Windows 7: Interpol-Virus

Paix · 06.10.2013, 15:03

Guten Tag
Ich bin neu hier und ich habe den Interpol-virus auf meinem Laptop.
Ich habe bereits einen Scan mit FRST gemacht, ich hoffe das geht soweit in Ordnung.
Meine Computererfahrung ist gering, ich bitte also um Entschuldigung falls ich eine Anleitung nicht gleich verstehe.

Wäre sehr nett, wenn mir da jemand helfen könnte.

Hier der frst ( 32 bit ) log:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by SYSTEM on MININT-8IR259R on 06-10-2013 15:27:42
Running from G:\
Windows 7 Starter (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-11-03] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2009-10-11] (IDT, Inc.)
HKLM\...\Run: [HP] - C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe [589104 2009-07-13] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM\...\Run: [ZumoDrive] - C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2038 2010-03-05] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKU\richter\...\Run: [Simplify Media] - C:\Program Files\Hp\HP MediaStream\HPMediaStream.exe [ 2009-10-23] (Simplify Media, Inc.)
HKU\richter\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-04-19] (Skype Technologies S.A.)
HKU\richter\...\Run: [Google Update] - [x]
HKU\richter\...\Run: [Diyn] - C:\Users\richter\AppData\Roaming\Annux\diyn.exe [ 2010-03-10] (Mixgold Corporation.)
HKU\richter\...\Winlogon: [Shell] explorer.exe,C:\Users\richter\AppData\Roaming\data.dat [ 2013-07-08] () <==== ATTENTION 

========================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
S2 DvmMDES; C:\SPLASH.SYS\config\DVMExportService.exe [323584 2009-07-08] (DeviceVM, Inc.)
S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [250616 2009-06-05] (WildTangent, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe [221266 2009-10-11] (IDT, Inc.)
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{cd60f81a-557b-884a-4b1b-20daa12ce831}\   \...\???\{cd60f81a-557b-884a-4b1b-20daa12ce831}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
S1 DVMIO; C:\SPLASH.SYS\config\dvmio.sys [17624 2009-09-29] (DeviceVM, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 15:27 - 2013-10-06 15:27 - 00000000 ____D C:\FRST
2013-10-04 08:47 - 2013-10-06 04:57 - 00000336 _____ C:\Windows\setupact.log
2013-10-04 08:47 - 2013-10-04 08:47 - 00000000 _____ C:\Windows\setuperr.log
2013-10-04 08:45 - 2013-10-04 09:13 - 00000004 _____ C:\Users\richter\AppData\Roaming\settings.ini
2013-10-03 23:26 - 2013-10-04 08:23 - 00016543 _____ C:\Windows\WindowsUpdate.log
2013-09-26 05:35 - 2013-09-26 05:35 - 00000000 ____D C:\Program Files\Google
2013-09-26 05:33 - 2013-09-26 05:33 - 00000000 ____D C:\Users\richter\AppData\Local\Google
2013-09-14 06:02 - 2013-08-09 19:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-14 06:02 - 2013-08-09 19:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-14 06:02 - 2013-08-09 19:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-14 06:02 - 2013-08-09 19:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-14 06:02 - 2013-08-09 19:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-14 06:02 - 2013-08-09 19:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-14 06:02 - 2013-08-09 19:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-14 06:02 - 2013-08-09 19:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-14 06:02 - 2013-08-09 19:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-14 06:02 - 2013-08-09 19:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-14 06:02 - 2013-08-09 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-14 06:02 - 2013-08-09 19:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-14 06:02 - 2013-08-09 19:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-14 06:02 - 2013-08-09 19:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-14 06:02 - 2013-08-09 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-14 06:01 - 2013-08-09 19:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-14 05:51 - 2013-08-04 17:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-09-14 05:51 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-14 05:51 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-14 05:50 - 2013-08-07 17:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-14 05:50 - 2013-08-01 17:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-14 05:50 - 2013-08-01 17:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-14 05:50 - 2013-08-01 17:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 16:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-14 05:50 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-14 05:50 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-07 09:48 - 2013-09-07 09:48 - 95025368 ____T C:\ProgramData\4edldlf.pff
2013-09-07 09:47 - 2013-09-07 09:47 - 00222166 _____ (Microsoft Corporation) C:\ProgramData\fldlde4.plz
2013-09-07 09:47 - 2013-09-07 09:47 - 00000000 ____D C:\Windows\Sun

