Interpol Virus

dorni22 · 11.10.2013, 14:31

Hallo,

ich habe schon auf einige Seiten von dem Interpol Virus gelesen. Mein Rechner hat Windows 7 32 bit. Ich habe das Farbar Recovery Scan Tool 32 Bit durchlaufen lassen so wie bei euch beschrieben und habe folgendes bekommen. Was muss ich nun tun?

Vielen Dank schonmal für eure Hilfe!

Code:

ATTFilter

ï»¿Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by SYSTEM on MININT-FNM331K on 11-10-2013 15:11:43
Running from H:\
Windows 7 Ultimate (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKU\Amon\...\Winlogon: [Shell] explorer.exe,C:\Users\Amon\AppData\Roaming\data.dat [ 2010-11-20] () <==== ATTENTION 

========================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 Realtek11nSU; C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
S3 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [153080 2013-06-14] (Sophos Limited)
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [228208 2007-05-16] ()

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] ()
S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2013-05-09] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2013-05-09] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [181760 2013-05-09] (Huawei Technologies Co., Ltd.)
S5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2013-05-09] (Huawei Technologies Co., Ltd.)
S0 Partizan; system32\drivers\Partizan.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-11 15:11 - 2013-10-11 15:11 - 00000000 ____D C:\FRST
2013-10-11 12:31 - 2013-10-11 12:32 - 00000000 ____D C:\32788R22FWJFW
2013-10-11 12:16 - 2013-10-11 13:58 - 00000004 _____ C:\Users\Amon\AppData\Roaming\settings.ini
2013-10-11 12:13 - 2013-10-11 12:13 - 00066040 _____ C:\Users\Amon\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-11 11:42 - 2013-10-11 12:06 - 00000000 ____D C:\Users\Amon\Desktop\Neuer Ordner
2013-10-06 12:26 - 2013-10-11 12:17 - 00010461 _____ C:\Windows\WindowsUpdate.log
2013-10-06 12:24 - 2013-10-11 14:05 - 00002542 _____ C:\Windows\setupact.log
2013-10-06 12:24 - 2013-10-06 12:24 - 00292224 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-06 12:24 - 2013-10-06 12:24 - 00002256 _____ C:\Windows\PFRO.log
2013-10-06 12:24 - 2013-10-06 12:24 - 00000000 _____ C:\Windows\setuperr.log
2013-10-03 14:55 - 2013-10-03 14:55 - 00101241 _____ C:\Users\Amon\Desktop\Autos in Freiburg
2013-10-03 14:55 - 2013-10-03 14:55 - 00100480 _____ C:\Users\Amon\Desktop\Mercedes Benz in Freiburg.marke_s-mercedes_benz
2013-10-03 14:55 - 2013-10-03 14:55 - 00094972 _____ C:\Users\Amon\Desktop\Ford in Freiburg.marke_s-ford
2013-10-03 14:55 - 2013-10-03 14:55 - 00094787 _____ C:\Users\Amon\Desktop\Opel in Freiburg.marke_s-opel
2013-10-03 14:55 - 2013-10-03 14:55 - 00093813 _____ C:\Users\Amon\Desktop\Renault in Freiburg.marke_s-renault
2013-10-03 14:55 - 2013-10-03 14:55 - 00093610 _____ C:\Users\Amon\Desktop\Audi in Freiburg.marke_s-audi
2013-10-03 14:55 - 2013-10-03 14:55 - 00092596 _____ C:\Users\Amon\Desktop\Fiat in Freiburg.marke_s-fiat
