Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Interpol-Trojaner, FRST-Scan angefügt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 31.03.2014, 14:32   #1
philipp lahm
 
Windows 7: Interpol-Trojaner, FRST-Scan angefügt - Standard

Windows 7: Interpol-Trojaner, FRST-Scan angefügt



Hallo,

auf meinem Notebook öffnete sich plötzlich ein Fenster von Interpol, auf der ich aufgefordert wurde 100€ Geldbuße zu bezahlen.
Daraufhin habe ich diesen Sachverhalt gegoogelt und bin auf ein ähnliches Thema in diesem Forum gestoßen.
Ich habe bereits einen FRST-Scan durchgeführt.

Anbei die FRST.txt Datei:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by SYSTEM on MININT-HTFJ9IS on 31-03-2014 15:10:18
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295720 2013-10-25] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [384296 2013-10-28] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-09-26] (Synaptics Incorporated)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-30] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-09-25] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-09-25] (Lenovo)
HKU\Johannes Kaindl\...\Run: [UpdateMyDrivers] - C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
HKU\Johannes Kaindl\...\Run: [Google Update] - C:\Users\Johannes Kaindl\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-08] (Google Inc.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-22] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050400 2014-03-22] (Conduit)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\Users\Johannes Kaindl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2466080 2014-03-22] (Conduit)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-10-22] (Lenovo.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [103936 2013-12-20] (Freemake)
S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-12-12] (Ellora Assets Corp.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
S2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197928 2013-10-25] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
S2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-09-26] (Synaptics Incorporated)
S2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-31 15:10 - 2014-03-31 15:10 - 00000000 ____D () C:\FRST
2014-03-26 10:54 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-26 10:54 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-26 10:54 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-03-26 10:54 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-26 10:54 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-03-26 10:54 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-03-26 10:54 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-26 10:54 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-03-26 10:54 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-26 10:54 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-03-26 10:54 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-03-26 10:54 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-03-26 10:54 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-26 10:54 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-26 10:54 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-03-26 10:54 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-26 10:54 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-03-26 10:54 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-26 10:54 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-26 10:54 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-26 10:54 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-26 10:54 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-26 10:54 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-26 10:54 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-26 10:54 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-26 10:54 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-26 10:54 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-26 10:54 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-03-26 10:54 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-26 10:54 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-26 10:54 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-26 10:54 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-26 10:54 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-26 10:54 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-26 10:54 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-26 10:54 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-26 10:54 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-26 10:54 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-26 10:54 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-03-26 10:54 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-26 10:41 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2014-03-26 10:41 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-26 10:41 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2014-03-26 10:40 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-26 10:40 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-03-26 10:40 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-26 10:40 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-26 10:40 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-03-31 15:10 - 2014-03-31 15:10 - 00000000 ____D () C:\FRST
2014-03-31 13:46 - 2013-11-07 02:35 - 01283267 _____ () C:\Windows\WindowsUpdate.log
2014-03-31 13:28 - 2013-11-08 15:49 - 00000000 ____D () C:\Users\Johannes Kaindl\AppData\Local\Lenovo
2014-03-31 13:21 - 2011-04-12 08:43 - 00699666 _____ () C:\Windows\System32\perfh007.dat
2014-03-31 13:21 - 2011-04-12 08:43 - 00149774 _____ () C:\Windows\System32\perfc007.dat
2014-03-31 13:21 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-31 13:18 - 2013-11-08 19:56 - 00001160 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795406587-59563567-99350790-1000UA.job
2014-03-31 12:48 - 2013-11-11 12:13 - 00000566 _____ () C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2014-03-29 01:05 - 2013-11-08 19:56 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795406587-59563567-99350790-1000Core.job
