Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Interpol Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.02.2014, 09:28   #1
atlas1990
 
Interpol Virus - Standard

Interpol Virus



Hallo Leute,
hab mir eben irgendwie dieses Interpol virus eingefangen und nichts geht mehr.
hab mir schon in einem anderen Beitrag hier angeguckt wie ich vorgehen soll.
hab mir den FRST file runtergeladen und am befallenen Pc alles gemacht was in der Anleitung steht.
hier der text den man Posten soll

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by SYSTEM on MININT-8LBOIUC on 07-02-2014 09:50:46
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-06] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-11] (NTI Corporation)
HKLM-x32\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-22] (Microsoft)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1078352 2011-02-23] (Dritek System Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Tutto\...\Run: [GCDTRAY.EXE] - C:\Program Files (x86)\gBurner Virtual Drive\GCDTRAY.EXE [382048 2012-08-14] (Power Software Ltd)
HKU\Tutto\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\Tutto\...\Run: [Spotify] - C:\Users\Tutto\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-26] (Spotify Ltd)
HKU\Tutto\...\Run: [Spotify Web Helper] - C:\Users\Tutto\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-26] (Spotify Ltd)
HKU\Tutto\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\Tutto\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\UpdatusUser\...\Run: [GCDTRAY.EXE] - C:\Program Files (x86)\gBurner Virtual Drive\GCDTRAY.EXE [382048 2012-08-14] (Power Software Ltd)
HKU\UpdatusUser\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\UpdatusUser\...\Run: [SDP] - C:\Users\UpdatusUser\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto 
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1350944 2014-02-03] (Conduit)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-12-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1046816 2014-02-03] (Conduit)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-12-12] (NVIDIA Corporation)
Startup: C:\Users\Tutto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rvlfqgx.lnk
ShortcutTarget: rvlfqgx.lnk -> C:\ProgramData\xgqflvr.cpp (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2317600 2014-02-03] (Conduit)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-11] (NTI Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-19] (TuneUp Software)
S3 Winmgmt; C:\ProgramData\rvlfqgx.zvv [334076 2014-02-06] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 gcdbus; C:\Windows\System32\DRIVERS\gcdbus.sys [168960 2012-08-14] (Power Software Ltd)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-07 09:48 - 2014-02-07 09:50 - 00000000 ____D () C:\FRST
2014-02-06 23:52 - 2014-02-06 23:53 - 95027928 ____T () C:\ProgramData\rvlfqgx.fee
2014-02-06 23:52 - 2014-02-06 23:52 - 00334076 ____T (Microsoft Corporation) C:\ProgramData\rvlfqgx.zvv
2014-02-06 23:52 - 2014-02-06 23:52 - 00241553 _____ (Microsoft Corporation) C:\ProgramData\xgqflvr.cpp
2014-02-04 06:41 - 2014-02-04 06:41 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect
2014-01-30 08:34 - 2014-01-30 08:34 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-01-30 03:14 - 2014-01-30 03:15 - 171457810 _____ () C:\Users\Tutto\Documents\cm-10.2-20131125-dev_connection_team-release1-ariesve.zip
2014-01-30 02:51 - 2014-01-30 02:52 - 91736799 _____ () C:\Users\Tutto\Documents\gapps-jb-20130813-signed.zip
2014-01-30 02:21 - 2014-01-30 02:21 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-01-30 02:17 - 2014-02-04 06:42 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-01-30 02:17 - 2014-01-30 02:18 - 00000000 ____D () C:\Users\Tutto\AppData\Local\SearchProtect
2014-01-30 02:17 - 2014-01-30 02:17 - 00000000 ____D () C:\Users\Tutto\Downloads\Samsung_Kies_TSV234AQJ
2014-01-30 02:16 - 2014-01-30 02:16 - 00657784 _____ (Conduit) C:\Users\Tutto\Downloads\Samsung_Kies_TSV234AQJ.exe
2014-01-12 13:25 - 2014-02-07 00:35 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-12 13:25 - 2014-02-07 00:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-12 13:25 - 2014-01-12 13:30 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-12 13:25 - 2014-01-12 13:30 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-12 13:25 - 2014-01-12 13:25 - 00819160 _____ (Google Inc.) C:\Users\Tutto\Downloads\GoogleEarthPluginSetup.exe