2013-10-03 14:55 - 2013-10-03 14:55 - 00092189 _____ C:\Users\Amon\Desktop\Peugeot in Freiburg.marke_s-peugeot
2013-10-03 14:55 - 2013-10-03 14:55 - 00091572 _____ C:\Users\Amon\Desktop\BMW in Freiburg.marke_s-bmw
2013-10-03 14:55 - 2013-10-03 14:55 - 00091156 _____ C:\Users\Amon\Desktop\Anzeigen Ãœbersicht.html
2013-10-03 14:55 - 2013-10-03 14:55 - 00083534 _____ C:\Users\Amon\Desktop\temp(1).data
2013-10-03 14:55 - 2013-10-03 14:55 - 00082427 _____ C:\Users\Amon\Desktop\Weitere Autos in Freiburg.marke_s-sonstige_autos
2013-10-03 14:55 - 2013-10-03 14:55 - 00081261 _____ C:\Users\Amon\Desktop\Beliebte Suchen fÃ¼r Autos.html
2013-10-03 14:55 - 2013-10-03 14:55 - 00081236 _____ C:\Users\Amon\Desktop\Autoteile & Reifen in Freiburg
2013-10-03 14:55 - 2013-10-03 14:55 - 00076055 _____ C:\Users\Amon\Desktop\Toyota in Freiburg.marke_s-toyota
2013-10-03 14:55 - 2013-10-03 14:55 - 00075751 _____ C:\Users\Amon\Desktop\Mitsubishi in Freiburg.marke_s-mitsubishi
2013-10-03 14:55 - 2013-10-03 14:55 - 00075255 _____ C:\Users\Amon\Desktop\Smart in Freiburg.marke_s-smart
2013-10-03 14:55 - 2013-10-03 14:55 - 00074930 _____ C:\Users\Amon\Desktop\Chrysler in Freiburg.marke_s-chrysler
2013-10-03 14:55 - 2013-10-03 14:55 - 00074751 _____ C:\Users\Amon\Desktop\Chevrolet in Freiburg.marke_s-chevrolet
2013-10-03 14:55 - 2013-10-03 14:55 - 00074496 _____ C:\Users\Amon\Desktop\Saab in Freiburg.marke_s-saab
2013-10-03 14:55 - 2013-10-03 14:55 - 00074202 _____ C:\Users\Amon\Desktop\Jaguar in Freiburg.marke_s-jaguar
2013-10-03 14:55 - 2013-10-03 14:55 - 00073905 _____ C:\Users\Amon\Desktop\Subaru in Freiburg.marke_s-subaru
2013-10-03 14:55 - 2013-10-03 14:55 - 00073033 _____ C:\Users\Amon\Desktop\temp(5).data
2013-10-03 14:55 - 2013-10-03 14:55 - 00072980 _____ C:\Users\Amon\Desktop\Daewoo in Freiburg.marke_s-daewoo
2013-10-03 14:55 - 2013-10-03 14:55 - 00072593 _____ C:\Users\Amon\Desktop\Mazda in Freiburg.marke_s-mazda
2013-10-03 14:55 - 2013-10-03 14:55 - 00072313 _____ C:\Users\Amon\Desktop\Alfa Romeo in Freiburg.marke_s-alfa_romeo
2013-10-03 14:55 - 2013-10-03 14:55 - 00072278 _____ C:\Users\Amon\Desktop\temp(4).data
2013-10-03 14:55 - 2013-10-03 14:55 - 00072008 _____ C:\Users\Amon\Desktop\Honda in Freiburg.marke_s-honda
2013-10-03 14:55 - 2013-10-03 14:55 - 00071947 _____ C:\Users\Amon\Desktop\Porsche in Freiburg.marke_s-porsche
2013-10-03 14:55 - 2013-10-03 14:55 - 00071676 _____ C:\Users\Amon\Desktop\Suzuki in Freiburg.marke_s-suzuki
2013-10-03 14:55 - 2013-10-03 14:55 - 00070702 _____ C:\Users\Amon\Desktop\Rover in Freiburg.marke_s-rover
2013-10-03 14:55 - 2013-10-03 14:55 - 00070520 _____ C:\Users\Amon\Desktop\Volvo in Freiburg.marke_s-volvo
2013-10-03 14:55 - 2013-10-03 14:55 - 00070510 _____ C:\Users\Amon\Desktop\Daihatsu in Freiburg.marke_s-daihatsu
2013-10-03 14:55 - 2013-10-03 14:55 - 00070421 _____ C:\Users\Amon\Desktop\Jeep in Freiburg.marke_s-jeep
2013-10-03 14:55 - 2013-10-03 14:55 - 00070114 _____ C:\Users\Amon\Desktop\Dacia in Freiburg.marke_s-dacia
