Trojaner/Virus Interpol Logs sind bereits vorhanden

Spartan123 · 07.05.2014, 22:21

Guten Abend!
Ich kam von der Arbeit, wollte noch etwas am Pc spielen und habe dann leider entdeckt, dass ich einen Trojaner/Virus was auch immer habe...
habe es dann gegoogelt und bin auf diese Internetseite gestoßen und habe mich dann auch gleich ran gemacht, dies zu beseitigen, was bis jetzt auch gut geklappt hat, und habe soweit auch die Logs fertig und vielen Dank, war echt einfach zu machen. Hoffe auf eine schnelle Antwort

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014
Ran by SYSTEM on MININT-HKHB51H on 07-05-2014 23:03:10
Running from F:\
Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [facemoods] => C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe [362200 2011-09-05] (facemoods.com)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKU\Nico\...\Run: [Steam] => C:\Valve\Steam\Steam.exe -silent
HKU\Nico\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Nico\...\Run: [GarenaPlus] => C:\Users\Nico\Garena Plus\GarenaMessenger.exe [9890608 2013-11-21] ()
HKU\Nico\...\Run: [nzczzg] => regsvr32.exe "C:\ProgramData\nzczzg.dat"
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sfqb2zj.lnk
ShortcutTarget: sfqb2zj.lnk -> C:\ProgramData\jz2bqfs.cpp\jz2bqfs.cpp (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)
S2 Winmgmt; C:\ProgramData\jz2bqfs.cpp\sfqb2zj.dot [332016 2014-05-06] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