==================== One Month Modified Files and Folders =======

2014-02-07 09:50 - 2014-02-07 09:48 - 00000000 ____D () C:\FRST
2014-02-07 00:39 - 2013-11-15 04:07 - 00000000 ____D () C:\Users\Tutto\AppData\Roaming\Spotify
2014-02-07 00:35 - 2014-01-12 13:25 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-07 00:17 - 2009-07-13 20:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-07 00:17 - 2009-07-13 20:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-07 00:09 - 2014-01-12 13:25 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-07 00:09 - 2013-09-15 10:12 - 00022656 _____ () C:\Windows\setupact.log
2014-02-07 00:09 - 2013-09-11 11:13 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-07 00:09 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-07 00:08 - 2013-09-15 10:43 - 01811572 _____ () C:\Windows\PFRO.log
2014-02-06 23:59 - 2013-09-11 08:15 - 01736274 _____ () C:\Windows\WindowsUpdate.log
2014-02-06 23:53 - 2014-02-06 23:52 - 95027928 ____T () C:\ProgramData\rvlfqgx.fee
2014-02-06 23:52 - 2014-02-06 23:52 - 00334076 ____T (Microsoft Corporation) C:\ProgramData\rvlfqgx.zvv
2014-02-06 23:52 - 2014-02-06 23:52 - 00241553 _____ (Microsoft Corporation) C:\ProgramData\xgqflvr.cpp
2014-02-06 23:06 - 2013-11-11 07:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-06 10:53 - 2013-11-15 04:07 - 00000000 ____D () C:\Users\Tutto\AppData\Local\Spotify
2014-02-04 06:42 - 2014-01-30 02:17 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-02-04 06:41 - 2014-02-04 06:41 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect
2014-01-30 08:34 - 2014-01-30 08:34 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-01-30 08:34 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-30 04:10 - 2013-09-13 10:50 - 00000000 ____D () C:\Users\Tutto\AppData\Roaming\vlc
2014-01-30 03:18 - 2013-09-11 18:06 - 00696370 _____ () C:\Windows\System32\perfh007.dat
2014-01-30 03:18 - 2013-09-11 18:06 - 00147634 _____ () C:\Windows\System32\perfc007.dat
2014-01-30 03:18 - 2009-07-13 21:13 - 01611160 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-01-30 03:15 - 2014-01-30 03:14 - 171457810 _____ () C:\Users\Tutto\Documents\cm-10.2-20131125-dev_connection_team-release1-ariesve.zip
2014-01-30 02:52 - 2014-01-30 02:51 - 91736799 _____ () C:\Users\Tutto\Documents\gapps-jb-20130813-signed.zip
2014-01-30 02:21 - 2014-01-30 02:21 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-01-30 02:21 - 2013-09-28 06:36 - 00000000 ____D () C:\Users\Tutto\AppData\Local\Samsung
2014-01-30 02:21 - 2013-09-28 06:35 - 00001996 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-01-30 02:20 - 2013-09-28 06:34 - 00000000 ____D () C:\ProgramData\Samsung
2014-01-30 02:19 - 2013-11-02 08:39 - 01589182 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-30 02:18 - 2014-01-30 02:17 - 00000000 ____D () C:\Users\Tutto\AppData\Local\SearchProtect
2014-01-30 02:18 - 2013-09-28 06:33 - 00000000 ____D () C:\Users\Tutto\AppData\Local\Downloaded Installations
2014-01-30 02:17 - 2014-01-30 02:17 - 00000000 ____D () C:\Users\Tutto\Downloads\Samsung_Kies_TSV234AQJ
2014-01-30 02:16 - 2014-01-30 02:16 - 00657784 _____ (Conduit) C:\Users\Tutto\Downloads\Samsung_Kies_TSV234AQJ.exe
2014-01-12 13:30 - 2014-01-12 13:25 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-12 13:30 - 2014-01-12 13:25 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-12 13:25 - 2014-01-12 13:25 - 00819160 _____ (Google Inc.) C:\Users\Tutto\Downloads\GoogleEarthPluginSetup.exe
2014-01-12 13:25 - 2013-09-12 01:44 - 00000000 ____D () C:\Program Files (x86)\Google

Files to move or delete:
====================
C:\ProgramData\rvlfqgx.fee
C:\ProgramData\rvlfqgx.zvv