2013-10-03 14:55 - 2013-10-03 14:55 - 00070078 _____ C:\Users\Amon\Desktop\Seat in Freiburg.marke_s-seat
2013-10-03 14:55 - 2013-10-03 14:55 - 00069924 _____ C:\Users\Amon\Desktop\Kia in Freiburg.marke_s-kia
2013-10-03 14:55 - 2013-10-03 14:55 - 00068551 _____ C:\Users\Amon\Desktop\Skoda in Freiburg.marke_s-skoda
2013-10-03 14:55 - 2013-10-03 14:55 - 00067759 _____ C:\Users\Amon\Desktop\Nissan in Freiburg.marke_s-nissan
2013-10-03 14:55 - 2013-10-03 14:55 - 00064694 _____ C:\Users\Amon\Desktop\Hyundai in Freiburg.marke_s-hyundai
2013-10-03 14:55 - 2013-10-03 14:55 - 00064518 _____ C:\Users\Amon\Desktop\temp(2).data
2013-10-03 14:55 - 2013-10-03 14:55 - 00064120 _____ C:\Users\Amon\Desktop\Lancia in Freiburg.marke_s-lancia
2013-10-03 14:55 - 2013-10-03 14:55 - 00063577 _____ C:\Users\Amon\Desktop\Mini in Freiburg.marke_s-mini
2013-10-03 14:55 - 2013-10-03 14:55 - 00062610 _____ C:\Users\Amon\Desktop\temp(3).data
2013-10-03 14:55 - 2013-10-03 14:55 - 00062069 _____ C:\Users\Amon\Desktop\Lada in Freiburg.marke_s-lada
2013-10-03 14:55 - 2013-10-03 14:55 - 00061850 _____ C:\Users\Amon\Desktop\Trabant in Freiburg.marke_s-trabant
2013-10-03 14:55 - 2013-10-03 14:55 - 00050876 _____ C:\Users\Amon\Desktop\Boote & BootszubehÃ¶r in Freiburg.mxdl
2013-10-03 14:55 - 2013-10-03 14:55 - 00041068 _____ C:\Users\Amon\Desktop\Hilfe.html
2013-10-03 14:55 - 2013-10-03 14:55 - 00036986 _____ C:\Users\Amon\Desktop\DatenschutzerklÃ¤rung(1).html
2013-10-03 14:55 - 2013-10-03 14:55 - 00036081 _____ C:\Users\Amon\Desktop\Beliebte Angebote.html
2013-10-03 14:55 - 2013-10-03 14:55 - 00034974 _____ C:\Users\Amon\Desktop\Nutzungsbedingungen(1).html
2013-10-03 14:55 - 2013-10-03 14:55 - 00025823 _____ C:\Users\Amon\Desktop\Kontakt.html
2013-10-03 14:55 - 2013-10-03 14:55 - 00020026 _____ C:\Users\Amon\Desktop\Jobs.html
2013-10-03 14:55 - 2013-10-03 14:55 - 00019088 _____ C:\Users\Amon\Desktop\Impressum.html
2013-10-03 14:55 - 2013-10-03 14:55 - 00018755 _____ C:\Users\Amon\Desktop\Motorroller & Teile in Freiburg.mxdl
2013-10-03 14:55 - 2013-10-03 14:55 - 00005921 _____ C:\Users\Amon\Desktop\MotorrÃ¤der & Teile in Freiburg.mxdl
2013-10-03 14:55 - 2013-10-03 14:55 - 00000000 _____ C:\Users\Amon\Desktop\Nutzfahrzeuge & AnhÃ¤nger in Freiburg.mxdl
2013-10-03 14:55 - 2013-10-03 14:55 - 00000000 _____ C:\Users\Amon\Desktop\FahrrÃ¤der in Freiburg.mxdl
2013-10-03 14:54 - 2013-10-03 14:55 - 00098969 _____ C:\Users\Amon\Desktop\Benzin.fuel_s-benzin
2013-10-03 14:54 - 2013-10-03 14:54 - 00041294 _____ C:\Users\Amon\Desktop\Tipps fÃ¼r Ihre Sicherheit(1).html
2013-09-30 19:55 - 2013-09-30 20:51 - 00000000 ____D C:\Program Files\WinRAR
2013-09-30 19:55 - 2013-09-30 19:55 - 00000000 ____D C:\Users\Amon\AppData\Roaming\WinRAR
2013-09-18 18:54 - 2013-09-18 18:54 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-09-18 18:51 - 2013-09-18 19:01 - 00000000 ____D C:\ProgramData\Freemake
2013-09-18 18:50 - 2013-09-18 18:51 - 00000000 ____D C:\Program Files\Freemake

