss (Корпорация Майкрософт)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
S2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
S2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\w2jw2bmq.pss [61028 2013-11-20] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-19] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132600 2013-11-19] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-07-28] (DT Soft Ltd)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
S2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-21 00:32 - 2013-11-21 00:32 - 00000000 ____D C:\FRST
2013-11-20 15:06 - 2013-11-20 15:06 - 00000285 _____ C:\ProgramData\w2jw2bmq.reg
2013-11-20 15:05 - 2013-11-21 00:58 - 95025368 ____T C:\ProgramData\w2jw2bmq.bxx
2013-11-20 15:05 - 2013-11-21 00:58 - 95025368 ____T C:\ProgramData\tgdjw9d.bxx
2013-11-20 15:05 - 2013-11-21 00:58 - 00000000 _____ C:\ProgramData\w2jw2bmq.fvv
2013-11-20 15:05 - 2013-11-21 00:58 - 00000000 _____ C:\ProgramData\tgdjw9d.fvv
2013-11-20 15:05 - 2013-11-20 15:05 - 00221184 _____ (Корпорация Майкрософт) C:\ProgramData\qmb2wj2w.dss
2013-11-20 15:05 - 2013-11-20 15:05 - 00221184 _____ (Корпорация Майкрософт) C:\ProgramData\d9wjdgt.dss
2013-11-20 15:05 - 2013-11-20 15:05 - 00061028 ____T (Microsoft Corporation) C:\ProgramData\w2jw2bmq.pss
2013-11-20 15:05 - 2013-11-20 15:05 - 00061028 ____T (Microsoft Corporation) C:\ProgramData\tgdjw9d.pss
2013-11-16 11:08 - 2013-11-16 11:08 - 00303464 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-15 19:02 - 2013-11-05 22:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-15 19:02 - 2013-11-05 22:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-14 18:03 - 2013-10-10 11:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwfs.sys
2013-11-14 18:03 - 2013-10-10 09:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-14 18:03 - 2013-10-10 09:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\System32\BFE.DLL
2013-11-14 18:03 - 2013-10-02 23:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-14 18:03 - 2013-10-01 23:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 18:03 - 2013-10-01 23:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-14 18:03 - 2013-10-01 22:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 18:03 - 2013-09-14 01:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-11-14 18:03 - 2013-09-13 22:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-14 18:03 - 2013-09-13 22:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-14 18:03 - 2013-09-13 22:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-14 18:03 - 2013-09-13 22:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-14 18:03 - 2013-09-13 22:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-14 18:03 - 2013-09-13 22:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-11-14 18:03 - 2013-09-13 22:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-11-14 18:03 - 2013-09-13 22:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-11-14 18:03 - 2013-09-13 22:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-11-14 18:03 - 2013-09-13 22:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2013-11-14 18:03 - 2013-09-13 22:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2013-11-14 18:03 - 2013-09-13 22:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2013-11-14 18:03 - 2013-09-13 22:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-11-14 18:03 - 2013-09-13 22:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-11-14 18:03 - 2013-09-04 03:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-14 18:03 - 2013-08-30 05:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2013-11-14 18:03 - 2013-08-30 05:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\System32\UIAutomationCore.dll
2013-11-14 18:03 - 2013-08-29 23:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-14 18:03 - 2013-08-21 06:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-11-14 18:03 - 2013-08-10 06:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
2013-11-14 18:03 - 2013-08-10 05:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-11-14 18:03 - 2013-08-10 03:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-14 18:03 - 2013-07-24 23:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-14 18:03 - 2013-07-24 23:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-11-14 18:03 - 2013-07-12 01:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\WSDApi.dll
2013-11-14 18:03 - 2013-07-12 01:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-14 18:02 - 2013-10-12 08:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-14 18:02 - 2013-10-12 08:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-14 18:02 - 2013-10-12 08:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-14 18:02 - 2013-10-12 08:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-14 18:02 - 2013-10-12 08:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-14 18:02 - 2013-10-12 08:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-14 18:02 - 2013-10-12 08:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-14 18:02 - 2013-10-12 08:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-14 18:02 - 2013-10-12 08:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-14 