2014-03-29 00:23 - 2014-01-04 14:52 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-29 00:17 - 2013-11-12 15:02 - 00000000 ___RD () C:\Users\Johannes Kaindl\Dropbox
2014-03-29 00:17 - 2013-11-12 14:59 - 00000000 ____D () C:\Users\Johannes Kaindl\AppData\Roaming\Dropbox
2014-03-28 03:11 - 2009-07-14 05:45 - 00022080 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 03:11 - 2009-07-14 05:45 - 00022080 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 03:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 03:05 - 2009-07-14 05:51 - 00037861 _____ () C:\Windows\setupact.log
2014-03-28 03:05 - 2009-07-14 05:45 - 00275856 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-28 03:01 - 2013-11-10 19:00 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-28 03:00 - 2013-11-10 19:00 - 90015360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-03-26 14:25 - 2013-11-08 09:24 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-03-26 14:19 - 2013-11-07 21:24 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-03-26 14:19 - 2013-11-07 21:24 - 00000000 ____D () C:\ProgramData\Lenovo
2014-03-26 14:18 - 2013-11-08 09:24 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-03-26 14:18 - 2013-11-07 21:24 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-03-26 10:58 - 2013-11-08 20:23 - 00002404 _____ () C:\Users\Johannes Kaindl\Desktop\Google Chrome.lnk
2014-03-09 14:13 - 2013-11-08 09:25 - 00000000 ____D () C:\ldiag
2014-03-01 07:05 - 2014-03-26 10:54 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-01 06:17 - 2014-03-26 10:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-01 06:16 - 2014-03-26 10:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-26 10:54 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-01 05:52 - 2014-03-26 10:54 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-03-01 05:51 - 2014-03-26 10:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-26 10:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-01 05:40 - 2014-03-26 10:54 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-03-01 05:37 - 2014-03-26 10:54 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-01 05:33 - 2014-03-26 10:54 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-26 10:54 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-26 10:54 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-26 10:54 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-26 10:54 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-26 10:54 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-26 10:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-26 10:54 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-03-01 04:54 - 2014-03-26 10:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-01 04:52 - 2014-03-26 10:54 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-26 10:54 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-26 10:54 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-26 10:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-26 10:54 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-26 10:54 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-01 04:40 - 2014-03-26 10:54 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-26 10:54 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-26 10:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-26 10:54 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-26 10:54 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-01 04:16 - 2014-03-26 10:54 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-26 10:54 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-26 10:54 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-01 04:03 - 2014-03-26 10:54 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-26 10:54 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-26 10:54 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-26 10:54 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-01 03:32 - 2014-03-26 10:54 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-26 10:54 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-26 10:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-26 10:54 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Johannes Kaindl\AppData\Local\Temp\20131111100854782jniverify.dll
C:\Users\Johannes Kaindl\AppData\Local\Temp\avgnt.exe
C:\Users\Johannes Kaindl\AppData\Local\Temp\bitool.dll
C:\Users\Johannes Kaindl\AppData\Local\Temp\FreemakeAudioConverter_1.1.0.49.exe
C:\Users\Johannes Kaindl\AppData\Local\Temp\FreemakeVideoDownloader_3.6.2.2.exe
C:\Users\Johannes Kaindl\AppData\Local\Temp\Installer.exe
C:\Users\Johannes Kaindl\AppData\Local\Temp\nsj59E.exe
C:\Users\Johannes Kaindl\AppData\Local\Temp\nsnA24B.exe
C:\Users\Johannes Kaindl\AppData\Local\Temp\nsnC864.exe
C:\Users\Johannes Kaindl\AppData\Local\Temp\nstC5C5.exe
C:\Users\Johannes Kaindl\AppData\Local\Temp\nsyA4AD.exe
C:\Users\Johannes Kaindl\AppData\Local\Temp\setup__3862.exe
C:\Users\Johannes Kaindl\AppData\Local\Temp\sp-downloader.exe
C:\Users\Johannes Kaindl\AppData\Local\Temp\SPSetup.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-02-26 03:00:19
Restore point made on: 2014-02-26 12:02:01
Restore point made on: 2014-03-02 11:15:28
Restore point made on: 2014-03-07 13:27:08
Restore point made on: 2014-03-11 16:30:52
Restore point made on: 2014-03-26 10:55:04
Restore point made on: 2014-03-28 03:00:21

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 3791.8 MB
Available physical RAM: 3175.36 MB
Total Pagefile: 3790 MB
Available Pagefile: 3163.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:412.09 GB) NTFS
Drive e: (autorun) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:1.9 GB) (Free:0.1 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 38543087)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 014C035C)
Partition 1: (Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2014-03-28 01:05

==================== End Of Log ============================
         
Danke bereits für weitere Anleitung zur Behebung des Problems!