==================== Drivers (Whitelisted) ====================

S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-11-11] ()
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-11-11] ()
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-06] (Marvell Semiconductor, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-07-12] (Duplex Secure Ltd.)
S3 GGSAFERDriver; \??\C:\Users\Nico\Garena Plus\Room\safedrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-07 23:02 - 2014-05-07 23:03 - 00000000 ____D () C:\FRST
2014-05-07 21:04 - 2014-05-07 21:04 - 00000000 ____D () C:\Users\Nico\AppData\Local\{F7851421-16BA-4520-B466-88DBB144D624}
2014-05-07 21:01 - 2014-05-07 21:02 - 00000000 ____D () C:\Users\Nico\AppData\Local\{7D0F15EE-D255-48AF-9D85-076934060716}
2014-05-06 21:30 - 2014-05-06 21:31 - 00000000 ____D () C:\ProgramData\jz2bqfs.cpp
2014-05-06 21:27 - 2014-05-06 21:27 - 00302192 _____ (Microsoft Corporation) C:\ProgramData\nzczzg.dat
2014-05-06 16:16 - 2014-05-06 16:16 - 00000000 ____D () C:\Users\Nico\AppData\Local\{D2D62128-9897-410A-9997-5519C690530A}
2014-05-05 09:41 - 2014-05-05 09:41 - 00000000 ____D () C:\Users\Nico\AppData\Local\{AC93510C-26CC-41A2-B63A-476A90F0EBAF}
2014-05-04 09:30 - 2014-05-04 09:30 - 00000000 ____D () C:\Users\Nico\AppData\Local\{4C0C9D4A-C395-4632-9F34-7BF347BF3EF1}
2014-05-03 13:12 - 2014-05-03 13:12 - 00000000 ____D () C:\Users\Nico\AppData\Local\{2CDBE2D1-7066-408E-9292-665E48B58537}
2014-05-02 09:17 - 2014-05-02 09:18 - 00000000 ____D () C:\Users\Nico\AppData\Local\{D85530EE-C1EF-436A-9D42-E10432D3E519}
2014-05-01 09:35 - 2014-05-01 09:35 - 00000000 ____D () C:\Users\Nico\AppData\Local\{9D06C82B-21CA-4DB5-A5DB-CBB5369CEA3E}
2014-04-30 09:01 - 2014-04-30 09:01 - 00000000 ____D () C:\Users\Nico\AppData\Local\{8E40603A-24A1-4F1D-8AEF-BCE739857EAA}
2014-04-29 09:39 - 2014-04-29 09:40 - 00000000 ____D () C:\Users\Nico\AppData\Local\{78CCFCE2-2489-447F-BFBD-37F6579A4389}
2014-04-28 14:36 - 2014-04-28 14:36 - 00012362 _____ () C:\Users\Nico\Documents\Anna ADAC.odt
2014-04-28 08:40 - 2014-04-28 08:40 - 00000000 ____D () C:\Users\Nico\AppData\Local\{70EB5851-4F0C-4D8C-83B5-317C70AACACF}
2014-04-27 12:44 - 2014-04-27 12:44 - 00000000 ____D () C:\Users\Nico\AppData\Local\{689F4757-20D5-4098-BBF0-E3E4EBE9E64D}
2014-04-26 13:06 - 2014-04-26 13:06 - 00000000 ____D () C:\Users\Nico\AppData\Local\{F0083861-691B-426B-A7D8-7BC7B003E703}
2014-04-25 09:33 - 2014-04-25 09:34 - 00000000 ____D () C:\Users\Nico\AppData\Local\{EACF50AE-6C11-4035-9D02-1684F286F756}
2014-04-24 09:02 - 2014-04-24 09:02 - 00000000 ____D () C:\Users\Nico\AppData\Local\{B6C991B9-C6B9-4000-8C85-CDF22BC1267F}
2014-04-23 09:51 - 2014-04-23 09:51 - 00000000 ____D () C:\Users\Nico\AppData\Local\{8FDA374E-E7A9-45D6-BBBB-C48D597DD4C2}
2014-04-22 14:14 - 2014-04-22 14:14 - 00000000 ____D () C:\Users\Nico\AppData\Local\{C0D66221-AC8D-4B7F-AB2C-BC08B0C6D1C3}
2014-04-21 14:34 - 2014-04-21 14:34 - 00000000 ____D () C:\Users\Nico\AppData\Local\{A2C5C194-4206-417F-9915-EC76727F71B4}
2014-04-20 21:43 - 2014-04-20 21:44 - 00000000 ____D () C:\Users\Nico\AppData\Local\{C8CA2F36-A5E0-4CE8-8E19-2AC5C45FFBC1}
2014-04-19 22:18 - 2014-04-19 22:18 - 00000000 ____D () C:\Users\Nico\AppData\Local\{30A06474-AB54-4C55-A08D-821665EABF0C}
2014-04-18 10:03 - 2014-04-18 10:03 - 00000000 ____D () C:\Users\Nico\AppData\Local\{259AD94D-6B0E-411D-B9E0-2007C171F6E3}
2014-04-17 14:44 - 2014-04-14 19:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-17 14:44 - 2014-04-14 19:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-17 14:44 - 2014-04-14 19:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-17 14:44 - 2014-04-14 19:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-17 14:43 - 2014-04-17 14:44 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-17 14:23 - 2014-04-17 14:23 - 00000000 ____D () C:\Users\Nico\AppData\Local\{45B9EED0-36AF-44EF-8ABB-B6EBB922E300}
2014-04-16 21:52 - 2014-04-16 21:52 - 00000000 ____D () C:\Users\Nico\AppData\Local\{BE4EE636-EBA4-4BCD-BA51-FC974B36CDFC}
2014-04-16 21:52 - 2014-04-16 21:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-16 08:49 - 2014-04-16 08:49 - 00000000 ____D () C:\Users\Nico\AppData\Local\{5CFA552C-AD65-441D-907A-4290EE2D0729}
2014-04-15 16:01 - 2014-04-15 16:01 - 00000000 ____D () C:\Users\Nico\AppData\Local\{893ABFD6-7752-42D0-8F93-2002BF8A31BC}
2014-04-15 15:58 - 2014-04-15 15:58 - 00000000 ____D () C:\Users\Nico\AppData\Local\{83F349AC-8D54-4218-8F30-CE597688106D}
2014-04-14 08:43 - 2014-04-14 08:43 - 00000000 ____D () C:\Users\Nico\AppData\Local\{B7D9949E-AAE1-4F33-A718-4EFBFC222A0A}
2014-04-13 16:15 - 2014-04-13 16:16 - 00000000 ____D () C:\Users\Nico\AppData\Local\{B8B9F2A9-E987-4F00-9E62-3EECD3515DFD}
2014-04-12 14:45 - 2014-04-12 14:45 - 00000000 ____D () C:\Users\Nico\AppData\Local\{07C9E289-5B9A-4354-B06B-E02EA403F29F}
2014-04-11 16:54 - 2014-04-11 16:54 - 00000000 ____D () C:\Users\Nico\AppData\Local\{9FA3705A-1A99-42B5-A40B-4663AC4DD3BB}
2014-04-09 22:25 - 2014-04-09 22:26 - 00000000 ____D () C:\Users\Nico\AppData\Local\{BE196C76-27C0-4185-B375-AEB5A6F5FE4C}
2014-04-09 07:54 - 2014-04-09 07:54 - 00000000 ____D () C:\Users\Nico\AppData\Local\{C16DD7CA-6266-4AF9-B367-8066E5278E93}
2014-04-08 16:11 - 2014-04-08 16:11 - 00000000 ____D () C:\Users\Nico\AppData\Local\{426EAAA7-B1BA-4634-8412-89364AD5B66C}
2014-04-07 09:00 - 2014-04-07 09:00 - 00000000 ____D () C:\Users\Nico\AppData\Local\{FA7485F0-E640-46F6-8D45-06738F7A28B9}

