Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Interpol trojaner entfernen

Interpol trojaner entfernen


Log-Analyse und Auswertung: Interpol trojaner entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.04.2014, 15:04   #1
egland
 
Interpol trojaner entfernen - Standard

Interpol trojaner entfernen


Hallo zusammen
Mein Lap Top ist mit dem Interpol trojaner befallen.
Ich habe den FRST-Scan schon durchgeführt und schicke ihn.


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by SYSTEM on MINWINPC on 06-04-2014 15:47:51
Running from D:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-23] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-03-06] (Acer Incorporated)
HKLM\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-09-22] (Acer)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-08-06] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-08-06] (NVIDIA Corporation)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [821768 2008-07-01] (Dritek System Inc.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [CLMLServer] - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
HKLM\...\Run: [PlayMovie] - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-05-12] (Acer Corp.)
HKLM\...\Run: [Acer Assist Launcher] - C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-10-08] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Michael\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [4240760 2010-11-09] (Microsoft Corporation)
HKU\Michael\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Michael\...\Run: [Yontoo Desktop] - "C:\Users\Michael\AppData\Roaming\Yontoo\YontooDesktop.exe"
HKU\Michael\...\Run: [YtwgPack] - regsvr32.exe C:\Users\Michael\AppData\Local\YtwgPack\SMCLIENT.DLL <===== ATTENTION
HKU\Michael\...\Run: [syshost32] - C:\Users\Michael\AppData\Local\{918ACB89-7E1F-FA39-E448-51D4C3E791B0}\syshost.exe [83968 2014-04-05] ()
HKU\Michael\...\Run: [tgnxdthp] - regsvr32.exe "C:\ProgramData\tgnxdthp.dat"
HKU\Michael\...\Run: [Oxudm] - C:\Users\Michael\AppData\Local\Temp\Zekuo\oxudm.exe [643072 2008-12-12] () <===== ATTENTION
HKU\Michael\...\RunOnce: [iag3q] - C:\ProgramData\ujia\ynppd.exe [275456 2014-04-05] (Zone Labs, LLC)
HKU\Michael\...\Winlogon: [Shell] C:\ProgramData\ytfb\oomnsf.exe,explorer.exe <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll => C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll File Not Found

