Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Interpol Virus Problem

Interpol Virus Problem


Log-Analyse und Auswertung: Interpol Virus Problem

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.09.2014, 12:59   #1
Otherworld
 
Interpol Virus Problem - Standard

Interpol Virus Problem


Hallo liebes Forum,
Ich habe mir den Interpol Virus eingefangen, Computer gesperrt, das alte Leiden. Ich habe mich hier eingelesen und Dieses Scanprogramm heruntergeladen und damit sowohl einen Scan als auch eine TXT Datei gespeichert die ich anschliessend einfüge
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014
Ran by SYSTEM on MININT-6P59L15 on 06-09-2014 13:35:25
Running from E:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1736704 2009-12-24] ()
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-09-16] (VIA)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [7109248 2010-01-13] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKU\Leonie\...\Run: [Tuitukapun] => C:\Users\Leonie\AppData\Roaming\Usev\uvot.exe
HKU\Leonie\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [467680 2014-07-30] (Sony)
HKU\Torben\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [467680 2014-07-30] (Sony)
Startup: C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\BC0DCFB.cpp ()
Startup: C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\BC0DCFB.cpp ()

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 Winmgmt; C:\ProgramData\BFCD0CB.dot [332028 2014-09-06] (Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-05] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-11] ()
S3 tmlwf; No ImagePath
S3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 13:35 - 2014-09-06 13:35 - 00000000 ____D () C:\FRST
2014-09-06 01:57 - 2014-09-06 01:57 - 00000000 ____D () C:\Windows\pss
2014-09-06 01:12 - 2014-09-06 01:12 - 00332028 ____T (Microsoft Corporation) C:\ProgramData\BFCD0CB.dot
2014-09-06 01:10 - 2014-09-06 01:10 - 00174896 _____ () C:\ProgramData\BC0DCFB.cpp
2014-08-27 11:23 - 2014-08-27 11:23 - 00002028 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-08-15 12:15 - 2014-08-15 15:06 - 524288000 _____ () C:\Users\Torben\Downloads\ZBrush4R6Portable.part1.rar
2014-08-15 10:40 - 2014-08-15 10:40 - 00000000 ____D () C:\Users\Torben\Desktop\expose
2014-08-15 10:39 - 2014-08-15 10:40 - 14862923 _____ () C:\Users\Torben\Downloads\Outlook.com(1).zip
2014-08-15 07:02 - 2014-08-15 09:53 - 524288000 _____ () C:\Users\Torben\Downloads\ZBrush4R6Portable.part2.rar
2014-08-15 06:54 - 2014-08-15 07:01 - 20056778 _____ () C:\Users\Torben\Downloads\ZBrush4R6Portable.part3.rar
2014-08-14 00:04 - 2014-08-27 11:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-14 00:04 - 2014-08-27 11:27 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 13:35 - 2014-09-06 13:35 - 00000000 ____D () C:\FRST
2014-09-06 02:56 - 2009-07-13 20:51 - 00124041 _____ () C:\Windows\setupact.log
2014-09-06 02:23 - 2010-04-21 11:44 - 01114972 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 02:20 - 2009-07-13 20:45 - 00010016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 02:20 - 2009-07-13 20:45 - 00010016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 01:57 - 2014-09-06 01:57 - 00000000 ____D () C:\Windows\pss
2014-09-06 01:12 - 2014-09-06 01:12 - 00332028 ____T (Microsoft Corporation) C:\ProgramData\BFCD0CB.dot
2014-09-06 01:10 - 2014-09-06 01:10 - 00174896 _____ () C:\ProgramData\BC0DCFB.cpp
2014-09-03 07:51 - 2013-05-01 03:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 07:51 - 2013-01-08 13:09 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-03 07:51 - 2013-01-08 13:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-03 07:46 - 2014-06-25 11:04 - 00000000 ____D () C:\Users\Leonie\AppData\Local\Adobe
2014-08-27 11:28 - 2014-08-14 00:04 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-27 11:27 - 2014-08-14 00:04 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-27 11:27 - 2013-01-07 16:40 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-27 11:24 - 2010-04-21 12:38 - 00326470 _____ () C:\Windows\DPINST.LOG
2014-08-27 11:23 - 2014-08-27 11:23 - 00002028 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-08-27 11:22 - 2010-04-21 12:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-15 15:06 - 2014-08-15 12:15 - 524288000 _____ () C:\Users\Torben\Downloads\ZBrush4R6Portable.part1.rar
2014-08-15 10:40 - 2014-08-15 10:40 - 00000000 ____D () C:\Users\Torben\Desktop\expose
2014-08-15 10:40 - 2014-08-15 10:39 - 14862923 _____ () C:\Users\Torben\Downloads\Outlook.com(1).zip
2014-08-15 09:53 - 2014-08-15 07:02 - 524288000 _____ () C:\Users\Torben\Downloads\ZBrush4R6Portable.part2.rar
2014-08-15 08:44 - 2009-08-04 01:51 - 00657676 _____ () C:\Windows\System32\perfh007.dat
2014-08-15 08:44 - 2009-08-04 01:51 - 00131016 _____ () C:\Windows\System32\perfc007.dat
2014-08-15 08:44 - 2009-07-13 21:13 - 01507106 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-15 07:01 - 2014-08-15 06:54 - 20056778 _____ () C:\Users\Torben\Downloads\ZBrush4R6Portable.part3.rar
2014-08-14 07:21 - 2010-04-21 12:45 - 00001974 _____ () C:\Windows\System32\AutoRunFilter.ini
2014-08-14 07:21 - 2010-04-21 12:45 - 00001368 _____ () C:\Windows\System32\ServiceFilter.ini
2014-08-14 00:04 - 2013-01-07 16:40 - 00000000 ____D () C:\ProgramData\Avira
2014-08-12 12:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\LiveKernelReports