==================== One Month Modified Files and Folders =======

2014-05-07 23:03 - 2014-05-07 23:02 - 00000000 ____D () C:\FRST
2014-05-07 21:54 - 2009-07-14 05:45 - 00026736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 21:54 - 2009-07-14 05:45 - 00026736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 21:53 - 2013-11-24 23:22 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 21:53 - 2012-01-25 17:52 - 00000000 ____D () C:\Users\Nico\AppData\Local\Deployment
2014-05-07 21:53 - 2011-12-01 12:38 - 00000000 ____D () C:\Users\Nico\Tracing
2014-05-07 21:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-07 21:53 - 2009-07-14 05:51 - 00298439 _____ () C:\Windows\setupact.log
2014-05-07 21:33 - 2011-11-05 16:52 - 01110397 _____ () C:\Windows\WindowsUpdate.log
2014-05-07 21:30 - 2014-03-14 17:15 - 00000000 ____D () C:\Users\Nico\AppData\Local\Battle.net
2014-05-07 21:17 - 2012-01-05 19:57 - 00000000 ____D () C:\Users\Nico\AppData\Local\LogMeIn Hamachi
2014-05-07 21:04 - 2014-05-07 21:04 - 00000000 ____D () C:\Users\Nico\AppData\Local\{F7851421-16BA-4520-B466-88DBB144D624}
2014-05-07 21:02 - 2014-05-07 21:01 - 00000000 ____D () C:\Users\Nico\AppData\Local\{7D0F15EE-D255-48AF-9D85-076934060716}
2014-05-06 21:31 - 2014-05-06 21:30 - 00000000 ____D () C:\ProgramData\jz2bqfs.cpp
2014-05-06 21:27 - 2014-05-06 21:27 - 00302192 _____ (Microsoft Corporation) C:\ProgramData\nzczzg.dat
2014-05-06 21:14 - 2011-11-09 17:39 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\TS3Client
2014-05-06 20:40 - 2013-11-24 23:22 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-06 16:19 - 2010-11-21 07:22 - 00664396 _____ () C:\Windows\System32\perfh007.dat
2014-05-06 16:19 - 2010-11-21 07:22 - 00134564 _____ () C:\Windows\System32\perfc007.dat
2014-05-06 16:19 - 2009-07-14 06:13 - 01527632 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-06 16:16 - 2014-05-06 16:16 - 00000000 ____D () C:\Users\Nico\AppData\Local\{D2D62128-9897-410A-9997-5519C690530A}
2014-05-05 09:41 - 2014-05-05 09:41 - 00000000 ____D () C:\Users\Nico\AppData\Local\{AC93510C-26CC-41A2-B63A-476A90F0EBAF}
2014-05-04 20:15 - 2014-02-07 17:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-04 09:30 - 2014-05-04 09:30 - 00000000 ____D () C:\Users\Nico\AppData\Local\{4C0C9D4A-C395-4632-9F34-7BF347BF3EF1}
2014-05-03 13:12 - 2014-05-03 13:12 - 00000000 ____D () C:\Users\Nico\AppData\Local\{2CDBE2D1-7066-408E-9292-665E48B58537}
2014-05-02 10:34 - 2014-03-14 17:15 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-02 09:18 - 2014-05-02 09:17 - 00000000 ____D () C:\Users\Nico\AppData\Local\{D85530EE-C1EF-436A-9D42-E10432D3E519}
2014-05-01 09:35 - 2014-05-01 09:35 - 00000000 ____D () C:\Users\Nico\AppData\Local\{9D06C82B-21CA-4DB5-A5DB-CBB5369CEA3E}
2014-04-30 09:01 - 2014-04-30 09:01 - 00000000 ____D () C:\Users\Nico\AppData\Local\{8E40603A-24A1-4F1D-8AEF-BCE739857EAA}
2014-04-29 09:40 - 2014-04-29 09:39 - 00000000 ____D () C:\Users\Nico\AppData\Local\{78CCFCE2-2489-447F-BFBD-37F6579A4389}
2014-04-28 14:36 - 2014-04-28 14:36 - 00012362 _____ () C:\Users\Nico\Documents\Anna ADAC.odt
2014-04-28 08:40 - 2014-04-28 08:40 - 00000000 ____D () C:\Users\Nico\AppData\Local\{70EB5851-4F0C-4D8C-83B5-317C70AACACF}
2014-04-27 12:44 - 2014-04-27 12:44 - 00000000 ____D () C:\Users\Nico\AppData\Local\{689F4757-20D5-4098-BBF0-E3E4EBE9E64D}
2014-04-26 13:06 - 2014-04-26 13:06 - 00000000 ____D () C:\Users\Nico\AppData\Local\{F0083861-691B-426B-A7D8-7BC7B003E703}
