![]() |
|
Plagegeister aller Art und deren Bekämpfung: Interpool Trojaner auf meinem LaptopWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Interpool Trojaner auf meinem Laptop Hallo, habe mir den Interpool Trojaner auf meinem Laptop eingefangen und schon einige Beiträge dazu hier gelesen, Ich bin soweit gekommen dass ich den Scan von frst durchführen konnte und die txt Datei die dabei rausgekommen ist, ist die Folgende: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 03 Ran by SYSTEM on MININT-AK4SHLD on 18-01-2014 19:42:25 Running from F:\ Windows 7 Home Premium (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SiSTray] - C:\Program Files\SiS VGA Utilities\SiSTray.exe [552960 2009-11-12] (Silicon Integrated Systems Corporation) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2010-02-03] (Synaptics Incorporated) HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard) HKLM\...\Run: [] - [x] HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-22] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\Donna\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2005-08-11] (Macrovision Corporation) HKU\Donna\...\Run: [svñhîst] - %USERPROFILE%\wgsdgsdgdsgsd.exe HKU\Donna\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2013-02-13] (Samsung) HKU\Donna\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [ 2013-02-13] (Samsung) HKU\Donna\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ifjwaewl.lnk ShortcutTarget: ifjwaewl.lnk -> C:\Users\Donna\AppData\Local\Temp\lweawjfi.cpp (hxxp://tortoisesvn.net) ========================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-22] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG) S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-05-30] (soft Xpansion) S2 Winmgmt; C:\Users\Donna\AppData\Local\Temp\lweawjfi.cpp [228864 2014-01-18] (hxxp://tortoisesvn.net) ==================== Drivers (Whitelisted) ==================== S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-22] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-22] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG) S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation ) S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x] S0 PxHelp20; System32\Drivers\PxHelp20.sys [x] S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-18 19:42 - 2014-01-18 19:42 - 00000000 ____D C:\FRST 2014-01-18 09:10 - 2014-01-18 10:31 - 00000000 _____ C:\ProgramData\ifjwaewl.odd 2014-01-04 09:17 - 2014-01-04 09:27 - 00000000 ____D C:\Users\Donna\Desktop\Ebay ==================== One Month Modified Files and Folders ======= 2014-01-18 19:42 - 2014-01-18 19:42 - 00000000 ____D C:\FRST 2014-01-18 10:31 - 2014-01-18 09:10 - 00000000 _____ C:\ProgramData\ifjwaewl.odd 2014-01-18 10:30 - 2009-07-13 20:39 - 00049856 _____ C:\Windows\setupact.log 2014-01-18 09:39 - 2010-02-03 12:18 - 01990069 _____ C:\Windows\WindowsUpdate.log 2014-01-18 09:31 - 2009-07-13 20:34 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-18 09:31 - 2009-07-13 20:34 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-18 09:17 - 2010-02-03 13:37 - 00189648 _____ C:\Windows\PFRO.log 2014-01-16 07:17 - 2010-02-07 07:40 - 00002568 ___SH C:\Windows\System32\KGyGaAvL.sys 2014-01-15 00:26 - 2010-05-23 11:58 - 00000000 ____D C:\Users\Donna\AppData\Roaming\Skype 2014-01-06 05:30 - 2010-02-03 12:38 - 01507342 _____ C:\Windows\System32\PerfStringBackup.INI 2014-01-04 09:27 - 2014-01-04 09:17 - 00000000 ____D C:\Users\Donna\Desktop\Ebay 2013-12-22 02:03 - 2013-05-07 10:05 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys 2013-12-22 02:03 - 2012-12-03 00:25 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2013-12-22 02:03 - 2012-12-03 00:25 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2013-12-19 11:50 - 2010-02-03 13:21 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-19 11:48 - 2013-08-08 09:21 - 00000000 ____D C:\Windows\System32\MRT Files to move or delete: ==================== C:\Program Files\Samsung\Kies\KiesAirMessage.exe C:\ProgramData\8DN5HY.dat C:\ProgramData\ifjwaewl.odd C:\Windows\Tasks\At1.job C:\Windows\Tasks\At10.job C:\Windows\Tasks\At11.job C:\Windows\Tasks\At12.job C:\Windows\Tasks\At13.job C:\Windows\Tasks\At14.job C:\Windows\Tasks\At15.job C:\Windows\Tasks\At16.job C:\Windows\Tasks\At17.job C:\Windows\Tasks\At18.job C:\Windows\Tasks\At19.