18:02 - 2013-10-12 07:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 18:02 - 2013-10-12 07:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 18:02 - 2013-10-12 07:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 18:02 - 2013-10-12 07:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 18:02 - 2013-10-12 07:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 18:02 - 2013-10-12 07:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 18:02 - 2013-10-12 07:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 18:02 - 2013-10-12 07:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 18:02 - 2013-09-23 22:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-14 18:02 - 2013-09-23 22:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 18:02 - 2013-08-23 07:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-11-14 18:02 - 2013-08-23 01:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-14 18:02 - 2013-08-02 06:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-11-14 18:02 - 2013-08-02 05:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-11-14 18:01 - 2013-10-01 23:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 18:01 - 2013-10-01 23:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-14 15:44 - 2013-11-14 15:44 - 104225154 _____ C:\Windows\SysWOW64\쵾䏜Lŝ
2013-11-14 15:43 - 2013-11-14 15:43 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-10 18:13 - 2013-11-10 18:13 - 00001135 _____ C:\Users\ErnstFriedlinde\Desktop\Bilder - Verknüpfung.lnk
2013-11-06 16:51 - 2013-11-19 15:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-11-21 00:58 - 2013-11-20 15:05 - 95025368 ____T C:\ProgramData\w2jw2bmq.bxx
2013-11-21 00:58 - 2013-11-20 15:05 - 95025368 ____T C:\ProgramData\tgdjw9d.bxx
2013-11-21 00:58 - 2013-11-20 15:05 - 00000000 _____ C:\ProgramData\w2jw2bmq.fvv
2013-11-21 00:58 - 2013-11-20 15:05 - 00000000 _____ C:\ProgramData\tgdjw9d.fvv
2013-11-21 00:58 - 2013-03-03 23:40 - 00000000 ____D C:\Users\ErnstFriedlinde\AppData\Local\PMB Files
2013-11-21 00:57 - 2012-07-26 07:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-21 00:32 - 2013-11-21 00:32 - 00000000 ____D C:\FRST
2013-11-20 22:20 - 2013-02-15 14:59 - 00000000 ____D C:\Users\ErnstFriedlinde\Documents\Youcam
2013-11-20 22:18 - 2013-02-15 14:55 - 00000000 ____D C:\users\ErnstFriedlinde
2013-11-20 15:12 - 2013-02-15 14:55 - 01868433 _____ C:\Windows\WindowsUpdate.log
2013-11-20 15:06 - 2013-11-20 15:06 - 00000285 _____ C:\ProgramData\w2jw2bmq.reg
2013-11-20 15:05 - 2013-11-20 15:05 - 00221184 _____ (Корпорация Майкрософт) C:\ProgramData\qmb2wj2w.dss
2013-11-20 15:05 - 2013-11-20 15:05 - 00221184 _____ (Корпорация Майкрософт) C:\ProgramData\d9wjdgt.dss
2013-11-20 15:05 - 2013-11-20 15:05 - 00061028 ____T (Microsoft Corporation) C:\ProgramData\w2jw2bmq.pss
2013-11-20 15:05 - 2013-11-20 15:05 - 00061028 ____T (Microsoft Corporation) C:\ProgramData\tgdjw9d.pss
2013-11-20 15:02 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\System32\sru
2013-11-20 14:37 - 2013-02-15 20:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-20 14:15 - 2013-02-16 23:55 - 00000000 ____D C:\Users\ErnstFriedlinde\AppData\Local\LogMeIn Hamachi
2013-11-19 15:58 - 2012-07-26 05:26 - 00262144 ___SH C:\Windows\System32\config\BBI
2013-11-19 15:43 - 2013-02-15 19:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-19 15:25 - 2013-05-16 13:29 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-11-19 15:25 - 2013-05-15 21:22 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-11-19 15:25 - 2013-05-15 21:22 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-11-19 15:25 - 2013-05-15 21:22 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-11-19 15:18 - 2013-11-06 16:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 17:10 - 2012-11-08 00:01 - 00754172 _____ C:\Windows\System32\perfh007.dat
2013-11-16 17:10 - 2012-11-08 00:01 - 00156362 _____ C:\Windows\System32\perfc007.dat
2013-11-16 17:10 - 2012-07-26 07:28 - 01748838 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-16 16:19 - 2013-04-21 08:19 - 00000000 ____D C:\Users\ErnstFriedlinde\AppData\Local\Windows Live
2013-11-16 11:08 - 2013-11-16 11:08 - 00303464 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-14 20:08 - 2012-07-26 08:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-14 20:08 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 18:31 - 2013-09-12 15:19 - 00000000 ____D C:\Windows\System32\MRT
2013-11-14 18:27 - 2012-11-08 19:48 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-14 18:17 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-14 15:44 - 2013-11-14 15:44 - 104225154 _____ C:\Windows\SysWOW64\쵾䏜Lŝ
2013-11-14 15:43 - 2013-11-14 15:43 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-10 19:24 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\rescache
2013-11-10 18:13 - 2013-11-10 18:13 - 00001135 _____ C:\Users\ErnstFriedlinde\Desktop\Bilder - Verknüpfung.lnk
2013-11-05 22:58 - 2013-11-15 19:02 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 22:58 - 2013-11-15 19:02 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-25 16:28 - 2013-02-15 15:03 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-274362674-807838015-508655223-1002