2014-04-25 09:34 - 2014-04-25 09:33 - 00000000 ____D () C:\Users\Nico\AppData\Local\{EACF50AE-6C11-4035-9D02-1684F286F756}
2014-04-24 09:02 - 2014-04-24 09:02 - 00000000 ____D () C:\Users\Nico\AppData\Local\{B6C991B9-C6B9-4000-8C85-CDF22BC1267F}
2014-04-24 09:01 - 2010-11-21 04:47 - 00035300 _____ () C:\Windows\PFRO.log
2014-04-23 09:51 - 2014-04-23 09:51 - 00000000 ____D () C:\Users\Nico\AppData\Local\{8FDA374E-E7A9-45D6-BBBB-C48D597DD4C2}
2014-04-22 14:14 - 2014-04-22 14:14 - 00000000 ____D () C:\Users\Nico\AppData\Local\{C0D66221-AC8D-4B7F-AB2C-BC08B0C6D1C3}
2014-04-21 14:34 - 2014-04-21 14:34 - 00000000 ____D () C:\Users\Nico\AppData\Local\{A2C5C194-4206-417F-9915-EC76727F71B4}
2014-04-20 21:44 - 2014-04-20 21:43 - 00000000 ____D () C:\Users\Nico\AppData\Local\{C8CA2F36-A5E0-4CE8-8E19-2AC5C45FFBC1}
2014-04-19 22:18 - 2014-04-19 22:18 - 00000000 ____D () C:\Users\Nico\AppData\Local\{30A06474-AB54-4C55-A08D-821665EABF0C}
2014-04-18 10:03 - 2014-04-18 10:03 - 00000000 ____D () C:\Users\Nico\AppData\Local\{259AD94D-6B0E-411D-B9E0-2007C171F6E3}
2014-04-17 14:44 - 2014-04-17 14:43 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-17 14:44 - 2013-03-16 11:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-17 14:23 - 2014-04-17 14:23 - 00000000 ____D () C:\Users\Nico\AppData\Local\{45B9EED0-36AF-44EF-8ABB-B6EBB922E300}
2014-04-16 21:52 - 2014-04-16 21:52 - 00000000 ____D () C:\Users\Nico\AppData\Local\{BE4EE636-EBA4-4BCD-BA51-FC974B36CDFC}
2014-04-16 21:52 - 2014-04-16 21:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-16 21:52 - 2012-01-05 19:57 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-04-16 08:49 - 2014-04-16 08:49 - 00000000 ____D () C:\Users\Nico\AppData\Local\{5CFA552C-AD65-441D-907A-4290EE2D0729}
2014-04-15 16:01 - 2014-04-15 16:01 - 00000000 ____D () C:\Users\Nico\AppData\Local\{893ABFD6-7752-42D0-8F93-2002BF8A31BC}
2014-04-15 15:58 - 2014-04-15 15:58 - 00000000 ____D () C:\Users\Nico\AppData\Local\{83F349AC-8D54-4218-8F30-CE597688106D}
2014-04-14 19:13 - 2014-04-17 14:44 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 19:05 - 2014-04-17 14:44 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 19:05 - 2014-04-17 14:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 19:04 - 2014-04-17 14:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 08:43 - 2014-04-14 08:43 - 00000000 ____D () C:\Users\Nico\AppData\Local\{B7D9949E-AAE1-4F33-A718-4EFBFC222A0A}
2014-04-13 16:16 - 2014-04-13 16:15 - 00000000 ____D () C:\Users\Nico\AppData\Local\{B8B9F2A9-E987-4F00-9E62-3EECD3515DFD}
2014-04-12 14:48 - 2014-03-14 17:21 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-12 14:45 - 2014-04-12 14:45 - 00000000 ____D () C:\Users\Nico\AppData\Local\{07C9E289-5B9A-4354-B06B-E02EA403F29F}
2014-04-11 16:54 - 2014-04-11 16:54 - 00000000 ____D () C:\Users\Nico\AppData\Local\{9FA3705A-1A99-42B5-A40B-4663AC4DD3BB}
2014-04-09 22:26 - 2014-04-09 22:25 - 00000000 ____D () C:\Users\Nico\AppData\Local\{BE196C76-27C0-4185-B375-AEB5A6F5FE4C}
2014-04-09 07:54 - 2014-04-09 07:54 - 00000000 ____D () C:\Users\Nico\AppData\Local\{C16DD7CA-6266-4AF9-B367-8066E5278E93}
2014-04-08 16:11 - 2014-04-08 16:11 - 00000000 ____D () C:\Users\Nico\AppData\Local\{426EAAA7-B1BA-4634-8412-89364AD5B66C}
2014-04-07 14:19 - 2012-06-13 19:37 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Skype
2014-04-07 14:19 - 2012-06-13 19:37 - 00000000 ____D () C:\ProgramData\Skype
2014-04-07 09:00 - 2014-04-07 09:00 - 00000000 ____D () C:\Users\Nico\AppData\Local\{FA7485F0-E640-46F6-8D45-06738F7A28B9}

