Windows 7: Interpol Virus/Trojaner, Rechner gesperrt

Eric67 · 27.12.2013, 18:35

Hallo liebe Helfer,
das Notebook meiner Nichte ist offensichtlich befallen und sperrt sich nach dem Booten. Angezeigt wird lediglich eine weiße Seite, auf der zig mal wiederholt "Interpol" steht. Ich bin hier im Forum auf ähnliche Beiträge gestoßen und habe einen Scan mit FRST64 durchgeführt. Leider schaffe ich es nicht, den Log in CODE-Tag form zu wandeln, sorry. Im Editor finde ich kein klickbares #.
Vielen Dank schon mal für eure Unterstützung!
Gruß eric67

Hier der Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013
Ran by SYSTEM on MININT-JL6DQC2 on 27-12-2013 15:56:04
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] - "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\WButton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2010-10-28] (CyberLink)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\real\realplayer\Update\realsched.exe [296056 2012-06-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-30] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Alice\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-05-08] (Google Inc.)
HKU\Alice\...\Run: [EPSON BX305 Series] - C:\Windows\Temp\E_SDE9C.tmp [140 2012-02-27] ()
HKU\Alice\...\Run: [EPSON Stylus S20 Series] - C:\Windows\Temp\E_S6FA4.tmp [120 2013-10-13] ()
HKU\Alice\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Alice\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\Alice\...\RunOnce: [ip5c2s] - C:\ProgramData\eqh\tqka.exe [351232 2013-12-06] (ControlDev Software)
HKU\Alice\...\RunOnce: [bjbrbe] - C:\ProgramData\bdtrt\rujdqxd.exe [332288 2013-12-08] (ViewDev Software)
HKU\Alice\...\Winlogon: [Shell] C:\ProgramData\jyyhit\fwmnh.exe,explorer.exe <==== ATTENTION
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\Info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\Info\HKCU.vbs [126 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs

==================== Services (Whitelisted) =================

S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
S3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
S2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [913888 2009-09-24] (DiBcom SA)
S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1888864 2010-02-04] (NXP Semiconductors Germany GmbH)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 TrdCap64; C:\Windows\System32\DRIVERS\TrdCap64.sys [1887528 2010-06-09] (Trident Microsystems, Inc.)
S3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-27 04:44 - 2013-12-27 04:56 - 00000000 ____D C:\Users\Alice\Desktop\mbar
2013-12-27 04:44 - 2013-12-27 04:44 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2013-12-27 04:44 - 2013-12-27 04:44 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2013-12-27 04:44 - 2013-12-27 04:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-27 04:43 - 2013-12-27 04:20 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Alice\Desktop\mbar-1.07.0.1008.exe
2013-12-27 03:53 - 2013-12-27 03:53 - 00003288 ____N C:\bootsqm.dat
2013-12-27 03:01 - 2013-12-27 03:01 - 00000000 ____D C:\FRST
2013-12-08 09:50 - 2013-12-08 09:50 - 00000000 ____D C:\ProgramData\qbxfp
2013-12-08 09:48 - 2013-12-27 05:00 - 00000000 ____D C:\ProgramData\wbnj
2013-12-08 09:48 - 2013-12-08 09:48 - 00000000 ____D C:\ProgramData\opy
2013-12-08 09:48 - 2013-12-08 09:48 - 00000000 ____D C:\ProgramData\bdtrt
2013-12-06 10:32 - 2013-12-27 05:00 - 00000000 ____D C:\ProgramData\nckt
2013-12-06 10:32 - 2013-12-09 04:18 - 00000000 ____D C:\ProgramData\iry
2013-12-06 10:32 - 2013-12-06 11:15 - 13969675 _____ C:\Users\Alice\Documents\Kalender.pptx
2013-12-06 10:32 - 2013-12-06 10:32 - 00000000 ____D C:\ProgramData\jyyhit
2013-12-06 10:32 - 2013-12-06 10:32 - 00000000 ____D C:\ProgramData\hijnb
2013-12-06 10:32 - 2013-12-06 10:32 - 00000000 ____D C:\ProgramData\eqh
2013-12-06 10:26 - 2013-12-27 05:00 - 00000000 ____D C:\ProgramData\lbbntbt
2013-12-06 07:25 - 2013-12-27 04:59 - 00003370 _____ C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2013-11-30 08:44 - 2013-11-30 12:18 - 08982528 _____ C:\Users\Alice\Documents\Indonesien 2003.ppt
2013-11-29 07:09 - 2013-12-08 09:55 - 00031647 _____ C:\Windows\IE11_main.log

