Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows Vista Rechner mit Interpol Trojaner befallen

Windows Vista Rechner mit Interpol Trojaner befallen


Log-Analyse und Auswertung: Windows Vista Rechner mit Interpol Trojaner befallen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 19.03.2014, 11:07   #1
sunshine1184
 
Windows Vista Rechner mit Interpol Trojaner befallen - Standard

Windows Vista Rechner mit Interpol Trojaner befallen


Hi liebes Trojaner Board,

mein Laptop mit Windows Vista is leider von einem Interpol Trojaner befallen ich hoffe ihr könnt mir dabei helfen ihn zu beseitigen.

mfg Sunshine


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by SYSTEM on MINWINPC on 19-03-2014 10:51:26
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-10] (Synaptics, Inc.)
HKLM\...\Run: [ISBMgr.exe] - C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317288 2008-12-18] (Sony Corporation)
HKLM\...\Run: [StartCCC] - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [lxdimon.exe] - C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe [435120 2007-03-06] ()
HKLM\...\Run: [lxdiamon] - C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe [20480 2007-03-05] (Lexmark)
HKLM\...\Run: [LXDICATS] - C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDItime.dll [102400 2007-02-26] (Lexmark International, Inc.)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [SymInstallStub] - C:\Users\Ronald\AppData\Local\Temp\SymInstallStub.exe /partnerid=realnw /productlist=nss /staging=false /delay=5 /affid=rplr /desktopshortcut=1 /startmenushortcut=1 /launchedby=3 [335776 2014-03-18] (Symantec Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [274432 2008-12-21] (Sony Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [274432 2008-12-21] (Sony Corporation)
HKU\Ronald\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\Ronald\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\Ronald\...\Run: [Browser Infrastructure Helper] - C:\Users\Ronald\AppData\Local\Smartbar\Application\Smartbar.exe [21536 2014-02-09] (Smartbar)
Startup: C:\Users\Ronald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Ronald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\obnfwlxv.lnk
ShortcutTarget: obnfwlxv.lnk -> C:\ProgramData\vxlwfnbo.cpp (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-02-26] (Cherished Technololgy LIMITED)
S2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe [546112 2014-01-27] ()
S2 LPTSystemUpdater; C:\Program Files\LPT\srpts.exe [32288 2014-02-09] ()
S2 lxdi_device; C:\Windows\system32\lxdicoms.exe [517040 2007-03-06] ( )
S2 NSUService; C:\Program Files\sony\Network Utility\NSUService.exe [303104 2008-12-21] (Sony Corporation)
S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-01-20] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-01-20] (Sony Corporation)
S2 Update EnhanceTronic; C:\Program Files\EnhanceTronic\updateEnhanceTronic.exe [348968 2014-03-17] ()
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation)
S2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [203624 2009-01-19] (Sony Corporation)
S2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [415592 2008-12-19] (Sony Corporation)
S2 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [394536 2009-01-19] (Sony Corporation)
S3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation)
S2 Winmgmt; C:\ProgramData\vxlwfnbo.cpp [204297 2014-03-18] (Microsoft Corporation)
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-03-09] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-05] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-19 10:51 - 2014-03-19 10:51 - 00000000 ____D () C:\FRST
2014-03-18 09:46 - 2014-03-18 09:46 - 00000562 _____ () C:\Windows\PFRO.log
2014-03-18 09:44 - 2014-03-18 09:45 - 95027928 ____T () C:\ProgramData\obnfwlxv.fee
2014-03-18 09:43 - 2014-03-18 09:43 - 00204297 _____ (Microsoft Corporation) C:\ProgramData\vxlwfnbo.cpp
2014-03-18 09:42 - 2014-03-18 09:42 - 00000000 ____D () C:\Program Files\Lightspark 0.5.3-git
2014-03-18 09:41 - 2014-03-18 09:41 - 00000000 ____D () C:\Program Files\PriceGong
2014-03-18 09:40 - 2014-03-18 09:41 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-03-18 09:39 - 2014-03-18 09:41 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Weather It Up
2014-03-18 09:38 - 2014-03-18 09:39 - 00000000 ____D () C:\Program Files\Weather It Up
2014-03-18 09:37 - 2014-03-18 09:46 - 00000000 ____D () C:\Program Files\EnhanceTronic
2014-03-18 09:36 - 2014-03-18 09:36 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\RealNetworks