==================== One Month Modified Files and Folders =======

2013-10-11 15:11 - 2013-10-11 15:11 - 00000000 ____D C:\FRST
2013-10-11 14:51 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-10-11 14:05 - 2013-10-06 12:24 - 00002542 _____ C:\Windows\setupact.log
2013-10-11 14:05 - 2013-08-24 17:46 - 00000000 ____D C:\Users\Amon\AppData\Roaming\Wise Care 365
2013-10-11 14:05 - 2013-05-09 13:23 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-11 13:58 - 2013-10-11 12:16 - 00000004 _____ C:\Users\Amon\AppData\Roaming\settings.ini
2013-10-11 13:10 - 2009-07-14 05:34 - 00021504 _____ C:\Windows\System32\umstartup.etl
2013-10-11 12:33 - 2013-10-06 12:26 - 00010461 _____ C:\Windows\WindowsUpdate.log
2013-10-11 12:32 - 2013-10-11 12:31 - 00000000 ____D C:\32788R22FWJFW
2013-10-11 12:13 - 2013-10-11 12:13 - 00066040 _____ C:\Users\Amon\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-11 12:06 - 2013-10-11 11:42 - 00000000 ____D C:\Users\Amon\Desktop\Neuer Ordner
2013-10-11 10:36 - 2013-05-08 23:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-10-11 10:36 - 2013-05-08 23:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-10-11 10:36 - 2009-07-14 05:34 - 00017136 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-11 10:36 - 2009-07-14 05:34 - 00017136 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-06 12:24 - 2013-10-06 12:24 - 00292224 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-06 12:24 - 2013-10-06 12:24 - 00002256 _____ C:\Windows\PFRO.log
2013-10-06 12:24 - 2013-10-06 12:24 - 00000000 _____ C:\Windows\setuperr.log
2013-10-04 11:33 - 2013-05-09 00:53 - 00000000 ____D C:\Users\Amon\AppData\Roaming\vlc
2013-10-03 14:55 - 2013-10-03 14:55 - 00101241 _____ C:\Users\Amon\Desktop\Autos in Freiburg
2013-10-03 14:55 - 2013-10-03 14:55 - 00100480 _____ C:\Users\Amon\Desktop\Mercedes Benz in Freiburg.marke_s-mercedes_benz
2013-10-03 14:55 - 2013-10-03 14:55 - 00094972 _____ C:\Users\Amon\Desktop\Ford in Freiburg.marke_s-ford
2013-10-03 14:55 - 2013-10-03 14:55 - 00094787 _____ C:\Users\Amon\Desktop\Opel in Freiburg.marke_s-opel
2013-10-03 14:55 - 2013-10-03 14:55 - 00093813 _____ C:\Users\Amon\Desktop\Renault in Freiburg.marke_s-renault
2013-10-03 14:55 - 2013-10-03 14:55 - 00093610 _____ C:\Users\Amon\Desktop\Audi in Freiburg.marke_s-audi
2013-10-03 14:55 - 2013-10-03 14:55 - 00092596 _____ C:\Users\Amon\Desktop\Fiat in Freiburg.marke_s-fiat
2013-10-03 14:55 - 2013-10-03 14:55 - 00092189 _____ C:\Users\Amon\Desktop\Peugeot in Freiburg.marke_s-peugeot
2013-10-03 14:55 - 2013-10-03 14:55 - 00091572 _____ C:\Users\Amon\Desktop\BMW in Freiburg.marke_s-bmw
2013-10-03 14:55 - 2013-10-03 14:55 - 00091156 _____ C:\Users\Amon\Desktop\Anzeigen Ãœbersicht.html
2013-10-03 14:55 - 2013-10-03 14:55 - 00083534 _____ C:\Users\Amon\Desktop\temp(1).data
2013-10-03 14:55 - 2013-10-03 14:55 - 00082427 _____ C:\Users\Amon\Desktop\Weitere Autos in Freiburg.marke_s-sonstige_autos
2013-10-03 14:55 - 2013-10-03 14:55 - 00081261 _____ C:\Users\Amon\Desktop\Beliebte Suchen fÃ¼r Autos.html
2013-10-03 14:55 - 2013-10-03 14:55 - 00081236 _____ C:\Users\Amon\Desktop\Autoteile & Reifen in Freiburg