==================== One Month Modified Files and Folders =======

2013-12-27 11:33 - 2011-05-08 10:40 - 00000000 ____D C:\users\Alice
2013-12-27 11:33 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-27 05:00 - 2013-12-08 09:48 - 00000000 ____D C:\ProgramData\wbnj
2013-12-27 05:00 - 2013-12-06 10:32 - 00000000 ____D C:\ProgramData\nckt
2013-12-27 05:00 - 2013-12-06 10:26 - 00000000 ____D C:\ProgramData\lbbntbt
2013-12-27 04:59 - 2013-12-06 07:25 - 00003370 _____ C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2013-12-27 04:59 - 2012-03-11 05:15 - 00053703 _____ C:\Windows\setupact.log
2013-12-27 04:59 - 2011-05-08 10:38 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-27 04:59 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-27 04:57 - 2010-07-07 08:17 - 00025000 _____ C:\Windows\PFRO.log
2013-12-27 04:56 - 2013-12-27 04:44 - 00000000 ____D C:\Users\Alice\Desktop\mbar
2013-12-27 04:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-12-27 04:55 - 2010-05-12 00:18 - 00654150 _____ C:\Windows\System32\perfh007.dat
2013-12-27 04:55 - 2010-05-12 00:18 - 00130022 _____ C:\Windows\System32\perfc007.dat
2013-12-27 04:55 - 2009-07-13 21:13 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-27 04:44 - 2013-12-27 04:44 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2013-12-27 04:44 - 2013-12-27 04:44 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2013-12-27 04:44 - 2013-12-27 04:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-27 04:34 - 2012-03-11 09:50 - 02014907 _____ C:\Windows\WindowsUpdate.log
2013-12-27 04:32 - 2011-05-08 10:38 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-27 04:20 - 2013-12-27 04:43 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Alice\Desktop\mbar-1.07.0.1008.exe
2013-12-27 04:20 - 2009-07-13 20:45 - 00009888 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-27 04:20 - 2009-07-13 20:45 - 00009888 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-27 03:53 - 2013-12-27 03:53 - 00003288 ____N C:\bootsqm.dat
2013-12-27 03:01 - 2013-12-27 03:01 - 00000000 ____D C:\FRST
2013-12-09 04:18 - 2013-12-06 10:32 - 00000000 ____D C:\ProgramData\iry
2013-12-08 09:55 - 2013-11-29 07:09 - 00031647 _____ C:\Windows\IE11_main.log
2013-12-08 09:50 - 2013-12-08 09:50 - 00000000 ____D C:\ProgramData\qbxfp
2013-12-08 09:48 - 2013-12-08 09:48 - 00000000 ____D C:\ProgramData\opy
2013-12-08 09:48 - 2013-12-08 09:48 - 00000000 ____D C:\ProgramData\bdtrt
2013-12-06 11:15 - 2013-12-06 10:32 - 13969675 _____ C:\Users\Alice\Documents\Kalender.pptx
2013-12-06 10:35 - 2012-04-15 01:50 - 00000000 ____D C:\Users\Alice\Documents\Youcam
2013-12-06 10:32 - 2013-12-06 10:32 - 00000000 ____D C:\ProgramData\jyyhit
2013-12-06 10:32 - 2013-12-06 10:32 - 00000000 ____D C:\ProgramData\hijnb
2013-12-06 10:32 - 2013-12-06 10:32 - 00000000 ____D C:\ProgramData\eqh
2013-12-06 10:13 - 2012-04-18 04:06 - 00000000 ____D C:\Users\Alice\AppData\Local\Windows Live
2013-12-02 09:26 - 2011-05-08 10:38 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-02 09:26 - 2011-05-08 10:38 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-30 12:18 - 2013-11-30 08:44 - 08982528 _____ C:\Users\Alice\Documents\Indonesien 2003.ppt
2013-11-30 10:14 - 2013-11-22 10:50 - 00011100 _____ C:\Users\Alice\Documents\Ethnische Gruppen Indonesien.xlsx