Some content of TEMP:
====================
C:\Users\Tutto\AppData\Local\Temp\avgnt.exe
C:\Users\Tutto\AppData\Local\Temp\DownloadSetup__2299_i307776478_il130.exe
C:\Users\Tutto\AppData\Local\Temp\Execute2App.exe
C:\Users\Tutto\AppData\Local\Temp\Kies2RemoveAll.exe
C:\Users\Tutto\AppData\Local\Temp\msvcp90.dll
C:\Users\Tutto\AppData\Local\Temp\msvcr90.dll
C:\Users\Tutto\AppData\Local\Temp\nsm59BF.exe
C:\Users\Tutto\AppData\Local\Temp\nsw1EDE.exe
C:\Users\Tutto\AppData\Local\Temp\nsw219D.exe
C:\Users\Tutto\AppData\Local\Temp\nsw578C.exe
C:\Users\Tutto\AppData\Local\Temp\SPSetup.exe
C:\Users\Tutto\AppData\Local\Temp\Xg3Jp0TN[1].exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-12-22 08:36:41
Restore point made on: 2014-01-02 06:35:16
Restore point made on: 2014-01-02 06:39:53
Restore point made on: 2014-01-06 00:07:28
Restore point made on: 2014-01-06 00:10:24
Restore point made on: 2014-01-06 00:20:53
Restore point made on: 2014-01-20 02:29:55
Restore point made on: 2014-01-30 02:20:11

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 5995.86 MB
Available physical RAM: 5186.79 MB
Total Pagefile: 5994.01 MB
Available Pagefile: 5180.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:581.07 GB) (Free:458.98 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:2.07 GB) NTFS
Drive g: () (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: A1AA16D0)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 124 MB) (Disk ID: 0D0C0B0A)
Partition 1: (Active) - (Size=124 MB) - (Type=06)


LastRegBack: 2014-02-04 10:17

==================== End Of Log ============================
         

hoffe ihr könnt mir weiter helfen
danke schonmal

Alt 07.02.2014, 09:43   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Interpol Virus - Standard

Interpol Virus



hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\Users\Tutto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rvlfqgx.lnk
ShortcutTarget: rvlfqgx.lnk -> C:\ProgramData\xgqflvr.cpp (Microsoft Corporation)
S3 Winmgmt; C:\ProgramData\rvlfqgx.zvv [334076 2014-02-06] (Microsoft Corporation)
2014-02-06 23:52 - 2014-02-06 23:53 - 95027928 ____T () C:\ProgramData\rvlfqgx.fee
2014-02-06 23:52 - 2014-02-06 23:52 - 00334076 ____T (Microsoft Corporation) C:\ProgramData\rvlfqgx.zvv
2014-02-06 23:52 - 2014-02-06 23:52 - 00241553 _____ (Microsoft Corporation) C:\ProgramData\xgqflvr.cpp
C:\Users\Tutto\AppData\Local\Temp\msvcp90.dll
C:\Users\Tutto\AppData\Local\Temp\msvcr90.dll
C:\Users\Tutto\AppData\Local\Temp\nsm59BF.exe
C:\Users\Tutto\AppData\Local\Temp\nsw1EDE.exe
C:\Users\Tutto\AppData\Local\Temp\nsw219D.exe
C:\Users\Tutto\AppData\Local\Temp\nsw578C.exe
C:\Users\Tutto\AppData\Local\Temp\SPSetup.exe
C:\Users\Tutto\AppData\Local\Temp\Xg3Jp0TN[1].exe
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.