2013-10-03 14:55 - 2013-10-03 14:55 - 00076055 _____ C:\Users\Amon\Desktop\Toyota in Freiburg.marke_s-toyota
2013-10-03 14:55 - 2013-10-03 14:55 - 00075751 _____ C:\Users\Amon\Desktop\Mitsubishi in Freiburg.marke_s-mitsubishi
2013-10-03 14:55 - 2013-10-03 14:55 - 00075255 _____ C:\Users\Amon\Desktop\Smart in Freiburg.marke_s-smart
2013-10-03 14:55 - 2013-10-03 14:55 - 00074930 _____ C:\Users\Amon\Desktop\Chrysler in Freiburg.marke_s-chrysler
2013-10-03 14:55 - 2013-10-03 14:55 - 00074751 _____ C:\Users\Amon\Desktop\Chevrolet in Freiburg.marke_s-chevrolet
2013-10-03 14:55 - 2013-10-03 14:55 - 00074496 _____ C:\Users\Amon\Desktop\Saab in Freiburg.marke_s-saab
2013-10-03 14:55 - 2013-10-03 14:55 - 00074202 _____ C:\Users\Amon\Desktop\Jaguar in Freiburg.marke_s-jaguar
2013-10-03 14:55 - 2013-10-03 14:55 - 00073905 _____ C:\Users\Amon\Desktop\Subaru in Freiburg.marke_s-subaru
2013-10-03 14:55 - 2013-10-03 14:55 - 00073033 _____ C:\Users\Amon\Desktop\temp(5).data
2013-10-03 14:55 - 2013-10-03 14:55 - 00072980 _____ C:\Users\Amon\Desktop\Daewoo in Freiburg.marke_s-daewoo
2013-10-03 14:55 - 2013-10-03 14:55 - 00072593 _____ C:\Users\Amon\Desktop\Mazda in Freiburg.marke_s-mazda
2013-10-03 14:55 - 2013-10-03 14:55 - 00072313 _____ C:\Users\Amon\Desktop\Alfa Romeo in Freiburg.marke_s-alfa_romeo
2013-10-03 14:55 - 2013-10-03 14:55 - 00072278 _____ C:\Users\Amon\Desktop\temp(4).data
2013-10-03 14:55 - 2013-10-03 14:55 - 00072008 _____ C:\Users\Amon\Desktop\Honda in Freiburg.marke_s-honda
2013-10-03 14:55 - 2013-10-03 14:55 - 00071947 _____ C:\Users\Amon\Desktop\Porsche in Freiburg.marke_s-porsche
2013-10-03 14:55 - 2013-10-03 14:55 - 00071676 _____ C:\Users\Amon\Desktop\Suzuki in Freiburg.marke_s-suzuki
2013-10-03 14:55 - 2013-10-03 14:55 - 00070702 _____ C:\Users\Amon\Desktop\Rover in Freiburg.marke_s-rover
2013-10-03 14:55 - 2013-10-03 14:55 - 00070520 _____ C:\Users\Amon\Desktop\Volvo in Freiburg.marke_s-volvo
2013-10-03 14:55 - 2013-10-03 14:55 - 00070510 _____ C:\Users\Amon\Desktop\Daihatsu in Freiburg.marke_s-daihatsu
2013-10-03 14:55 - 2013-10-03 14:55 - 00070421 _____ C:\Users\Amon\Desktop\Jeep in Freiburg.marke_s-jeep
2013-10-03 14:55 - 2013-10-03 14:55 - 00070114 _____ C:\Users\Amon\Desktop\Dacia in Freiburg.marke_s-dacia
2013-10-03 14:55 - 2013-10-03 14:55 - 00070078 _____ C:\Users\Amon\Desktop\Seat in Freiburg.marke_s-seat
2013-10-03 14:55 - 2013-10-03 14:55 - 00069924 _____ C:\Users\Amon\Desktop\Kia in Freiburg.marke_s-kia
2013-10-03 14:55 - 2013-10-03 14:55 - 00068551 _____ C:\Users\Amon\Desktop\Skoda in Freiburg.marke_s-skoda
2013-10-03 14:55 - 2013-10-03 14:55 - 00067759 _____ C:\Users\Amon\Desktop\Nissan in Freiburg.marke_s-nissan
2013-10-03 14:55 - 2013-10-03 14:55 - 00064694 _____ C:\Users\Amon\Desktop\Hyundai in Freiburg.marke_s-hyundai
2013-10-03 14:55 - 2013-10-03 14:55 - 00064518 _____ C:\Users\Amon\Desktop\temp(2).data
2013-10-03 14:55 - 2013-10-03 14:55 - 00064120 _____ C:\Users\Amon\Desktop\Lancia in Freiburg.marke_s-lancia
2013-10-03 14:55 - 2013-10-03 14:55 - 00063577 _____ C:\Users\Amon\Desktop\Mini in Freiburg.marke_s-mini