ZeroAccess:
C:\Users\Alice\AppData\Local\f964ebbc
C:\Users\Alice\AppData\Local\f964ebbc\@

Some content of TEMP:
====================
C:\Users\Alice\AppData\Local\Temp\AskSLib.dll
C:\Users\Alice\AppData\Local\Temp\COMAP.EXE
C:\Users\Alice\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Alice\AppData\Local\Temp\FlashLock_v2.30.exe
C:\Users\Alice\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Alice\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Alice\AppData\Local\Temp\msimg32.dll
C:\Users\Alice\AppData\Local\Temp\ose00000.exe
C:\Users\Alice\AppData\Local\Temp\SHSetup.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-10-15 09:30:12
Restore point made on: 2013-10-23 07:56:22
Restore point made on: 2013-10-29 13:30:58
Restore point made on: 2013-11-02 03:24:03
Restore point made on: 2013-11-06 10:01:06
Restore point made on: 2013-11-11 23:30:34
Restore point made on: 2013-11-16 11:15:45
Restore point made on: 2013-11-22 08:52:37
Restore point made on: 2013-11-26 10:06:19
Restore point made on: 2013-11-29 07:09:07
Restore point made on: 2013-11-30 07:12:41
Restore point made on: 2013-12-02 09:21:51
Restore point made on: 2013-12-05 04:10:50
Restore point made on: 2013-12-06 07:22:16
Restore point made on: 2013-12-08 09:54:29
Restore point made on: 2013-12-27 01:50:17

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3893.49 MB
Available physical RAM: 3234.32 MB
Total Pagefile: 3891.64 MB
Available Pagefile: 3223.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:546.25 GB) (Free:458.64 GB) NTFS
Drive e: (Recover) (Fixed) (Total:48.83 GB) (Free:6.82 GB) NTFS
Drive g: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=546 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1023 MB) - (Type=12)

========================================================
Disk: 1 (Size: 964 MB) (Disk ID: 6E652072)
No partition Table on disk 1.

LastRegBack: 2013-12-27 04:32

==================== End Of Log ============================

schrauber · 28.12.2013, 01:39

hi,

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Alice\...\RunOnce: [ip5c2s] - C:\ProgramData\eqh\tqka.exe [351232 2013-12-06] (ControlDev Software)
HKU\Alice\...\RunOnce: [bjbrbe] - C:\ProgramData\bdtrt\rujdqxd.exe [332288 2013-12-08] (ViewDev Software)
HKU\Alice\...\Winlogon: [Shell] C:\ProgramData\jyyhit\fwmnh.exe,explorer.exe <==== ATTENTION
2013-12-08 09:50 - 2013-12-08 09:50 - 00000000 ____D C:\ProgramData\qbxfp
2013-12-08 09:48 - 2013-12-27 05:00 - 00000000 ____D C:\ProgramData\wbnj
2013-12-08 09:48 - 2013-12-08 09:48 - 00000000 ____D C:\ProgramData\opy
2013-12-08 09:48 - 2013-12-08 09:48 - 00000000 ____D C:\ProgramData\bdtrt
2013-12-06 10:32 - 2013-12-27 05:00 - 00000000 ____D C:\ProgramData\nckt
2013-12-06 10:32 - 2013-12-09 04:18 - 00000000 ____D C:\ProgramData\iry
2013-12-06 10:32 - 2013-12-06 10:32 - 00000000 ____D C:\ProgramData\jyyhit
2013-12-06 10:32 - 2013-12-06 10:32 - 00000000 ____D C:\ProgramData\hijnb
2013-12-06 10:32 - 2013-12-06 10:32 - 00000000 ____D C:\ProgramData\eqh
2013-12-06 10:26 - 2013-12-27 05:00 - 00000000 ____D C:\ProgramData\lbbntbt
ZeroAccess:
C:\Users\Alice\AppData\Local\f964ebbc
C:\Users\Alice\AppData\Local\f964ebbc\@

