Interpol-Trojaner hat meinen Rechner gesperrt

Schulle57 · 23.11.2013, 14:59

Hallo Leute,

folgendes Problem: angeblich hat Interpol mein Rechner gesperrt

.
Was kann ich gegen diesen Trojaner machen? Mit Farbar Recovery Scan habe ich mir schon mal die Log-Datei erstellen lassen:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2013 01
Ran by SYSTEM on MININT-27ALP96 on 22-11-2013 17:50:25
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-06-15] (Acer Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Schulle\...\Run: [Browser Infrastructure Helper] - C:\Users\Schulle\AppData\Local\Smartbar\Application\QuickShare.exe [20248 2013-06-16] (Smartbar)
HKU\Schulle\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\Schulle\...\RunOnce: [bq3xi] - C:\ProgramData\iae\cbhgq.exe [396800 2013-11-21] (NVIDIA Corporation)
HKU\Schulle\...\Winlogon: [Shell] C:\ProgramData\mrsm\elera.exe,explorer.exe <==== ATTENTION 

==================== Services (Whitelisted) =================

S2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [822304 2010-06-15] (Acer Incorporated)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-16] (NTI, Inc.)
S2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{2e695283-51bc-c546-2862-d87b0e9f724e}\   \...\???\{2e695283-51bc-c546-2862-d87b0e9f724e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-22 17:47 - 2013-11-22 17:47 - 00000000 ____D C:\FRST
2013-11-21 14:16 - 2013-11-21 14:16 - 00000364 _____ C:\Windows\PFRO.log
2013-11-21 14:07 - 2013-11-22 07:02 - 00000000 ____D C:\ProgramData\tjgensu
2013-11-21 14:07 - 2013-11-22 04:25 - 00000000 ____D C:\ProgramData\epc
2013-11-21 14:07 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\opfx
2013-11-21 14:07 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\mrsm
2013-11-21 14:07 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\iae
2013-11-21 14:03 - 2013-11-22 07:02 - 00000000 ____D C:\ProgramData\avppqbj
2013-11-17 04:14 - 2013-11-22 07:02 - 00000392 _____ C:\Windows\setupact.log
2013-11-17 04:14 - 2013-11-17 04:14 - 00000000 _____ C:\Windows\setuperr.log
2013-11-16 13:25 - 2013-11-16 13:32 - 00027136 _____ C:\Users\Schulle\Downloads\Mitgliederzahlen.xls
2013-11-13 11:16 - 2013-11-16 11:17 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-11-13 11:16 - 2013-11-13 11:16 - 00000000 ____D C:\1d1f670d4d142ce06840f642e140