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At20.job C:\Windows\Tasks\At21.job C:\Windows\Tasks\At22.job C:\Windows\Tasks\At23.job C:\Windows\Tasks\At24.job C:\Windows\Tasks\At25.job C:\Windows\Tasks\At26.job C:\Windows\Tasks\At27.job C:\Windows\Tasks\At28.job C:\Windows\Tasks\At29.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At30.job C:\Windows\Tasks\At31.job C:\Windows\Tasks\At32.job C:\Windows\Tasks\At33.job C:\Windows\Tasks\At34.job C:\Windows\Tasks\At35.job C:\Windows\Tasks\At36.job C:\Windows\Tasks\At37.job C:\Windows\Tasks\At38.job C:\Windows\Tasks\At39.job C:\Windows\Tasks\At4.job C:\Windows\Tasks\At40.job C:\Windows\Tasks\At41.job C:\Windows\Tasks\At42.job C:\Windows\Tasks\At43.job C:\Windows\Tasks\At44.job C:\Windows\Tasks\At45.job C:\Windows\Tasks\At46.job C:\Windows\Tasks\At47.job C:\Windows\Tasks\At48.job C:\Windows\Tasks\At5.job C:\Windows\Tasks\At6.job C:\Windows\Tasks\At7.job C:\Windows\Tasks\At8.job C:\Windows\Tasks\At9.job Some content of TEMP: ==================== C:\Users\Donna\AppData\Local\Temp\avgnt.exe C:\Users\Donna\AppData\Local\Temp\HomeTab.exe C:\Users\Donna\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe C:\Users\Donna\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Donna\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Donna\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Donna\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Donna\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe C:\Users\Donna\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Donna\AppData\Local\Temp\qmph.dll C:\Users\Donna\AppData\Local\Temp\tbu1C31.exe C:\Users\Donna\AppData\Local\Temp\tbu32A8.exe C:\Users\Donna\AppData\Local\Temp\tbu3E8D.exe C:\Users\Donna\AppData\Local\Temp\tbu418A.exe C:\Users\Donna\AppData\Local\Temp\tbu48FE.exe C:\Users\Donna\AppData\Local\Temp\tbu59C.exe C:\Users\Donna\AppData\Local\Temp\tbu770F.exe C:\Users\Donna\AppData\Local\Temp\tbu993B.exe C:\Users\Donna\AppData\Local\Temp\tbuC15E.exe C:\Users\Donna\AppData\Local\Temp\tbuE259.exe C:\Users\Donna\AppData\Local\Temp\tbuF1FF.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-07-30 10:10:34 Restore point made on: 2013-07-30 10:37:04 Restore point made on: 2013-08-08 09:20:34 Restore point made on: 2013-08-26 08:41:21 Restore point made on: 2013-09-09 05:55:08 Restore point made on: 2013-09-30 01:03:09 Restore point made on: 2013-10-16 07:07:26 Restore point made on: 2013-10-20 01:02:43 Restore point made on: 2013-11-06 06:10:25 Restore point made on: 2014-01-02 01:37:51 Restore point made on: 2014-01-15 10:08:15 ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 3823.17 MB Available physical RAM: 3183.32 MB Total Pagefile: 3821.45 MB Available Pagefile: 3191.34 MB Total Virtual: 2047.88 MB Available Virtual: 1933.2 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:297.99 GB) (Free:206.6 GB) NTFS Drive e: (Windows7) (CDROM) (Total:3.52 GB) (Free:0 GB) UDF Drive f: (VOLUME) (Removable) (Total:29.28 GB) (Free:29.28 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0F2202EA) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=29 GB) - (Type=0C) LastRegBack: 2014-01-15 10:01 ==================== End Of Log ============================ Ich freue mich über schnelle Hilfe, wie es un weiter gehen kann. |
Themen zu Interpool Trojaner auf meinem Laptop |
adobe, antivir, association, avg, cdrom, desktop, download, explorer, explorer.exe, microsoft, opera, pup.optional.hometab.a, pup.optional.simplytech, realtek, registry, services.exe, software, svchost.exe, system32, temp, trojaner, win32/kryptik.btdv, winlogon.exe |