========================== Services (Whitelisted) =================

S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [25856 2008-04-14] (AVerMedia TECHNOLOGIES, Inc.)
S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42880 2008-04-14] (AVerMedia TECHNOLOGIES, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-24] (Microsoft Corporation)
S3 MyPenPro; C:\Windows\System32\Drivers\MyPenPro.sys [44032 2003-04-30] (C Technologies)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-03-29] (Texas Instruments)
S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-27] (Winbond Electronics Corporation)
S1 gcffuosq; \??\C:\Windows\system32\drivers\gcffuosq.sys [X]
S1 hjuihdee; \??\C:\Windows\system32\drivers\hjuihdee.sys [X]
S1 ihicpkrw; \??\C:\Windows\system32\drivers\ihicpkrw.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 jmcdlnbw; \??\C:\Windows\system32\drivers\jmcdlnbw.sys [X]
S1 lfypxjem; \??\C:\Windows\system32\drivers\lfypxjem.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 nxydeqhb; \??\C:\Windows\system32\drivers\nxydeqhb.sys [X]
S1 rahcrppn; \??\C:\Windows\system32\drivers\rahcrppn.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S1 tkzjuyvq; \??\C:\Windows\system32\drivers\tkzjuyvq.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-06 15:45 - 2014-04-06 15:47 - 00000000 ____D () C:\FRST
2014-04-06 00:02 - 2014-04-06 00:02 - 00000000 ____D () C:\Users\Michael\AppData\Local\{44FB4B45-C2BB-414C-BA26-554BC1E53C19}
2014-04-05 23:22 - 2014-04-05 23:57 - 00000000 ____D () C:\ProgramData\xibv
2014-04-05 12:01 - 2014-04-05 12:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\{7A973DC6-7406-4763-AE08-70318BA00AE4}
2014-04-05 11:28 - 2014-04-05 23:57 - 00000000 ____D () C:\ProgramData\xuqsaa
2014-04-05 11:28 - 2014-04-05 23:52 - 00000000 ____D () C:\ProgramData\fmnip
2014-04-05 11:28 - 2014-04-05 11:28 - 00000000 ____D () C:\ProgramData\qqxqud
2014-04-05 09:18 - 2014-04-05 09:18 - 00004275 _____ () C:\Users\Michael\Desktop\out.bin
2014-04-05 09:15 - 2014-04-06 05:04 - 00000000 ____D () C:\ProgramData\gitunx
2014-04-05 09:14 - 2014-04-06 05:04 - 00000000 ____D () C:\ProgramData\pdvy
2014-04-05 09:14 - 2014-04-05 09:15 - 00000000 ____D () C:\ProgramData\jketq
2014-04-05 09:14 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\ytfb
2014-04-05 09:14 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\ujia
2014-04-05 09:04 - 2014-04-05 09:04 - 00001555 _____ () C:\Users\Public\Documents\UNCRYPT_FILES.TXT
2014-04-05 08:55 - 2014-04-05 08:55 - 00001555 _____ () C:\Users\Public\UNCRYPT_FILES.TXT
2014-04-05 08:52 - 2014-04-05 08:52 - 00001555 _____ () C:\Users\Michael\Downloads\UNCRYPT_FILES.TXT
2014-04-05 08:44 - 2014-04-05 08:44 - 00001555 _____ () C:\Users\Michael\Documents\UNCRYPT_FILES.TXT
2014-04-05 08:29 - 2014-04-05 08:29 - 00001555 _____ () C:\Users\Michael\UNCRYPT_FILES.TXT
2014-04-05 08:29 - 2014-04-05 08:29 - 00001555 _____ () C:\Users\Michael\AppData\Local\UNCRYPT_FILES.TXT
2014-04-05 08:25 - 2014-04-05 08:28 - 00001555 _____ () C:\ProgramData\UNCRYPT_FILES.TXT
2014-04-05 08:00 - 2014-04-05 08:25 - 00382096 _____ () C:\ProgramData\tgnxdthp.dat
2014-04-05 08:00 - 2014-04-05 08:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{918ACB89-7E1F-FA39-E448-51D4C3E791B0}
2014-04-05 07:59 - 2014-04-06 05:04 - 00000000 ____D () C:\ProgramData\wwlcd
2014-03-17 00:04 - 2014-04-05 00:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\{63546E52-6521-4408-B3D9-8B32FC93385D}
2014-03-16 10:57 - 2014-03-16 10:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\{83EACAA2-7562-4F7A-B0DC-7188D5BE77FE}
2014-03-15 23:03 - 2014-02-22 21:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-15 23:03 - 2014-02-22 21:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-15 23:03 - 2014-02-22 21:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-15 23:03 - 2014-02-22 21:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-15 23:03 - 2014-02-22 21:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-03-15 23:03 - 2014-02-22 21:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-03-15 23:03 - 2014-02-22 21:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-03-15 23:03 - 2014-02-22 21:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-15 23:03 - 2014-02-22 21:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-15 23:03 - 2014-02-22 21:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-03-15 23:03 - 2014-02-22 21:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-15 23:03 - 2014-02-22 21:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-03-15 23:03 - 2014-02-22 21:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-15 23:03 - 2014-02-22 21:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-03-15 23:03 - 2014-02-22 21:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-15 23:02 - 2014-02-22 21:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-14 22:47 - 2014-02-07 02:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-14 22:47 - 2014-02-03 02:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-14 22:47 - 2014-01-29 23:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2014-03-14 22:46 - 2013-11-12 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-03-11 06:38 - 2014-04-05 08:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\YtwgPack
2014-03-10 00:19 - 2014-03-15 22:56 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D5CDA79D-C65D-4103-9AA0-006C1A5F22E9}
2014-03-09 06:17 - 2014-04-05 08:24 - 95028440 ____T () C:\ProgramData\qbnqatlf.fee
2014-03-08 23:42 - 2014-03-08 23:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\{2CC84866-1594-4EC0-B211-AA284EE49218}
2014-03-08 01:00 - 2014-03-08 01:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{120399DE-04AA-4A04-82AF-5B44359E608F}