2013-10-03 14:55 - 2013-10-03 14:55 - 00062610 _____ C:\Users\Amon\Desktop\temp(3).data
2013-10-03 14:55 - 2013-10-03 14:55 - 00062069 _____ C:\Users\Amon\Desktop\Lada in Freiburg.marke_s-lada
2013-10-03 14:55 - 2013-10-03 14:55 - 00061850 _____ C:\Users\Amon\Desktop\Trabant in Freiburg.marke_s-trabant
2013-10-03 14:55 - 2013-10-03 14:55 - 00050876 _____ C:\Users\Amon\Desktop\Boote & BootszubehÃ¶r in Freiburg.mxdl
2013-10-03 14:55 - 2013-10-03 14:55 - 00041068 _____ C:\Users\Amon\Desktop\Hilfe.html
2013-10-03 14:55 - 2013-10-03 14:55 - 00036986 _____ C:\Users\Amon\Desktop\DatenschutzerklÃ¤rung(1).html
2013-10-03 14:55 - 2013-10-03 14:55 - 00036081 _____ C:\Users\Amon\Desktop\Beliebte Angebote.html
2013-10-03 14:55 - 2013-10-03 14:55 - 00034974 _____ C:\Users\Amon\Desktop\Nutzungsbedingungen(1).html
2013-10-03 14:55 - 2013-10-03 14:55 - 00025823 _____ C:\Users\Amon\Desktop\Kontakt.html
2013-10-03 14:55 - 2013-10-03 14:55 - 00020026 _____ C:\Users\Amon\Desktop\Jobs.html
2013-10-03 14:55 - 2013-10-03 14:55 - 00019088 _____ C:\Users\Amon\Desktop\Impressum.html
2013-10-03 14:55 - 2013-10-03 14:55 - 00018755 _____ C:\Users\Amon\Desktop\Motorroller & Teile in Freiburg.mxdl
2013-10-03 14:55 - 2013-10-03 14:55 - 00005921 _____ C:\Users\Amon\Desktop\MotorrÃ¤der & Teile in Freiburg.mxdl
2013-10-03 14:55 - 2013-10-03 14:55 - 00000000 _____ C:\Users\Amon\Desktop\Nutzfahrzeuge & AnhÃ¤nger in Freiburg.mxdl
2013-10-03 14:55 - 2013-10-03 14:55 - 00000000 _____ C:\Users\Amon\Desktop\FahrrÃ¤der in Freiburg.mxdl
2013-10-03 14:55 - 2013-10-03 14:54 - 00098969 _____ C:\Users\Amon\Desktop\Benzin.fuel_s-benzin
2013-10-03 14:54 - 2013-10-03 14:54 - 00041294 _____ C:\Users\Amon\Desktop\Tipps fÃ¼r Ihre Sicherheit(1).html
2013-10-02 15:42 - 2013-05-08 17:34 - 01498506 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-02 15:16 - 2013-08-19 15:48 - 00000000 ____D C:\ProgramData\Sophos
2013-10-02 15:10 - 2009-07-14 03:03 - 34865152 _____ C:\Windows\System32\config\SOFTWARE.bak
2013-10-02 15:10 - 2009-07-14 03:03 - 00262144 _____ C:\Windows\System32\config\DEFAULT.bak
2013-10-02 15:10 - 2009-07-14 03:03 - 00061440 _____ C:\Windows\System32\config\SAM.bak
2013-10-02 15:10 - 2009-07-14 03:03 - 00028672 _____ C:\Windows\System32\config\SECURITY.bak
2013-10-02 14:02 - 2013-08-24 18:06 - 00000000 ____D C:\Users\Amon\AppData\Roaming\Wise Disk Cleaner
2013-10-02 14:01 - 2013-05-08 19:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-30 20:51 - 2013-09-30 19:55 - 00000000 ____D C:\Program Files\WinRAR
2013-09-30 19:55 - 2013-09-30 19:55 - 00000000 ____D C:\Users\Amon\AppData\Roaming\WinRAR
2013-09-21 17:36 - 2013-05-08 17:36 - 00007168 ____H C:\Users\Amon\Desktop\photothumb.db
2013-09-19 17:29 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-18 19:05 - 2013-05-08 17:38 - 00000000 ___RD C:\Users\Amon\Programme
2013-09-18 19:01 - 2013-09-18 18:51 - 00000000 ____D C:\ProgramData\Freemake
2013-09-18 18:57 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-09-18 18:54 - 2013-09-18 18:54 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-09-18 18:51 - 2013-09-18 18:50 - 00000000 ____D C:\Program Files\Freemake