Files to move or delete:
====================
C:\ProgramData\nzczzg.dat

Some content of TEMP:
====================
C:\Users\Nico\AppData\Local\Temp\APNSetup.exe
C:\Users\Nico\AppData\Local\Temp\AskSLib.dll
C:\Users\Nico\AppData\Local\Temp\AutoRun.exe
C:\Users\Nico\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Nico\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Nico\AppData\Local\Temp\Delta.exe
C:\Users\Nico\AppData\Local\Temp\DeltaTB.exe
C:\Users\Nico\AppData\Local\Temp\eauninstall.exe
C:\Users\Nico\AppData\Local\Temp\fgyhh.dll
C:\Users\Nico\AppData\Local\Temp\FileSystemView.dll
C:\Users\Nico\AppData\Local\Temp\FreemakeVideoConverter_4.0.0.15.exe
C:\Users\Nico\AppData\Local\Temp\FreemakeVideoConverter_4.1.3.0.exe
C:\Users\Nico\AppData\Local\Temp\GameuxInstallHelper.dll
C:\Users\Nico\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Nico\AppData\Local\Temp\ICReinstall_Alcohol120_trial_2.0.2.3931.exe
C:\Users\Nico\AppData\Local\Temp\ICReinstall_Facemoods.exe
C:\Users\Nico\AppData\Local\Temp\ICReinstall_ICReinstall_Alcohol120_trial_2.0.2.3931.exe
C:\Users\Nico\AppData\Local\Temp\ICReinstall_ICReinstall_ICReinstall_Alcohol120_trial_2.0.2.3931.exe
C:\Users\Nico\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Nico\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Nico\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Nico\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Nico\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Nico\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Nico\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Nico\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Nico\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Nico\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Nico\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Nico\AppData\Local\Temp\plus-hd-2-6.exe
C:\Users\Nico\AppData\Local\Temp\propsys.dll
C:\Users\Nico\AppData\Local\Temp\ShellLink.dll
C:\Users\Nico\AppData\Local\Temp\ShellLink0.dll
C:\Users\Nico\AppData\Local\Temp\siinst.exe
C:\Users\Nico\AppData\Local\Temp\silent_pricora_DE.exe
C:\Users\Nico\AppData\Local\Temp\SIntf16.dll
C:\Users\Nico\AppData\Local\Temp\SIntf32.dll
C:\Users\Nico\AppData\Local\Temp\SIntfNT.dll
C:\Users\Nico\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nico\AppData\Local\Temp\strings.dll
C:\Users\Nico\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Nico\AppData\Local\Temp\tbXfi2.dll
C:\Users\Nico\AppData\Local\Temp\The Battle for Middle-earth_uninst.exe
C:\Users\Nico\AppData\Local\Temp\tmp12E4.exe
C:\Users\Nico\AppData\Local\Temp\tmp1F14.exe
C:\Users\Nico\AppData\Local\Temp\tmp7454.exe
C:\Users\Nico\AppData\Local\Temp\tmp8803.exe
C:\Users\Nico\AppData\Local\Temp\tmp8AF0.exe
C:\Users\Nico\AppData\Local\Temp\tmpBB43.exe
C:\Users\Nico\AppData\Local\Temp\tmpBC3D.exe
C:\Users\Nico\AppData\Local\Temp\tmpDB9E.exe
C:\Users\Nico\AppData\Local\Temp\uninst1.exe
C:\Users\Nico\AppData\Local\Temp\war3_Install.exe
C:\Users\Nico\AppData\Local\Temp\WSSetup.exe
C:\Users\Nico\AppData\Local\Temp\_5C33.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2014-04-06 12:03:13
Restore point made on: 2014-04-07 14:19:07
Restore point made on: 2014-04-08 16:33:41
Restore point made on: 2014-04-15 16:58:54
Restore point made on: 2014-04-17 14:43:44
Restore point made on: 2014-04-22 14:21:24
Restore point made on: 2014-05-01 10:13:21
Restore point made on: 2014-05-06 16:29:45