==================== One Month Modified Files and Folders =======

2014-04-06 15:47 - 2014-04-06 15:45 - 00000000 ____D () C:\FRST
2014-04-06 05:17 - 2008-12-08 15:47 - 01367419 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 05:17 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 05:17 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 05:05 - 2008-12-08 11:27 - 00028029 _____ () C:\ProgramData\nvModes.001
2014-04-06 05:05 - 2008-12-08 09:56 - 00000680 _____ () C:\Users\Michael\AppData\Local\d3d9caps.dat
2014-04-06 05:04 - 2014-04-05 09:15 - 00000000 ____D () C:\ProgramData\gitunx
2014-04-06 05:04 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\pdvy
2014-04-06 05:04 - 2014-04-05 07:59 - 00000000 ____D () C:\ProgramData\wwlcd
2014-04-06 05:02 - 2008-01-20 18:47 - 07084078 _____ () C:\Windows\PFRO.log
2014-04-06 00:02 - 2014-04-06 00:02 - 00000000 ____D () C:\Users\Michael\AppData\Local\{44FB4B45-C2BB-414C-BA26-554BC1E53C19}
2014-04-05 23:57 - 2014-04-05 23:22 - 00000000 ____D () C:\ProgramData\xibv
2014-04-05 23:57 - 2014-04-05 11:28 - 00000000 ____D () C:\ProgramData\xuqsaa
2014-04-05 23:57 - 2008-12-08 11:26 - 00028029 _____ () C:\ProgramData\nvModes.dat
2014-04-05 23:52 - 2014-04-05 11:28 - 00000000 ____D () C:\ProgramData\fmnip
2014-04-05 12:01 - 2014-04-05 12:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\{7A973DC6-7406-4763-AE08-70318BA00AE4}
2014-04-05 11:28 - 2014-04-05 11:28 - 00000000 ____D () C:\ProgramData\qqxqud
2014-04-05 09:18 - 2014-04-05 09:18 - 00004275 _____ () C:\Users\Michael\Desktop\out.bin
2014-04-05 09:15 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\jketq
2014-04-05 09:14 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\ytfb
2014-04-05 09:14 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\ujia
2014-04-05 09:12 - 2010-08-28 05:50 - 00000000 ____D () C:\Users\Public\Documents\Projekt 10
2014-04-05 09:12 - 2010-07-07 09:02 - 00000000 ____D () C:\Users\Public\Documents\Steuerfälle
2014-04-05 09:07 - 2010-07-07 09:02 - 00000000 ____D () C:\Users\Public\Documents\Michael Egli
2014-04-05 09:06 - 2010-07-07 09:03 - 00000000 ____D () C:\Users\Public\Documents\d Egli
2014-04-05 09:06 - 2010-07-07 09:03 - 00000000 ____D () C:\Users\Public\Documents\Bilder
2014-04-05 09:05 - 2010-07-07 09:07 - 00000000 ____D () C:\Users\Public\Documents\Andreas
2014-04-05 09:04 - 2014-04-05 09:04 - 00001555 _____ () C:\Users\Public\Documents\UNCRYPT_FILES.TXT
2014-04-05 09:04 - 2010-10-31 09:04 - 06374139 _____ () C:\Users\Public\Documents\MOV03401.MPG
2014-04-05 09:04 - 2010-10-29 07:38 - 00030208 ___SH () C:\Users\Public\Documents\Thumbs.db
2014-04-05 09:04 - 2010-07-07 09:02 - 00017408 _____ () C:\Users\Public\Documents\Abrechnung Neuseeland.xls
2014-04-05 09:04 - 2010-07-07 09:01 - 00052256 _____ () C:\Users\Public\Documents\FIBUSICH.LZX
2014-04-05 09:04 - 2010-07-07 09:00 - 00070016 _____ () C:\Users\Public\Documents\EGLI-EGLI_M10.zip
2014-04-05 09:04 - 2010-03-09 10:02 - 00432702 _____ () C:\Users\Public\Documents\andi.xps
2014-04-05 08:56 - 2010-01-30 12:24 - 00000000 ____D () C:\Users\Public\2010-01-30 Grindelwald
2014-04-05 08:56 - 2009-02-11 11:24 - 00000000 ____D () C:\Users\Public\2009-02-11
2014-04-05 08:56 - 2006-11-02 03:18 - 00000000 ___RD () C:\users\Public
2014-04-05 08:55 - 2014-04-05 08:55 - 00001555 _____ () C:\Users\Public\UNCRYPT_FILES.TXT
2014-04-05 08:53 - 2008-12-08 11:24 - 00000000 ____D () C:\Users\Michael\Documents\Eigene Google Gadgets
2014-04-05 08:52 - 2014-04-05 08:52 - 00001555 _____ () C:\Users\Michael\Downloads\UNCRYPT_FILES.TXT