Some content of TEMP:
====================
C:\Users\Leonie\AppData\Local\Temp\APNStub.exe
C:\Users\Leonie\AppData\Local\Temp\AskSLib.dll
C:\Users\Leonie\AppData\Local\Temp\atl80.dll
C:\Users\Leonie\AppData\Local\Temp\avgnt.exe
C:\Users\Leonie\AppData\Local\Temp\DeltaTB.exe
C:\Users\Leonie\AppData\Local\Temp\dotNetFx40_Client_setup.exe
C:\Users\Leonie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprezq1p.dll
C:\Users\Leonie\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Leonie\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Leonie\AppData\Local\Temp\ETDUninst.dll
C:\Users\Leonie\AppData\Local\Temp\IminentSetup.exe
C:\Users\Leonie\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Leonie\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Leonie\AppData\Local\Temp\mfc80.dll
C:\Users\Leonie\AppData\Local\Temp\mfc80u.dll
C:\Users\Leonie\AppData\Local\Temp\mfcm80.dll
C:\Users\Leonie\AppData\Local\Temp\mfcm80u.dll
C:\Users\Leonie\AppData\Local\Temp\msvcm80.dll
C:\Users\Leonie\AppData\Local\Temp\msvcp80.dll
C:\Users\Leonie\AppData\Local\Temp\msvcr80.dll
C:\Users\Leonie\AppData\Local\Temp\nslB22B.exe
C:\Users\Leonie\AppData\Local\Temp\nslB622.exe
C:\Users\Leonie\AppData\Local\Temp\nsq7A84.exe
C:\Users\Leonie\AppData\Local\Temp\nsw806F.exe
C:\Users\Leonie\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Leonie\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Leonie\AppData\Local\Temp\TmDbg32.dll
C:\Users\Leonie\AppData\Local\Temp\TmDbg64.dll
C:\Users\Leonie\AppData\Local\Temp\uninst1.exe
C:\Users\Torben\AppData\Local\Temp\2qj2.dll
C:\Users\Torben\AppData\Local\Temp\avgnt.exe
C:\Users\Torben\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Torben\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Torben\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Torben\AppData\Local\Temp\Quarantine.exe
C:\Users\Torben\AppData\Local\Temp\rml.dll
C:\Users\Torben\AppData\Local\Temp\SPSetup.exe
C:\Users\Torben\AppData\Local\Temp\vlc-2.0.8-win32.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 4095.21 MB
Available physical RAM: 3529.61 MB
Total Pagefile: 4093.36 MB
Available Pagefile: 3515.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.16 GB) (Free:387.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (TORBEN) (Removable) (Total:7.45 GB) (Free:2.5 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=16.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=449.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2013-08-23 23:32

==================== End Of Log ============================
Ich hoffe es kann mir einer von euch helfen, bin ziemlich ratlos.
Vielen Dank ihr lieben

 

Themen zu Interpol Virus Problem
conduit.search, conduit.search entfernen, fcupdateservice.exe, fehlercode 0xc0000005, js/securitydisabler.a.gen, lnk/agent.az, pup.optional.babylon.a, pup.optional.bandoo, pup.optional.conduit.a, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.iminent.a, pup.optional.opencandy, pup.optional.softonic.a, win32/clientconnect.a, win32/conduit.searchprotect.h, win32/conduit.searchprotect.i, win32/downloadsponsor.a, win32/reveton.aj, win32/toolbar.babylon.f, win32/toolbar.conduit, win32/toolbar.conduit.r, win64/conduit.searchprotect.a, win64/kryptik.fz


« Chrome öffnet automatisch verschiedene Internetseiten | System wird langsam, Programme starten nicht mehr, AMD:CCC Capturing Windows »


Ähnliche Themen: Interpol Virus Problem


  1. Interpol Virus
    Log-Analyse und Auswertung - 02.03.2015 (22)
  2. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 25.01.2015 (3)
  3. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 09.01.2015 (11)
  4. Interpol Virus
    Log-Analyse und Auswertung - 17.12.2014 (9)
  5. Interpol Virus
    Log-Analyse und Auswertung - 02.11.2014 (51)
  6. Interpol hat zugeschlagen! Interpol Troyaner/Virus legt Rechner Lahm!
    Log-Analyse und Auswertung - 30.03.2014 (7)
  7. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 21.02.2014 (18)
  8. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 08.02.2014 (3)
  9. Problem mit Interpol Trojaner
    Log-Analyse und Auswertung - 19.11.2013 (9)
  10. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 08.11.2013 (5)
  11. Interpol BKA virus Win 7
    Log-Analyse und Auswertung - 03.11.2013 (3)
  12. Interpol Virus
    Log-Analyse und Auswertung - 22.10.2013 (3)
  13. Interpol/Fedpol Problem
    Log-Analyse und Auswertung - 20.10.2013 (1)
  14. Problem Interpol Trojaner Windows XP Pro
    Log-Analyse und Auswertung - 13.10.2013 (9)
  15. Interpol-Virus
    Log-Analyse und Auswertung - 10.10.2013 (9)
  16. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 26.09.2013 (16)
  17. Interpol Virus eingefangen
    Log-Analyse und Auswertung - 08.09.2013 (27)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Interpol Virus Problem - Hallo liebes Forum, Ich habe mir den Interpol Virus eingefangen, Computer gesperrt, das alte Leiden. Ich habe mich hier eingelesen und Dieses Scanprogramm heruntergeladen und damit sowohl einen Scan als - Interpol Virus Problem...
Archiv
Du betrachtest: Interpol Virus Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131