Files to move or delete:
====================
C:\ProgramData\d9wjdgt.dss
C:\ProgramData\qmb2wj2w.dss
C:\ProgramData\tgdjw9d.bxx
C:\ProgramData\tgdjw9d.fvv
C:\ProgramData\tgdjw9d.pss
C:\ProgramData\w2jw2bmq.bxx
C:\ProgramData\w2jw2bmq.fvv
C:\ProgramData\w2jw2bmq.pss
C:\ProgramData\w2jw2bmq.reg


Some content of TEMP:
====================
C:\Users\ErnstFriedlinde\AppData\Local\Temp\0733.dll
C:\Users\ErnstFriedlinde\AppData\Local\Temp\0882.dll
C:\Users\ErnstFriedlinde\AppData\Local\Temp\avgnt.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

26
Restore point made on: 2013-11-06 16:38:30
Restore point made on: 2013-11-06 16:38:33
Restore point made on: 2013-11-06 16:38:34
Restore point made on: 2013-11-06 16:38:35
Restore point made on: 2013-11-06 16:38:43
Restore point made on: 2013-11-06 16:38:44
Restore point made on: 2013-11-06 16:38:45
Restore point made on: 2013-11-14 18:19:02
Restore point made on: 2013-11-14 18:23:19
Restore point made on: 2013-11-14 18:23:30
Restore point made on: 2013-11-14 18:23:47
Restore point made on: 2013-11-14 18:29:38
Restore point made on: 2013-11-14 18:29:48
Restore point made on: 2013-11-14 18:30:00
Restore point made on: 2013-11-14 18:30:10
Restore point made on: 2013-11-14 18:31:35
Restore point made on: 2013-11-14 18:36:11
Restore point made on: 2013-11-14 18:36:26
Restore point made on: 2013-11-14 18:36:35
Restore point made on: 2013-11-14 18:36:47
Restore point made on: 2013-11-14 18:36:53
Restore point made on: 2013-11-14 18:37:09
Restore point made on: 2013-11-14 18:37:22
Restore point made on: 2013-11-14 18:37:29
Restore point made on: 2013-11-14 18:37:47
Restore point made on: 2013-11-14 18:42:09

==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 3977.02 MB
Available physical RAM: 3211.52 MB
Total Pagefile: 3977.02 MB
Available Pagefile: 3219.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:765.36 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:41.46 GB) NTFS
Drive e: () (Removable) (Total:58.34 GB) (Free:58.34 GB) exFAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 3E99AF5C)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 58 GB) (Disk ID: 001E8693)
Partition 1: (Active) - (Size=58 GB) - (Type=07 NTFS)


LastRegBack: 2013-11-07 16:26

==================== End Of Log ============================

 

Themen zu InterpoolVirus
adobe, adobe flash player, antivir, association, avg, avira, defender, desktop, dll, explorer, farbar recovery scan tool, flash player, monitor, mozilla, neu, nvidia, opera, realtek, registry, rundll, scan, services.exe, svchost.exe, system, temp, usb, winlogon.exe


« Advanced System Protector keine Verbindung zum Updates herunterladen | weißer Bildschirm nach Anmeldung, im abges. Modus sofortiger Neustart nach Anmeldung »


Zum Thema InterpoolVirus - Hihi, bin neu hier und hoffe habe alles richtig gepostet. Bitte um Help. Lg Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013 - InterpoolVirus...
Archiv
Du betrachtest: InterpoolVirus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131