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8191.3 MB
Available physical RAM: 7447.21 MB
Total Pagefile: 8189.5 MB
Available Pagefile: 7444.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:151.6 GB) (Free:57.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (GameZ) (Fixed) (Total:146.48 GB) (Free:98.9 GB) NTFS
Drive f: (INTENSO) (Removable) (Total:7.46 GB) (Free:6.1 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=152 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

LastRegBack: 2014-04-29 10:31

==================== End Of Log ============================

mort · 07.05.2014, 22:25

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Ich bedanke mich für deine Geduld

Spartan123 · 07.05.2014, 22:30

Ich bedanke mich jetzt schon mal mit dieser schnellen Antwort

mort · 08.05.2014, 11:26

Hallo Spartan123 und

Ich werde dir bei der Bereinigung des Computers helfen.

Arbeite meine Anleitungen nacheinander ab.
Poste deine Logs in Code-Tags: [code]Hier der Inhalt des Logs[/code]
Bedenke, dass wir in unserer Freizeit tätig sind. Bekommst du von mir innerhalb von 2 Tagen keine Antwort, schreibe mir eine PM.

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sfqb2zj.lnk
ShortcutTarget: sfqb2zj.lnk -> C:\ProgramData\jz2bqfs.cpp\jz2bqfs.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\jz2bqfs.cpp\sfqb2zj.dot [332016 2014-05-06] (Microsoft Corporation)
2014-05-06 21:30 - 2014-05-06 21:31 - 00000000 ____D () C:\ProgramData\jz2bqfs.cpp
2014-05-06 21:27 - 2014-05-06 21:27 - 00302192 _____ (Microsoft Corporation) C:\ProgramData\nzczzg.dat

2014-05-06 21:27 - 2014-05-06 21:27 - 00302192 _____ (Microsoft Corporation) C:\ProgramData\nzczzg.dat
HKU\Nico\...\Run: [nzczzg] => regsvr32.exe "C:\ProgramData\nzczzg.dat"

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Starte deinen Computer nach dem vorherigen Schritt neu. Wenn der Computer nun wieder geht, mache so weiter:

Schritt 2

Verschiebe FRST vom USB-Stick auf den Desktop.

Starte dann FRST.
Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

Spartan123 · 08.05.2014, 15:19

Also ich habe es mal mit Rescue versucht, aber ohne Erfolg, also ich glaube das ich meinen Pc platt mache und alles neu mache. Ich hoffe jetzt aber nicht das ich eure Zeit verschwendet. Aber vielen lieben Dank für eure Hilfe!!!

mort · 08.05.2014, 15:31

Du musst nur meiner Anlteitung folgen.

mort · 11.05.2014, 19:17

Hallo,
benötigst Du noch weiterhin Hilfe?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Trojaner/Virus Interpol Logs sind bereits vorhanden

Log-Analyse und Auswertung: Trojaner/Virus Interpol Logs sind bereits vorhanden