2014-04-05 08:44 - 2014-04-05 08:44 - 00001555 _____ () C:\Users\Michael\Documents\UNCRYPT_FILES.TXT
2014-04-05 08:44 - 2012-01-22 03:19 - 00516608 ___SH () C:\Users\Michael\Desktop\ehthumbs_vista.db
2014-04-05 08:44 - 2010-10-29 09:13 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2014-04-05 08:43 - 2012-12-05 11:32 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\codeblocks
2014-04-05 08:43 - 2009-11-17 09:15 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\skypePM
2014-04-05 08:40 - 2014-03-11 06:38 - 00000000 ____D () C:\Users\Michael\AppData\Local\YtwgPack
2014-04-05 08:40 - 2010-09-14 10:51 - 00000000 ____D () C:\Users\Michael\AppData\Local\Windows Live
2014-04-05 08:40 - 2009-06-21 09:07 - 00000000 ____D () C:\Users\Michael\AppData\Local\Zattoo
2014-04-05 08:35 - 2009-12-09 20:32 - 00000000 ____D () C:\Users\Michael\AppData\Local\Symantec
2014-04-05 08:35 - 2009-09-16 08:15 - 00000000 ____D () C:\Users\Michael\AppData\Local\Microsoft Help
2014-04-05 08:30 - 2009-09-16 08:16 - 00000000 ____D () C:\Users\Michael\.freemind
2014-04-05 08:30 - 2008-12-08 09:56 - 00000000 ____D () C:\users\Michael
2014-04-05 08:29 - 2014-04-05 08:29 - 00001555 _____ () C:\Users\Michael\UNCRYPT_FILES.TXT
2014-04-05 08:29 - 2014-04-05 08:29 - 00001555 _____ () C:\Users\Michael\AppData\Local\UNCRYPT_FILES.TXT
2014-04-05 08:29 - 2010-06-13 11:03 - 00017920 _____ () C:\Users\Michael\AppData\Local\WebpageIcons.db
2014-04-05 08:28 - 2014-04-05 08:25 - 00001555 _____ () C:\ProgramData\UNCRYPT_FILES.TXT
2014-04-05 08:25 - 2014-04-05 08:00 - 00382096 _____ () C:\ProgramData\tgnxdthp.dat
2014-04-05 08:24 - 2014-03-09 06:17 - 95028440 ____T () C:\ProgramData\qbnqatlf.fee
2014-04-05 08:24 - 2013-10-26 23:14 - 00013112 _____ () C:\ProgramData\8ztdlcar.bxx
2014-04-05 08:16 - 2008-04-18 01:50 - 00000000 ____D () C:\Book
2014-04-05 08:00 - 2014-04-05 08:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{918ACB89-7E1F-FA39-E448-51D4C3E791B0}
2014-04-05 00:04 - 2013-01-20 00:59 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-04-05 00:02 - 2013-01-20 00:58 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-05 00:01 - 2014-03-17 00:04 - 00000000 ____D () C:\Users\Michael\AppData\Local\{63546E52-6521-4408-B3D9-8B32FC93385D}
2014-03-18 23:46 - 2013-08-15 06:19 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-18 23:37 - 2006-11-02 02:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-03-16 10:57 - 2014-03-16 10:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\{83EACAA2-7562-4F7A-B0DC-7188D5BE77FE}
2014-03-16 07:19 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\rescache
2014-03-16 07:02 - 2006-11-02 04:47 - 00345072 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-16 06:59 - 2009-11-06 09:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 22:58 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\de-DE
2014-03-15 22:56 - 2014-03-10 00:19 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D5CDA79D-C65D-4103-9AA0-006C1A5F22E9}
2014-03-14 22:31 - 2013-05-09 03:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-03-14 22:31 - 2011-08-13 21:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-03-10 23:52 - 2012-08-30 13:03 - 00104264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2014-03-09 00:14 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-08 23:42 - 2014-03-08 23:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\{2CC84866-1594-4EC0-B211-AA284EE49218}
2014-03-08 01:17 - 2008-01-20 23:16 - 01543880 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-08 01:00 - 2014-03-08 01:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{120399DE-04AA-4A04-82AF-5B44359E608F}