==================== One Month Modified Files and Folders =======

2013-10-06 15:27 - 2013-10-06 15:27 - 00000000 ____D C:\FRST
2013-10-06 04:57 - 2013-10-04 08:47 - 00000336 _____ C:\Windows\setupact.log
2013-10-04 09:13 - 2013-10-04 08:45 - 00000004 _____ C:\Users\richter\AppData\Roaming\settings.ini
2013-10-04 08:47 - 2013-10-04 08:47 - 00000000 _____ C:\Windows\setuperr.log
2013-10-04 08:24 - 2010-01-12 09:14 - 00000177 ____H C:\dvmexp.idx
2013-10-04 08:23 - 2013-10-03 23:26 - 00016543 _____ C:\Windows\WindowsUpdate.log
2013-10-04 08:23 - 2009-07-13 20:34 - 00014128 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 08:23 - 2009-07-13 20:34 - 00014128 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 08:17 - 2010-04-04 10:39 - 00000000 ____D C:\Users\richter\AppData\Local\CrashDumps
2013-10-03 09:01 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-26 05:35 - 2013-09-26 05:35 - 00000000 ____D C:\Program Files\Google
2013-09-26 05:33 - 2013-09-26 05:33 - 00000000 ____D C:\Users\richter\AppData\Local\Google
2013-09-22 03:21 - 2012-09-04 05:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-09-22 03:21 - 2012-09-04 05:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-09-15 04:58 - 2009-07-13 20:33 - 00424272 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-15 04:55 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-09-14 09:01 - 2009-11-20 13:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-14 05:52 - 2013-08-15 01:36 - 00000000 ____D C:\Windows\System32\MRT
2013-09-14 05:52 - 2012-09-04 13:06 - 76725432 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-14 02:31 - 2010-03-05 05:54 - 00000000 ____D C:\users\richter
2013-09-14 02:30 - 2010-03-05 06:08 - 00000000 ____D C:\Users\richter\AppData\Roaming\ZumoDrive
2013-09-14 02:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2013-09-14 02:29 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2013-09-14 02:15 - 2010-04-04 10:29 - 00000000 ____D C:\ProgramData\Recovery
2013-09-07 09:48 - 2013-09-07 09:48 - 95025368 ____T C:\ProgramData\4edldlf.pff
2013-09-07 09:47 - 2013-09-07 09:47 - 00222166 _____ (Microsoft Corporation) C:\ProgramData\fldlde4.plz
2013-09-07 09:47 - 2013-09-07 09:47 - 00000000 ____D C:\Windows\Sun

Files to move or delete:
====================
C:\Users\richter\AppData\Roaming\data.dat
C:\Users\richter\AppData\Roaming\settings.ini
ZeroAccess:
C:\Users\richter\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
C:\ProgramData\4edldlf.pff
C:\ProgramData\fldlde4.plz
C:\Users\richter\AppData\Roaming\i.ini


Some content of TEMP:
====================
C:\Users\richter\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\richter\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\richter\AppData\Local\Temp\tjnmahjnqbmnpsexspw.bfg
C:\Users\richter\AppData\Local\Temp\WindowsAPI.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

12
Restore point made on: 2013-07-26 12:50:32
Restore point made on: 2013-07-30 06:10:32
Restore point made on: 2013-08-13 04:55:58
Restore point made on: 2013-08-15 01:13:45
Restore point made on: 2013-08-15 03:52:58
Restore point made on: 2013-08-21 11:44:55
Restore point made on: 2013-08-22 11:36:59
Restore point made on: 2013-08-27 23:31:50
Restore point made on: 2013-09-14 05:52:01
Restore point made on: 2013-09-14 08:58:54
Restore point made on: 2013-09-22 02:56:09
Restore point made on: 2013-09-25 06:43:06

==================== Memory info =========================== 

Percentage of memory in use: 49%
Total physical RAM: 987.45 MB
Available physical RAM: 496.56 MB
Total Pagefile: 987.45 MB
Available Pagefile: 497.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:137.13 GB) (Free:93.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:11.62 GB) (Free:1.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: () (Removable) (Total:3.67 GB) (Free:3.67 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 13CAEF07)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=137 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-05-08 08:35

==================== End Of Log ============================

Windows 7: Interpol-Virus

Plagegeister aller Art und deren Bekämpfung: Windows 7: Interpol-Virus

Windows 7: Interpol-Virus

Ähnliche Themen: Windows 7: Interpol-Virus