| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei-GVU-Interpol VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.12.2013, 18:08
| #1 |
| |  Bundespolizei-GVU-Interpol Virus Hallo, der Laptop einer Bekannten startet nur mit diesem Bild des Virus. Man solle 100 Euro mit "paysafecard" bezahlen usw.... Windows bootet normal hoch. Farbar habe ich durchlaufen lassen: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by SYSTEM on MININT-FSUUNJD on 13-12-2013 17:47:48
Running from D:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [212480 2010-05-14] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1486392 2011-04-05] (McAfee, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-03-04] (Avira GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKU\Anna\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-06] (Google Inc.)
HKU\Anna\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.4\ICQ.exe [119608 2011-03-20] (ICQ, LLC.)
HKU\Anna\...\Run: [Facebook Update] - C:\Users\Anna\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\Anna\...\Run: [AVMUSBFernanschluss] - C:\Users\Anna\AppData\Local\Apps\2.0\8KJ8VP5O.GXN\BDDP57JA.DJZ\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2013-02-01] (AVM Berlin)
HKU\Anna\...\RunOnce: [*IE11Update] - C:\Users\Anna\Desktop\IE11Update.exe [45384 2013-10-11] ()
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-27] (Avira GmbH)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-06-29] (Avira GmbH)
S2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [246584 2010-06-21] ()
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [509416 2010-10-07] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [200056 2011-04-14] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [245352 2011-04-14] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [149032 2011-04-14] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [252416 2010-05-25] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1250160 2010-05-31] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-06-29] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-06-29] (Avira GmbH)
S3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2011-10-10] (AVM Berlin)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-13 17:47 - 2013-12-13 17:47 - 00000000 ____D C:\FRST
2013-11-19 13:45 - 2013-11-19 13:45 - 00000000 ____D C:\Program Files\McAfee Security Scan
==================== One Month Modified Files and Folders =======
2013-12-13 17:47 - 2013-12-13 17:47 - 00000000 ____D C:\FRST
2013-12-13 17:29 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-13 17:29 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-13 17:28 - 2010-12-06 19:41 - 00654852 _____ C:\Windows\System32\perfh007.dat
2013-12-13 17:28 - 2010-12-06 19:41 - 00130434 _____ C:\Windows\System32\perfc007.dat
2013-12-13 17:28 - 2009-07-14 06:13 - 01500294 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-13 17:21 - 2011-03-16 22:19 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0422D496-14A5-4D58-B1C5-CFB16DB30B91}
2013-12-13 17:21 - 2010-12-06 11:04 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-13 17:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-13 17:21 - 2009-07-14 05:51 - 00097790 _____ C:\Windows\setupact.log
2013-11-19 13:45 - 2013-11-19 13:45 - 00000000 ____D C:\Program Files\McAfee Security Scan
Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\AskSLib.dll
C:\Users\Anna\AppData\Local\Temp\AutoRun.exe
C:\Users\Anna\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Anna\AppData\Local\Temp\contentDATs.exe
C:\Users\Anna\AppData\Local\Temp\First15.exe
C:\Users\Anna\AppData\Local\Temp\IcqUpdater.exe
C:\Users\Anna\AppData\Local\Temp\kgqhmqvxqyyqpywpujh.bfg
C:\Users\Anna\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Anna\AppData\Local\Temp\VP6Install.exe
C:\Users\Anna\AppData\Local\Temp\VP6VFW.dll
C:\Users\Anna\AppData\Local\Temp\~tmf3844199169639546943.dll
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
6
Restore point made on: 2013-08-30 17:29:30
Restore point made on: 2013-09-11 11:55:29
Restore point made on: 2013-09-13 06:11:14
Restore point made on: 2013-09-22 15:57:53
Restore point made on: 2013-10-09 15:56:17
Restore point made on: 2013-10-11 00:26:07
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 4012.96 MB
Available physical RAM: 3363.9 MB
Total Pagefile: 4011.11 MB
Available Pagefile: 3361.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:583.19 GB) (Free:511.33 GB) NTFS
Drive d: () (Removable) (Total:1.96 GB) (Free:1.94 GB) FAT
Drive f: (Recovery) (Fixed) (Total:12.88 GB) (Free:0.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 96F323E6)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=583 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: FD9A35C3)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
LastRegBack: 2013-10-09 15:47
==================== End Of Log ============================
Danke und Grüße Andi |
| Themen zu Bundespolizei-GVU-Interpol Virus |
| adobe, anschluss, antivir, association, avg, avira, desktop, euro, explorer, explorer.exe, google, home, icq, realtek, registry, scan, security, services.exe, siteadvisor, svchost.exe, symantec, system, system32, temp, virus, winlogon.exe |
Baum-Darstellung