 

Themen zu Windows 7: Interpol-Trojaner, FRST-Scan angefügt
adobe, association, autorun, desktop, dll, google, opera, pup.optional.amonetize, pup.optional.conduit.a, pup.optional.ellora, pup.optional.installmonetizer, pup.optional.linkury.a, pup.optional.opencandy, pup.optional.searchprotect.a, pup.optional.snapdo, pup.optional.snapdo.a, pup.optional.somoto, pup.optional.somoto.a, pwmtr64v.dll, realtek, services.exe, software, svchost.exe, tcp, winlogon.exe




Ähnliche Themen: Windows 7: Interpol-Trojaner, FRST-Scan angefügt


  1. Windows 7 bootet nicht mehr, nur Sperrbildschirm! FRST-Scan ist erfolgt.
    Plagegeister aller Art und deren Bekämpfung - 21.08.2015 (16)
  2. FRST Scan und nun?
    Diskussionsforum - 31.07.2015 (3)
  3. Interpol Virus - FRST.exe
    Plagegeister aller Art und deren Bekämpfung - 25.03.2014 (21)
  4. Interpol Trojaner Windows 7 Statusfenster von frst erscheint nicht
    Log-Analyse und Auswertung - 08.12.2013 (3)
  5. FRST.txt nach Interpol-Polizei Trojaner/Virus
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (3)
  6. WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan
    Log-Analyse und Auswertung - 10.10.2013 (14)
  7. GUV Trojaner mit Sperrbildschirm --> Schritte nach FRST Scan
    Log-Analyse und Auswertung - 01.10.2013 (9)
  8. GVU Trojaner! FRST scan schon durchgeführt, wie gehts weiter?
    Log-Analyse und Auswertung - 16.09.2013 (10)
  9. Interpol Trojaner hat PC gesperrt - frst Scan bereits durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (7)
  10. Interpol Trojaner - FRST Logfile includiert
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (13)
  11. Interpol Trojaner - Sperschirm//FRST.Log schon angehängt
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (9)
  12. Win7: Interpol Trojaner - Logfile Farbar Recovery Scan Tool
    Log-Analyse und Auswertung - 11.08.2013 (7)
  13. GVU Trojaner auf Asus EEE PC Windows 7 Starter - FRST Scan
    Log-Analyse und Auswertung - 06.08.2013 (13)
  14. Weißer Bildschirm nach Neustart, scan via FRST.exe --> FRST.txt
    Log-Analyse und Auswertung - 06.08.2013 (5)
  15. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013 Ran by Verena (administrator) on 24-07-2013 20:57:45 Running f
    Mülltonne - 24.07.2013 (1)
  16. GVU Trojaner Abgesichter Modus funktioniert nicht! FRST Scan durchgeführt.
    Log-Analyse und Auswertung - 15.07.2013 (5)
  17. GVU-Trojaner Scan-Ergebnis mit Frst.exe
    Log-Analyse und Auswertung - 18.05.2013 (5)

Zum Thema Windows 7: Interpol-Trojaner, FRST-Scan angefügt - Hallo, auf meinem Notebook öffnete sich plötzlich ein Fenster von Interpol, auf der ich aufgefordert wurde 100€ Geldbuße zu bezahlen. Daraufhin habe ich diesen Sachverhalt gegoogelt und bin auf ein - Windows 7: Interpol-Trojaner, FRST-Scan angefügt...
Archiv
Du betrachtest: Windows 7: Interpol-Trojaner, FRST-Scan angefügt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.