2014-03-18 09:35 - 2014-03-18 09:35 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-18 09:34 - 2014-03-18 09:39 - 00000000 ____D () C:\Program Files\Real
2014-03-18 09:33 - 2014-03-18 09:39 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\Real
2014-03-18 09:33 - 2014-03-18 09:33 - 00001970 _____ () C:\Users\Ronald\Desktop\Norton Product Installer.lnk
2014-03-18 09:33 - 2014-03-18 09:33 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Real
2014-03-18 09:30 - 2014-03-18 09:39 - 00000000 ____D () C:\ProgramData\Real
2014-03-15 14:28 - 2014-03-15 14:28 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-13 18:08 - 2014-03-13 18:10 - 00000000 ____D () C:\Program Files\LPT
2014-03-13 18:06 - 2014-03-13 18:07 - 00000000 ____D () C:\Users\Ronald\AppData\Local\LPT
2014-03-13 18:06 - 2014-03-13 18:07 - 00000000 ____D () C:\Program Files\hdvideo
2014-03-13 18:06 - 2014-03-13 18:06 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Smartbar
2014-03-13 18:05 - 2014-03-13 18:05 - 00402320 _____ () C:\Users\Ronald\Downloads\Setup.exe
2014-03-13 09:33 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-03-13 09:33 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-13 09:33 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-03-13 09:33 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-13 09:33 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-03-13 09:33 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-13 09:32 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-13 09:32 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-13 09:32 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-13 09:32 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-13 09:32 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-13 09:32 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-03-13 09:32 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-03-13 09:32 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-13 09:32 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-03-13 09:32 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-12 10:39 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-12 10:39 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-12 10:39 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2014-03-12 10:39 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-03-09 07:08 - 2014-03-09 07:08 - 00000000 ____D () C:\Users\Ronald\Documents\Optimizer Pro
2014-03-09 07:06 - 2014-03-09 07:06 - 00000584 _____ () C:\Users\Ronald\AppData\Roaming\aps.scan.quick.results
2014-03-09 07:06 - 2014-03-09 07:06 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Tuguu_SL
2014-03-09 07:04 - 2014-03-09 07:04 - 00000000 ____D () C:\Program Files\media enhance
2014-03-09 07:03 - 2014-03-09 07:06 - 00000000 ____D () C:\Program Files\AnyProtectEx
2014-03-09 07:03 - 2014-03-09 07:03 - 01122960 _____ (AnyProtect.com) C:\Users\Ronald\AppData\Local\nsa79E3.tmp
2014-03-09 07:03 - 2014-03-09 07:03 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\VOPackage
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\SupTab
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\awesomehp
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\ProgramData\WPM
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\Program Files\SupTab
2014-03-09 07:00 - 2014-03-13 18:04 - 00000000 _____ () C:\END
2014-03-09 07:00 - 2014-03-09 07:00 - 00000000 ____D () C:\Users\Ronald\AppData\Local\SearchProtect
2014-02-26 12:52 - 2014-02-26 12:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-26 12:41 - 2014-02-26 12:41 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-26 12:41 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2014-02-26 12:41 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2014-02-26 12:41 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2014-02-26 12:41 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2014-02-26 12:39 - 2014-02-26 12:41 - 00005921 _____ () C:\Windows\System32\jupdate-1.7.0_51-b13.log
2014-02-25 14:48 - 2014-02-26 12:22 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\systweak
2014-02-25 14:48 - 2014-02-25 14:50 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\Advanced System Protector
2014-02-25 14:48 - 2014-01-21 17:28 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot.exe
2014-02-25 07:57 - 2014-02-25 07:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-25 07:55 - 2014-02-25 07:55 - 00000000 ____D () C:\Program Files\Level Quality Watcher