==================== One Month Modified Files and Folders =======

2013-11-22 17:47 - 2013-11-22 17:47 - 00000000 ____D C:\FRST
2013-11-22 07:12 - 2013-10-13 10:21 - 00670008 _____ C:\Windows\WindowsUpdate.log
2013-11-22 07:09 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-22 07:09 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-22 07:02 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\tjgensu
2013-11-22 07:02 - 2013-11-21 14:03 - 00000000 ____D C:\ProgramData\avppqbj
2013-11-22 07:02 - 2013-11-17 04:14 - 00000392 _____ C:\Windows\setupact.log
2013-11-22 07:02 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-22 04:25 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\epc
2013-11-21 14:16 - 2013-11-21 14:16 - 00000364 _____ C:\Windows\PFRO.log
2013-11-21 14:14 - 2013-10-11 10:17 - 00006584 _____ C:\Users\Schulle\Documents\Re_Ferienwohnung_Fam_Norbert_Schulz.eml
2013-11-21 14:14 - 2013-06-02 08:22 - 00339968 _____ C:\Users\Schulle\Documents\kopfbogen neu 2013 Aufnahmeantrag nur Abbuchung.dot
2013-11-21 14:14 - 2013-02-27 22:39 - 06728784 _____ C:\Users\Schulle\Documents\InstallMyTomTomSA.exe
2013-11-21 14:14 - 2012-12-29 04:36 - 15271824 _____ C:\Users\Schulle\Documents\picasa39-setup.exe
2013-11-21 14:14 - 2012-08-05 04:04 - 196139624 _____ C:\Users\Schulle\Documents\Rossmann-Fotosoftware-Setup.exe
2013-11-21 14:14 - 2012-08-05 03:04 - 00016384 ___SH C:\Users\Schulle\Documents\Thumbs.db
2013-11-21 14:14 - 2011-10-09 09:27 - 00910624 _____ C:\Users\Schulle\Documents\jre-6u27-windows-i586-iftw.exe&File=jre-6u27-windows-i586-iftw.exe&BHost=javadl.sun.com
2013-11-21 14:14 - 2011-05-22 08:12 - 04186072 _____ C:\Users\Schulle\Documents\McAfeeSetup.exe
2013-11-21 14:14 - 2011-04-01 10:06 - 00000000 ____D C:\Users\Schulle\AppData\Roaming\SoftGrid Client
2013-11-21 14:13 - 2013-10-12 07:57 - 00117760 _____ C:\Users\Schulle\Documents\10110 SV Dreetz 1980.xls
2013-11-21 14:13 - 2013-09-01 02:00 - 46592416 _____ C:\Users\Schulle\Documents\EIE10_EN-US_WOL_Win764.EXE
2013-11-21 14:13 - 2013-04-11 10:56 - 51310752 _____ C:\Users\Schulle\Documents\IE10-Setup-Full-x64.exe
2013-11-21 14:13 - 2013-03-17 01:06 - 29083336 _____ C:\Users\Schulle\Documents\family_tree_builder_5634.exe
2013-11-21 14:13 - 2013-02-24 10:39 - 04189792 _____ C:\Users\Schulle\Documents\ccsetup327.exe
2013-11-21 14:13 - 2012-10-17 09:43 - 00107008 _____ C:\Users\Schulle\Documents\10110%20SV%20Dreetz%201980 (2).xls
2013-11-21 14:07 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\opfx
2013-11-21 14:07 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\mrsm
2013-11-21 14:07 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\iae
2013-11-21 13:33 - 2011-01-13 11:41 - 00654852 _____ C:\Windows\System32\perfh007.dat
2013-11-21 13:33 - 2011-01-13 11:41 - 00130434 _____ C:\Windows\System32\perfc007.dat
2013-11-21 13:33 - 2009-07-13 21:13 - 01500104 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-21 13:26 - 2011-04-01 04:59 - 00000000 ____D C:\users\Schulle
2013-11-21 13:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-11-21 13:23 - 2012-12-27 10:07 - 00000000 ____D C:\Users\Schulle\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
2013-11-21 13:23 - 2011-09-22 09:16 - 00000000 __RSD C:\Users\Schulle\Documents\My Stationery
2013-11-21 13:23 - 2011-04-01 10:12 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-11-21 13:23 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-11-21 13:23 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-11-21 13:23 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-11-21 13:23 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-11-21 13:23 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-11-21 13:23 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-11-21 13:23 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-11-21 13:23 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-11-21 13:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-11-21 13:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-11-21 13:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-11-21 13:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors
2013-11-21 13:22 - 2013-02-24 10:43 - 00000000 ____D C:\Program Files\CCleaner
2013-11-21 13:22 - 2012-08-06 10:34 - 00000000 ____D C:\Program Files (x86)\Rossmann Fotowelt Software
2013-11-21 13:22 - 2011-06-21 08:32 - 00000000 ____D C:\Program Files (x86)\MyTomTom 3
2013-11-21 13:22 - 2011-04-03 06:41 - 00000000 ____D C:\Program Files (x86)\T-Online_Software_6
2013-11-21 13:22 - 2011-04-01 10:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-11-21 13:22 - 2011-01-13 02:54 - 00000000 ____D C:\Program Files (x86)\Launch Manager
2013-11-21 13:22 - 2010-09-07 23:55 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2013-11-21 13:22 - 2010-09-07 23:49 - 00000000 ____D C:\ProgramData\McAfee
2013-11-21 13:22 - 2010-09-07 23:34 - 00000000 ____D C:\Program Files (x86)\AmIcoSingLun
2013-11-21 13:22 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-21 13:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-11-21 12:59 - 2013-03-13 12:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-21 12:59 - 2013-03-13 12:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-17 04:14 - 2013-11-17 04:14 - 00000000 _____ C:\Windows\setuperr.log
2013-11-16 13:32 - 2013-11-16 13:25 - 00027136 _____ C:\Users\Schulle\Downloads\Mitgliederzahlen.xls
2013-11-16 11:17 - 2013-11-13 11:16 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-11-16 07:35 - 2012-12-14 05:18 - 00262144 _____ C:\Windows\System32\config\ELAM
2013-11-13 11:16 - 2013-11-13 11:16 - 00000000 ____D C:\1d1f670d4d142ce06840f642e140
2013-11-13 11:16 - 2013-08-14 23:47 - 00000000 ____D C:\Windows\System32\MRT
2013-11-13 11:16 - 2011-06-15 09:33 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-13 10:46 - 2012-12-29 04:38 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-13 10:44 - 2011-04-02 05:11 - 00000000 ____D C:\Users\Schulle\AppData\Local\Google
2013-10-24 09:38 - 2011-04-01 10:12 - 00000000 ____D C:\Users\Schulle\AppData\Local\Microsoft Games
ZeroAccess:
C:\Users\Schulle\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

15
Restore point made on: 2013-10-13 13:07:19
Restore point made on: 2013-10-13 13:11:03
Restore point made on: 2013-10-13 13:17:05
Restore point made on: 2013-10-13 13:57:26
Restore point made on: 2013-10-20 08:33:08
Restore point made on: 2013-10-20 08:40:38
Restore point made on: 2013-10-20 09:00:06
Restore point made on: 2013-10-27 10:00:24
Restore point made on: 2013-11-03 10:00:10
Restore point made on: 2013-11-10 10:00:22
Restore point made on: 2013-11-13 11:15:54
Restore point made on: 2013-11-17 10:00:29
Restore point made on: 2013-11-21 12:45:41
Restore point made on: 2013-11-21 12:58:43
Restore point made on: 2013-11-21 13:15:00

==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 3764.48 MB
Available physical RAM: 3060.02 MB
Total Pagefile: 3762.63 MB
Available Pagefile: 3047.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:403.44 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:2.4 GB) NTFS
Drive g: () (Removable) (Total:7.45 GB) (Free:4.11 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C28353B4)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: 26D09764)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-11-10 09:24

==================== End Of Log ============================

Bitte helft mir. Vielen Dank!

Interpol-Trojaner hat meinen Rechner gesperrt

Log-Analyse und Auswertung: Interpol-Trojaner hat meinen Rechner gesperrt

Interpol-Trojaner hat meinen Rechner gesperrt

Ähnliche Themen: Interpol-Trojaner hat meinen Rechner gesperrt