Files to move or delete:
====================
C:\Users\Michael\AppData\Local\Temp\Zekuo\oxudm.exe
C:\ProgramData\8ztdlcar.bxx
C:\ProgramData\8ztdlcar.fvv
C:\ProgramData\jqfhfr7t.ctrl
C:\ProgramData\qbnqatlf.fee
C:\ProgramData\tgnxdthp.dat
C:\ProgramData\vi0lfvr.odd


Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\10A9.tmp.exe
C:\Users\Michael\AppData\Local\Temp\2sysconf.exe
C:\Users\Michael\AppData\Local\Temp\7315EC.exe
C:\Users\Michael\AppData\Local\Temp\contentDATs.exe
C:\Users\Michael\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Michael\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Michael\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Michael\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Michael\AppData\Local\Temp\h4jhv_2y.dll
C:\Users\Michael\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\lrskyrzp.exe
C:\Users\Michael\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Michael\AppData\Local\Temp\nsk4117.tmp.exe
C:\Users\Michael\AppData\Local\Temp\omzpq2bk.dll
C:\Users\Michael\AppData\Local\Temp\ordsxh0l.dll
C:\Users\Michael\AppData\Local\Temp\pqlh9be-.dll
C:\Users\Michael\AppData\Local\Temp\removeKCL.EXE
C:\Users\Michael\AppData\Local\Temp\removeKTID.EXE
C:\Users\Michael\AppData\Local\Temp\remTIDShortcut.EXE
C:\Users\Michael\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Michael\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Michael\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Michael\AppData\Local\Temp\u1b8phlk.dll
C:\Users\Michael\AppData\Local\Temp\uninstaller.exe
C:\Users\Michael\AppData\Local\Temp\vlc-1.1.4-win32.exe
C:\Users\Michael\AppData\Local\Temp\WindowsXP-KB918997-v6-x86-%s.exe
C:\Users\Michael\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Michael\AppData\Local\Temp\writeLogFile.EXE
C:\Users\Michael\AppData\Local\Temp\WSSetup.exe
C:\Users\Michael\AppData\Local\Temp\Zattoo-Update.exe
C:\Users\Michael\AppData\Local\Temp\zhsB79D.exe
C:\Users\Michael\AppData\Local\Temp\~+JF4605862463364572036.dll
C:\Users\Michael\AppData\Local\Temp\~dmp8974339369928246427.tmp.exe
C:\Users\Michael\AppData\Local\Temp\~tmf5567513159821598138.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-03-09 01:12:37
Restore point made on: 2014-03-10 00:20:31
Restore point made on: 2014-03-11 04:02:27
Restore point made on: 2014-03-14 22:52:16
Restore point made on: 2014-03-15 22:57:24
Restore point made on: 2014-03-17 09:12:33
Restore point made on: 2014-03-18 04:35:43
Restore point made on: 2014-03-18 23:36:14
Restore point made on: 2014-03-22 23:28:59
Restore point made on: 2014-03-26 00:51:09
Restore point made on: 2014-03-29 23:13:48
Restore point made on: 2014-04-04 09:04:11
Restore point made on: 2014-04-05 00:00:56