==================== One Month Modified Files and Folders =======

2014-03-19 10:51 - 2014-03-19 10:51 - 00000000 ____D () C:\FRST
2014-03-18 10:14 - 2013-08-25 18:45 - 01375101 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 10:08 - 2011-09-15 18:11 - 00079664 _____ () C:\Users\Ronald\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 10:06 - 2006-11-02 13:47 - 00331392 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-18 10:05 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 10:05 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 09:46 - 2014-03-18 09:46 - 00000562 _____ () C:\Windows\PFRO.log
2014-03-18 09:46 - 2014-03-18 09:37 - 00000000 ____D () C:\Program Files\EnhanceTronic
2014-03-18 09:45 - 2014-03-18 09:44 - 95027928 ____T () C:\ProgramData\obnfwlxv.fee
2014-03-18 09:43 - 2014-03-18 09:43 - 00204297 _____ (Microsoft Corporation) C:\ProgramData\vxlwfnbo.cpp
2014-03-18 09:42 - 2014-03-18 09:42 - 00000000 ____D () C:\Program Files\Lightspark 0.5.3-git
2014-03-18 09:41 - 2014-03-18 09:41 - 00000000 ____D () C:\Program Files\PriceGong
2014-03-18 09:41 - 2014-03-18 09:40 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-03-18 09:41 - 2014-03-18 09:39 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Weather It Up
2014-03-18 09:39 - 2014-03-18 09:38 - 00000000 ____D () C:\Program Files\Weather It Up
2014-03-18 09:39 - 2014-03-18 09:34 - 00000000 ____D () C:\Program Files\Real
2014-03-18 09:39 - 2014-03-18 09:33 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\Real
2014-03-18 09:39 - 2014-03-18 09:30 - 00000000 ____D () C:\ProgramData\Real
2014-03-18 09:36 - 2014-03-18 09:36 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\RealNetworks
2014-03-18 09:35 - 2014-03-18 09:35 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-18 09:34 - 2003-03-18 19:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2014-03-18 09:33 - 2014-03-18 09:33 - 00001970 _____ () C:\Users\Ronald\Desktop\Norton Product Installer.lnk
2014-03-18 09:33 - 2014-03-18 09:33 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Real
2014-03-15 15:02 - 2013-12-18 09:39 - 00013312 _____ () C:\Users\Ronald\Documents\stunden2014.xlr
2014-03-15 15:02 - 2011-09-17 11:05 - 00001036 _____ () C:\Users\Ronald\AppData\Roaming\wklnhst.dat
2014-03-15 14:58 - 2011-09-17 11:04 - 00002505 _____ () C:\Users\Ronald\Desktop\Microsoft Works-Tabellenkalkulation.lnk
2014-03-15 14:28 - 2014-03-15 14:28 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-13 18:14 - 2013-08-17 06:35 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-13 18:10 - 2014-03-13 18:08 - 00000000 ____D () C:\Program Files\LPT
2014-03-13 18:10 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-03-13 18:07 - 2014-03-13 18:06 - 00000000 ____D () C:\Users\Ronald\AppData\Local\LPT
2014-03-13 18:07 - 2014-03-13 18:06 - 00000000 ____D () C:\Program Files\hdvideo
2014-03-13 18:06 - 2014-03-13 18:06 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Smartbar
2014-03-13 18:05 - 2014-03-13 18:05 - 00402320 _____ () C:\Users\Ronald\Downloads\Setup.exe
2014-03-13 18:04 - 2014-03-09 07:00 - 00000000 _____ () C:\END
2014-03-13 10:05 - 2011-09-17 12:29 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-03-13 09:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-13 09:32 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\de-DE
2014-03-09 07:08 - 2014-03-09 07:08 - 00000000 ____D () C:\Users\Ronald\Documents\Optimizer Pro
2014-03-09 07:06 - 2014-03-09 07:06 - 00000584 _____ () C:\Users\Ronald\AppData\Roaming\aps.scan.quick.results
2014-03-09 07:06 - 2014-03-09 07:06 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Tuguu_SL
2014-03-09 07:06 - 2014-03-09 07:03 - 00000000 ____D () C:\Program Files\AnyProtectEx
2014-03-09 07:04 - 2014-03-09 07:04 - 00000000 ____D () C:\Program Files\media enhance
2014-03-09 07:03 - 2014-03-09 07:03 - 01122960 _____ (AnyProtect.com) C:\Users\Ronald\AppData\Local\nsa79E3.tmp
2014-03-09 07:03 - 2014-03-09 07:03 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\VOPackage
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\SupTab
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\awesomehp
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\ProgramData\WPM
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-09 07:02 - 2014-03-09 07:02 - 00000000 ____D () C:\Program Files\SupTab
2014-03-09 07:00 - 2014-03-09 07:00 - 00000000 ____D () C:\Users\Ronald\AppData\Local\SearchProtect
2014-03-05 07:19 - 2012-09-14 06:55 - 00000000 ___RD () C:\Program Files\Skype
2014-03-05 07:19 - 2011-09-15 18:34 - 00000000 ____D () C:\ProgramData\Skype
2014-03-02 10:41 - 2013-08-31 10:35 - 00000000 ____D () C:\Program Files\Opera Next
2014-03-02 10:06 - 2008-01-21 08:16 - 01565124 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-01 07:53 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-26 12:52 - 2014-02-26 12:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-26 12:41 - 2014-02-26 12:41 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-26 12:41 - 2014-02-26 12:39 - 00005921 _____ () C:\Windows\System32\jupdate-1.7.0_51-b13.log
2014-02-26 12:41 - 2013-08-25 18:56 - 00000000 ____D () C:\Program Files\Java
2014-02-26 12:22 - 2014-02-25 14:48 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\systweak
2014-02-25 14:50 - 2014-02-25 14:48 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\Advanced System Protector
2014-02-25 07:57 - 2014-02-25 07:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-25 07:55 - 2014-02-25 07:55 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-02-23 06:50 - 2014-03-13 09:32 - 12347904 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-23 06:47 - 2014-03-13 09:32 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-23 06:43 - 2014-03-13 09:32 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-23 06:41 - 2014-03-13 09:32 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-23 06:40 - 2014-03-13 09:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-23 06:39 - 2014-03-13 09:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-23 06:38 - 2014-03-13 09:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-23 06:38 - 2014-03-13 09:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-23 06:38 - 2014-03-13 09:32 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-02-23 06:37 - 2014-03-13 09:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-23 06:37 - 2014-03-13 09:32 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-23 06:37 - 2014-03-13 09:32 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-02-23 06:37 - 2014-03-13 09:32 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-23 06:36 - 2014-03-13 09:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-23 06:36 - 2014-03-13 09:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-02-23 06:35 - 2014-03-13 09:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