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Rechner normal starten.

Eric67 · 28.12.2013, 11:12

Hallo Schrauber,

hat prima funktioniert. Vielen Dank!!!
Viele Grüße,

Eric67

Hier der Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-12-2013
Ran by Alice at 2013-12-28 10:53:09 Run:2
Running from F:\
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
HKU\Alice\...\RunOnce: [ip5c2s] - C:\ProgramData\eqh\tqka.exe [351232 2013-12-06] (ControlDev Software)
HKU\Alice\...\RunOnce: [bjbrbe] - C:\ProgramData\bdtrt\rujdqxd.exe [332288 2013-12-08] (ViewDev Software)
HKU\Alice\...\Winlogon: [Shell] C:\ProgramData\jyyhit\fwmnh.exe,explorer.exe <==== ATTENTION
2013-12-08 09:50 - 2013-12-08 09:50 - 00000000 ____D C:\ProgramData\qbxfp
2013-12-08 09:48 - 2013-12-27 05:00 - 00000000 ____D C:\ProgramData\wbnj
2013-12-08 09:48 - 2013-12-08 09:48 - 00000000 ____D C:\ProgramData\opy
2013-12-08 09:48 - 2013-12-08 09:48 - 00000000 ____D C:\ProgramData\bdtrt
2013-12-06 10:32 - 2013-12-27 05:00 - 00000000 ____D C:\ProgramData\nckt
2013-12-06 10:32 - 2013-12-09 04:18 - 00000000 ____D C:\ProgramData\iry
2013-12-06 10:32 - 2013-12-06 10:32 - 00000000 ____D C:\ProgramData\jyyhit
2013-12-06 10:32 - 2013-12-06 10:32 - 00000000 ____D C:\ProgramData\hijnb
2013-12-06 10:32 - 2013-12-06 10:32 - 00000000 ____D C:\ProgramData\eqh
2013-12-06 10:26 - 2013-12-27 05:00 - 00000000 ____D C:\ProgramData\lbbntbt
ZeroAccess:
C:\Users\Alice\AppData\Local\f964ebbc
C:\Users\Alice\AppData\Local\f964ebbc\@

*****************

HKU\Alice\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ip5c2s => Value not found.
HKU\Alice\Software\Microsoft\Windows\CurrentVersion\RunOnce\\bjbrbe => Value not found.
HKU\Alice\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
C:\ProgramData\qbxfp => Moved successfully.
C:\ProgramData\wbnj => Moved successfully.
C:\ProgramData\opy => Moved successfully.
C:\ProgramData\bdtrt => Moved successfully.
C:\ProgramData\nckt => Moved successfully.
C:\ProgramData\iry => Moved successfully.
C:\ProgramData\jyyhit => Moved successfully.
C:\ProgramData\hijnb => Moved successfully.
C:\ProgramData\eqh => Moved successfully.
C:\ProgramData\lbbntbt => Moved successfully.
C:\Users\Alice\AppData\Local\f964ebbc => Moved successfully.
"C:\Users\Alice\AppData\Local\f964ebbc\@" => File/Directory not found.

==== End of Fixlog ====

schrauber · 29.12.2013, 11:24

Ab jetzt im normalen Modus:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Windows 7: Interpol Virus/Trojaner, Rechner gesperrt

Log-Analyse und Auswertung: Windows 7: Interpol Virus/Trojaner, Rechner gesperrt