Rechner normal starten.
__________________

__________________

Alt 07.02.2014, 15:55   #3
atlas1990
 
Interpol Virus - Standard

Interpol Virus



ok hab ich
hier der nächste Fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2014
Ran by SYSTEM at 2014-02-07 16:52:41 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Tutto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rvlfqgx.lnk
ShortcutTarget: rvlfqgx.lnk -> C:\ProgramData\xgqflvr.cpp (Microsoft Corporation)
S3 Winmgmt; C:\ProgramData\rvlfqgx.zvv [334076 2014-02-06] (Microsoft Corporation)
2014-02-06 23:52 - 2014-02-06 23:53 - 95027928 ____T () C:\ProgramData\rvlfqgx.fee
2014-02-06 23:52 - 2014-02-06 23:52 - 00334076 ____T (Microsoft Corporation) C:\ProgramData\rvlfqgx.zvv
2014-02-06 23:52 - 2014-02-06 23:52 - 00241553 _____ (Microsoft Corporation) C:\ProgramData\xgqflvr.cpp
C:\Users\Tutto\AppData\Local\Temp\msvcp90.dll
C:\Users\Tutto\AppData\Local\Temp\msvcr90.dll
C:\Users\Tutto\AppData\Local\Temp\nsm59BF.exe
C:\Users\Tutto\AppData\Local\Temp\nsw1EDE.exe
C:\Users\Tutto\AppData\Local\Temp\nsw219D.exe
C:\Users\Tutto\AppData\Local\Temp\nsw578C.exe
C:\Users\Tutto\AppData\Local\Temp\SPSetup.exe
C:\Users\Tutto\AppData\Local\Temp\Xg3Jp0TN[1].exe
         
*****************

C:\Users\Tutto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rvlfqgx.lnk => Moved successfully.
C:\ProgramData\xgqflvr.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\rvlfqgx.fee => Moved successfully.
C:\ProgramData\rvlfqgx.zvv => Moved successfully.
"C:\ProgramData\xgqflvr.cpp" => File/Directory not found.
C:\Users\Tutto\AppData\Local\Temp\msvcp90.dll => Moved successfully.
C:\Users\Tutto\AppData\Local\Temp\msvcr90.dll => Moved successfully.
C:\Users\Tutto\AppData\Local\Temp\nsm59BF.exe => Moved successfully.
C:\Users\Tutto\AppData\Local\Temp\nsw1EDE.exe => Moved successfully.
C:\Users\Tutto\AppData\Local\Temp\nsw219D.exe => Moved successfully.
C:\Users\Tutto\AppData\Local\Temp\nsw578C.exe => Moved successfully.
C:\Users\Tutto\AppData\Local\Temp\SPSetup.exe => Moved successfully.
C:\Users\Tutto\AppData\Local\Temp\Xg3Jp0TN[1].exe => Moved successfully.

==== End of Fixlog ====
         
danke schonmal für die schnelle Antwort
__________________

Alt 08.02.2014, 12:03   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Interpol Virus - Standard

Interpol Virus



Startet der REchner normal?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Interpol Virus
adobe, adobe flash player, antivir, association, avg, avira, desktop, download, explorer, file, flash player, helper, home, launch, nvidia, opera, pmmupdate.exe, realtek, registry, scan, services.exe, software, spotify web helper, svchost.exe, system, temp, usb, virus, winlogon.exe



Ähnliche Themen: Interpol Virus


  1. Interpol Virus
    Log-Analyse und Auswertung - 02.03.2015 (22)
  2. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 25.01.2015 (3)
  3. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 09.01.2015 (11)
  4. Interpol Virus
    Log-Analyse und Auswertung - 17.12.2014 (9)
  5. Interpol Virus
    Log-Analyse und Auswertung - 02.11.2014 (51)
  6. Interpol Virus / Bin ich infiziert?
    Plagegeister aller Art und deren Bekämpfung - 11.04.2014 (7)
  7. Interpol hat zugeschlagen! Interpol Troyaner/Virus legt Rechner Lahm!
    Log-Analyse und Auswertung - 30.03.2014 (7)
  8. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 21.02.2014 (18)
  9. Bundespolizei-GVU-Interpol Virus
    Log-Analyse und Auswertung - 23.12.2013 (7)
  10. Interpol Virus eingefangen
    Log-Analyse und Auswertung - 17.12.2013 (11)
  11. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 08.11.2013 (5)
  12. Interpol BKA virus Win 7
    Log-Analyse und Auswertung - 03.11.2013 (3)
  13. Interpol Virus
    Log-Analyse und Auswertung - 22.10.2013 (3)
  14. Interpol-Virus
    Log-Analyse und Auswertung - 10.10.2013 (9)
  15. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 26.09.2013 (16)
  16. Interpol Computersperre Virus
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (3)
  17. Interpol Virus eingefangen
    Log-Analyse und Auswertung - 08.09.2013 (27)

Zum Thema Interpol Virus - Hallo Leute, hab mir eben irgendwie dieses Interpol virus eingefangen und nichts geht mehr. hab mir schon in einem anderen Beitrag hier angeguckt wie ich vorgehen soll. hab mir den - Interpol Virus...
Archiv
Du betrachtest: Interpol Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.