Files to move or delete:
====================
C:\Users\Ronald\AppData\Roaming\desktop.ini
C:\ProgramData\obnfwlxv.fee


Some content of TEMP:
====================
C:\Users\Ronald\AppData\Local\Temp\avgnt.exe
C:\Users\Ronald\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ronald\AppData\Local\Temp\ShoppinHelper2.exe
C:\Users\Ronald\AppData\Local\Temp\SymInstallStub.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-02-25 14:52:50
Restore point made on: 2014-02-26 08:35:16
Restore point made on: 2014-02-26 12:39:23
Restore point made on: 2014-02-27 06:48:53
Restore point made on: 2014-02-28 08:03:22
Restore point made on: 2014-03-01 07:16:11
Restore point made on: 2014-03-02 08:57:20
Restore point made on: 2014-03-03 16:09:36
Restore point made on: 2014-03-04 08:13:39
Restore point made on: 2014-03-05 07:18:28
Restore point made on: 2014-03-08 08:09:46
Restore point made on: 2014-03-09 08:50:19
Restore point made on: 2014-03-11 12:30:22
Restore point made on: 2014-03-12 11:15:09
Restore point made on: 2014-03-13 09:31:07
Restore point made on: 2014-03-13 18:10:19
Restore point made on: 2014-03-13 18:50:26
Restore point made on: 2014-03-15 15:41:49
Restore point made on: 2014-03-16 08:47:46
Restore point made on: 2014-03-18 09:19:52

==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 4062.13 MB
Available physical RAM: 3614.86 MB
Total Pagefile: 3817.55 MB
Available Pagefile: 3666.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.22 GB) (Free:207.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Recovery) (Fixed) (Total:9.87 GB) (Free:0.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:3.76 GB) (Free:3.66 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 19C1D40E)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: C2A8B134)

Partition: GPT Partition Type.


LastRegBack: 2014-03-18 10:12

==================== End Of Log ============================
--- --- ---

--- --- ---


hier schonmal meine frst log file.

Alt 19.03.2014, 11:14   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Windows Vista Rechner mit Interpol Trojaner befallen - Standard

Windows Vista Rechner mit Interpol Trojaner befallen


hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\Users\Ronald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\obnfwlxv.lnk
ShortcutTarget: obnfwlxv.lnk -> C:\ProgramData\vxlwfnbo.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\vxlwfnbo.cpp [204297 2014-03-18] (Microsoft Corporation)
2014-03-18 09:44 - 2014-03-18 09:45 - 95027928 ____T () C:\ProgramData\obnfwlxv.fee
2014-03-18 09:43 - 2014-03-18 09:43 - 00204297 _____ (Microsoft Corporation) C:\ProgramData\vxlwfnbo.cpp
C:\Users\Ronald\AppData\Roaming\desktop.ini
C:\ProgramData\obnfwlxv.fee
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.