Files to move or delete:
====================
C:\Users\Amon\AppData\Roaming\data.dat
C:\Users\Amon\AppData\Roaming\settings.ini
C:\Users\Amon\AppData\Roaming\i.ini


Some content of TEMP:
====================
C:\Users\Amon\AppData\Local\Temp\ncnsgyrhxkhkjkcswswevykbylsnvk.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

5
Restore point made on: 2013-09-17 20:11:38
Restore point made on: 2013-09-18 18:53:19
Restore point made on: 2013-09-29 10:48:52
Restore point made on: 2013-10-02 15:39:25
Restore point made on: 2013-10-11 11:26:45

==================== Memory info =========================== 

Percentage of memory in use: 20%
Total physical RAM: 2046.16 MB
Available physical RAM: 1633.6 MB
Total Pagefile: 2046.16 MB
Available Pagefile: 1581.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.8 MB

==================== Drives ================================

Drive c: (Betriebssystem 80GB) (Fixed) (Total:78.03 GB) (Free:57.48 GB) NTFS
Drive e: (Exelstor 160GB) (Fixed) (Total:154.76 GB) (Free:65.75 GB) NTFS
Drive h: () (Removable) (Total:14.92 GB) (Free:14.92 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 58ABBA50)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=155 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2013-10-11 11:19

==================== End Of Log ============================

aharonov · 11.10.2013, 15:10

Hi,

startet der Rechner nach diesem Fix wieder normal?

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Amon\...\Winlogon: [Shell] explorer.exe,C:\Users\Amon\AppData\Roaming\data.dat [ 2010-11-20] () <==== ATTENTION 
C:\Users\Amon\AppData\Roaming\data.dat
C:\Users\Amon\AppData\Roaming\settings.ini
C:\Users\Amon\AppData\Roaming\i.ini
C:\Users\Amon\AppData\Local\Temp\ncnsgyrhxkhkjkcswswevykbylsnvk.exe

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Kleine Frage nebenbei. Hast du selbst diese Sachen (wie z.B. C:\Users\Amon\Desktop\Chrysler in Freiburg.marke_s-chrysler) auf den Desktop gelegt oder kennst du die nicht?

dorni22 · 11.10.2013, 16:45

Vielen Dank,

der Rechner läuft wieder! :-)
Ich hab die Systemwiederherstellung benutzt, die da aufgekommen ist... auf normalen Weg kam ich da ja net dran, aber mit dem Pfad von dir, bin ich da hingekommen und habs einfach mal zusätzlich probiert. Hoffe das reicht, dass da keine versteckten Dateien sind.
Diese Datei die du meintest war nicht von mir...
Na hoffentlich fang ich mir den Virus nicht wieder ein!

Schöne Grüße

aharonov · 22.10.2013, 21:04

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

22.10.2013, 21:04	#4
aharonov /// TB-Ausbilder	Interpol Virus Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen. __________________ cheers, Leo

Interpol Virus

Log-Analyse und Auswertung: Interpol Virus

Interpol Virus

Interpol Virus

Interpol Virus

Interpol Virus

Ähnliche Themen: Interpol Virus