==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 4090.07 MB
Available physical RAM: 3612.11 MB
Total Pagefile: 3955.55 MB
Available Pagefile: 3788.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.77 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:50.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:1.91 GB) (Free:0.84 GB) FAT
Drive e: (DATA) (Fixed) (Total:144.04 GB) (Free:143.17 GB) NTFS
Drive x: (PQSERVICE) (Fixed) (Total:10 GB) (Free:1.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 83C9BCF7)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 8EC50B8A)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2014-04-06 05:09

==================== End Of Log ============================

Könnt ihr mir weiterhelfen??

Freundliche Grüsse und vielen Dank

 

Themen zu Interpol trojaner entfernen
acer, adobe, association, crypt, defender, desktop, download, entfernen, explorer, explorer.exe, google, home, launch, messenger, microsoft, nvidia, popup, registry, rundll, services.exe, svchost.exe, system, temp, trojaner, vista, winlogon, winlogon.exe


« Windows Vista: Webseiten werden auf Werbung umgeleitet. | problem beim starten von c users appdata roaming newnext.me nengine.dll »


Ähnliche Themen: Interpol trojaner entfernen


  1. Interpol-Virus Windows 8.1 entfernen bitte für Dummies!!!!
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (7)
  2. Interpol Trojaner
    Log-Analyse und Auswertung - 21.10.2014 (25)
  3. GUV/Interpol-Trojaner Win 7/32 Bit
    Log-Analyse und Auswertung - 21.04.2014 (10)
  4. Interpol hat zugeschlagen! Interpol Troyaner/Virus legt Rechner Lahm!
    Log-Analyse und Auswertung - 30.03.2014 (7)
  5. Trojaner Interpol Win XP - trotz abgesicherten Modus kein Zugriff - Standard AW: Trojaner Interpol Win XP - trotz abgesicherten Modus kein
    Log-Analyse und Auswertung - 18.02.2014 (18)
  6. Interpol/BKA Trojaner
    Log-Analyse und Auswertung - 07.01.2014 (11)
  7. Interpol Trojaner mit Kaspersky Rescue Disk 10 entfernen geht nicht.
    Log-Analyse und Auswertung - 21.12.2013 (15)
  8. Interpol Trojaner läßt sich nicht entfernen...
    Log-Analyse und Auswertung - 03.12.2013 (3)
  9. Interpol Trojaner von Rechner entfernen
    Log-Analyse und Auswertung - 27.11.2013 (12)
  10. GVU Interpol Trojaner entfernen?
    Log-Analyse und Auswertung - 26.11.2013 (5)
  11. Interpol Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.11.2013 (14)
  12. gvu interpol trojaner entfernen, bitte um hilfe
    Log-Analyse und Auswertung - 17.11.2013 (4)
  13. GVU-Interpol-BKA-Trojaner
    Log-Analyse und Auswertung - 01.11.2013 (17)
  14. GVU, Interpol Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.10.2013 (15)
  15. Interpol-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (9)
  16. Interpol / GVU Trojaner entfernen! ... BITTE UM HILFE
    Log-Analyse und Auswertung - 15.10.2013 (7)
  17. Interpol trojaner
    Log-Analyse und Auswertung - 27.05.2013 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Interpol trojaner entfernen - Hallo zusammen Mein Lap Top ist mit dem Interpol trojaner befallen. Ich habe den FRST-Scan schon durchgeführt und schicke ihn. Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery - Interpol trojaner entfernen...

Alle Zeitangaben in WEZ +1. Es ist jetzt 12:44 Uhr.

Kontakt - Trojaner-Board - Archiv - Datenschutzerklärung - Nach oben

Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: Interpol trojaner entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131