Rechner normal starten.
__________________

__________________
Alt 19.03.2014, 11:17   #3
sunshine1184
 
Windows Vista Rechner mit Interpol Trojaner befallen - Standard

Windows Vista Rechner mit Interpol Trojaner befallen


Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by SYSTEM at 2014-03-19 11:16:16 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Startup: C:\Users\Ronald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\obnfwlxv.lnk
ShortcutTarget: obnfwlxv.lnk -> C:\ProgramData\vxlwfnbo.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\vxlwfnbo.cpp [204297 2014-03-18] (Microsoft Corporation)
2014-03-18 09:44 - 2014-03-18 09:45 - 95027928 ____T () C:\ProgramData\obnfwlxv.fee
2014-03-18 09:43 - 2014-03-18 09:43 - 00204297 _____ (Microsoft Corporation) C:\ProgramData\vxlwfnbo.cpp
C:\Users\Ronald\AppData\Roaming\desktop.ini
C:\ProgramData\obnfwlxv.fee
*****************

C:\Users\Ronald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\obnfwlxv.lnk => Moved successfully.
C:\ProgramData\vxlwfnbo.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\obnfwlxv.fee => Moved successfully.
"C:\ProgramData\vxlwfnbo.cpp" => File/Directory not found.
C:\Users\Ronald\AppData\Roaming\desktop.ini => Moved successfully.
"C:\ProgramData\obnfwlxv.fee" => File/Directory not found.

==== End of Fixlog ====
__________________
Alt 20.03.2014, 09:45   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Windows Vista Rechner mit Interpol Trojaner befallen - Standard

Windows Vista Rechner mit Interpol Trojaner befallen


startet der Rechner normal?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows Vista Rechner mit Interpol Trojaner befallen
association, befallen, board, hoffe, interpol, interpol trojaner, laptop, rechner, smartbar, spark, troja, trojaner, trojaner board, vista, windows, windows vista


« Interpol Trojaner eingefangen, bereinigung mit Kaspersky Rescue Disc nicht erfolgreich | Verschiedene Funde ! »


Ähnliche Themen: Windows Vista Rechner mit Interpol Trojaner befallen


  1. Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit
    Log-Analyse und Auswertung - 22.02.2015 (37)
  2. Windows Vista 32 bit, interpol virus, pc dennoch funktionsfähig
    Plagegeister aller Art und deren Bekämpfung - 22.02.2015 (15)
  3. Interpol-Trojaner (ukash) auf Windows XP-Rechner (32Bit)
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (28)
  4. Interpol Trojaner auf Windows 7 64 bit Rechner, Abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 29.05.2014 (8)
  5. Windows Vista, Interpol Virus Sperrbildschirm :(
    Plagegeister aller Art und deren Bekämpfung - 01.04.2014 (3)
  6. Interpol hat zugeschlagen! Interpol Troyaner/Virus legt Rechner Lahm!
    Log-Analyse und Auswertung - 30.03.2014 (7)
  7. Windows Vista 32Bit Interpol-Trojaner, Österr.
    Log-Analyse und Auswertung - 05.03.2014 (21)
  8. Windows Vista Interpol Trojana
    Log-Analyse und Auswertung - 06.02.2014 (12)
  9. Windows Vista: Interpol Trojaner
    Log-Analyse und Auswertung - 04.01.2014 (11)
  10. Windows 7: Interpol Virus/Trojaner, Rechner gesperrt
    Log-Analyse und Auswertung - 29.12.2013 (3)
  11. Interpol Trojaner auf Vista Rechner - eingeschränkte Möglichkeiten Daten zu sammeln wegen ipad und uraltrechner
    Plagegeister aller Art und deren Bekämpfung - 26.11.2013 (17)
  12. Ein Konto vom Rechner wurde vom Interpol Virus befallen
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (7)
  13. Windows Vista: MSI Nettop: Interpol Trojaner Rechner gesperrt
    Log-Analyse und Auswertung - 01.11.2013 (14)
  14. Windows Vista - Interpol Trojaner mit Sperrschirm
    Log-Analyse und Auswertung - 24.10.2013 (11)
  15. GVU Trojaner auf Windows Vista Rechner
    Log-Analyse und Auswertung - 31.01.2013 (1)
  16. Mein Windows Vista 64-bit PC von BKA-Trojaner befallen
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (5)
  17. Windows-Vista -PC mit spyeye befallen
    Log-Analyse und Auswertung - 09.05.2011 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows Vista Rechner mit Interpol Trojaner befallen - Hi liebes Trojaner Board, mein Laptop mit Windows Vista is leider von einem Interpol Trojaner befallen ich hoffe ihr könnt mir dabei helfen ihn zu beseitigen. mfg Sunshine FRST Logfile: - Windows Vista Rechner mit Interpol Trojaner befallen...
Archiv
Du betrachtest: Windows Vista Rechner mit Interpol Trojaner befallen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19