|
Trojaner/Virus Interpol Logs sind bereits vorhanden Guten Abend! Ich kam von der Arbeit, wollte noch etwas am Pc spielen und habe dann leider entdeckt, dass ich einen Trojaner/Virus was auch immer habe... habe es dann gegoogelt und bin auf diese Internetseite gestoßen und habe mich dann auch gleich ran gemacht, dies zu beseitigen, was bis jetzt auch gut geklappt hat, und habe soweit auch die Logs fertig und vielen Dank, war echt einfach zu machen. Hoffe auf eine schnelle Antwort :) Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014 Ran by SYSTEM on MININT-HKHB51H on 07-05-2014 23:03:10 Running from F:\ Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [facemoods] => C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe [362200 2011-09-05] (facemoods.com) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKU\Nico\...\Run: [Steam] => C:\Valve\Steam\Steam.exe -silent HKU\Nico\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\Nico\...\Run: [GarenaPlus] => C:\Users\Nico\Garena Plus\GarenaMessenger.exe [9890608 2013-11-21] () HKU\Nico\...\Run: [nzczzg] => regsvr32.exe "C:\ProgramData\nzczzg.dat" IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sfqb2zj.lnk ShortcutTarget: sfqb2zj.lnk -> C:\ProgramData\jz2bqfs.cpp\jz2bqfs.cpp (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.) S2 Winmgmt; C:\ProgramData\jz2bqfs.cpp\sfqb2zj.dot [332016 2014-05-06] (Microsoft Corporation) S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X] ==================== Drivers (Whitelisted) ==================== S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-11-11] () S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-11-11] () S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-06] (Marvell Semiconductor, Inc.) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-07-12] (Duplex Secure Ltd.) S3 GGSAFERDriver; \??\C:\Users\Nico\Garena Plus\Room\safedrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-07 23:02 - 2014-05-07 23:03 - 00000000 ____D () C:\FRST 2014-05-07 21:04 - 2014-05-07 21:04 - 00000000 ____D () C:\Users\Nico\AppData\Local\{F7851421-16BA-4520-B466-88DBB144D624} 2014-05-07 21:01 - 2014-05-07 21:02 - 00000000 ____D () C:\Users\Nico\AppData\Local\{7D0F15EE-D255-48AF-9D85-076934060716} 2014-05-06 21:30 - 2014-05-06 21:31 - 00000000 ____D () C:\ProgramData\jz2bqfs.cpp 2014-05-06 21:27 - 2014-05-06 21:27 - 00302192 _____ (Microsoft Corporation) C:\ProgramData\nzczzg.dat 2014-05-06 16:16 - 2014-05-06 16:16 - 00000000 ____D () C:\Users\Nico\AppData\Local\{D2D62128-9897-410A-9997-5519C690530A} 2014-05-05 09:41 - 2014-05-05 09:41 - 00000000 ____D () C:\Users\Nico\AppData\Local\{AC93510C-26CC-41A2-B63A-476A90F0EBAF} 2014-05-04 09:30 - 2014-05-04 09:30 - 00000000 ____D () C:\Users\Nico\AppData\Local\{4C0C9D4A-C395-4632-9F34-7BF347BF3EF1} 2014-05-03 13:12 - 2014-05-03 13:12 - 00000000 ____D () C:\Users\Nico\AppData\Local\{2CDBE2D1-7066-408E-9292-665E48B58537} 2014-05-02 09:17 - 2014-05-02 09:18 - 00000000 ____D () C:\Users\Nico\AppData\Local\{D85530EE-C1EF-436A-9D42-E10432D3E519} 2014-05-01 09:35 - 2014-05-01 09:35 - 00000000 ____D () C:\Users\Nico\AppData\Local\{9D06C82B-21CA-4DB5-A5DB-CBB5369CEA3E} 2014-04-30 09:01 - 2014-04-30 09:01 - 00000000 ____D () C:\Users\Nico\AppData\Local\{8E40603A-24A1-4F1D-8AEF-BCE739857EAA} 2014-04-29 09:39 - 2014-04-29 09:40 - 00000000 ____D () C:\Users\Nico\AppData\Local\{78CCFCE2-2489-447F-BFBD-37F6579A4389} 2014-04-28 14:36 - 2014-04-28 14:36 - 00012362 _____ () C:\Users\Nico\Documents\Anna ADAC.odt 2014-04-28 08:40 - 2014-04-28 08:40 - 00000000 ____D () C:\Users\Nico\AppData\Local\{70EB5851-4F0C-4D8C-83B5-317C70AACACF} 2014-04-27 12:44 - 2014-04-27 12:44 - 00000000 ____D () C:\Users\Nico\AppData\Local\{689F4757-20D5-4098-BBF0-E3E4EBE9E64D} 2014-04-26 13:06 - 2014-04-26 13:06 - 00000000 ____D () C:\Users\Nico\AppData\Local\{F0083861-691B-426B-A7D8-7BC7B003E703} 2014-04-25 09:33 - 2014-04-25 09:34 - 00000000 ____D () C:\Users\Nico\AppData\Local\{EACF50AE-6C11-4035-9D02-1684F286F756} 2014-04-24 09:02 - 2014-04-24 09:02 - 00000000 ____D () C:\Users\Nico\AppData\Local\{B6C991B9-C6B9-4000-8C85-CDF22BC1267F} 2014-04-23 09:51 - 2014-04-23 09:51 - 00000000 ____D () C:\Users\Nico\AppData\Local\{8FDA374E-E7A9-45D6-BBBB-C48D597DD4C2} 2014-04-22 14:14 - 2014-04-22 14:14 - 00000000 ____D () C:\Users\Nico\AppData\Local\{C0D66221-AC8D-4B7F-AB2C-BC08B0C6D1C3} 2014-04-21 14:34 - 2014-04-21 14:34 - 00000000 ____D () C:\Users\Nico\AppData\Local\{A2C5C194-4206-417F-9915-EC76727F71B4} 2014-04-20 21:43 - 2014-04-20 21:44 - 00000000 ____D () C:\Users\Nico\AppData\Local\{C8CA2F36-A5E0-4CE8-8E19-2AC5C45FFBC1} 2014-04-19 22:18 - 2014-04-19 22:18 - 00000000 ____D () C:\Users\Nico\AppData\Local\{30A06474-AB54-4C55-A08D-821665EABF0C} 2014-04-18 10:03 - 2014-04-18 10:03 - 00000000 ____D () C:\Users\Nico\AppData\Local\{259AD94D-6B0E-411D-B9E0-2007C171F6E3} 2014-04-17 14:44 - 2014-04-14 19:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-17 14:44 - 2014-04-14 19:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-17 14:44 - 2014-04-14 19:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-17 14:44 - 2014-04-14 19:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-17 14:43 - 2014-04-17 14:44 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-17 14:23 - 2014-04-17 14:23 - 00000000 ____D () C:\Users\Nico\AppData\Local\{45B9EED0-36AF-44EF-8ABB-B6EBB922E300} 2014-04-16 21:52 - 2014-04-16 21:52 - 00000000 ____D () C:\Users\Nico\AppData\Local\{BE4EE636-EBA4-4BCD-BA51-FC974B36CDFC} 2014-04-16 21:52 - 2014-04-16 21:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-04-16 08:49 - 2014-04-16 08:49 - 00000000 ____D () C:\Users\Nico\AppData\Local\{5CFA552C-AD65-441D-907A-4290EE2D0729} 2014-04-15 16:01 - 2014-04-15 16:01 - 00000000 ____D () C:\Users\Nico\AppData\Local\{893ABFD6-7752-42D0-8F93-2002BF8A31BC} 2014-04-15 15:58 - 2014-04-15 15:58 - 00000000 ____D () C:\Users\Nico\AppData\Local\{83F349AC-8D54-4218-8F30-CE597688106D} 2014-04-14 08:43 - 2014-04-14 08:43 - 00000000 ____D () C:\Users\Nico\AppData\Local\{B7D9949E-AAE1-4F33-A718-4EFBFC222A0A} 2014-04-13 16:15 - 2014-04-13 16:16 - 00000000 ____D () C:\Users\Nico\AppData\Local\{B8B9F2A9-E987-4F00-9E62-3EECD3515DFD} 2014-04-12 14:45 - 2014-04-12 14:45 - 00000000 ____D () C:\Users\Nico\AppData\Local\{07C9E289-5B9A-4354-B06B-E02EA403F29F} 2014-04-11 16:54 - 2014-04-11 16:54 - 00000000 ____D () C:\Users\Nico\AppData\Local\{9FA3705A-1A99-42B5-A40B-4663AC4DD3BB} 2014-04-09 22:25 - 2014-04-09 22:26 - 00000000 ____D () C:\Users\Nico\AppData\Local\{BE196C76-27C0-4185-B375-AEB5A6F5FE4C} 2014-04-09 07:54 - 2014-04-09 07:54 - 00000000 ____D () C:\Users\Nico\AppData\Local\{C16DD7CA-6266-4AF9-B367-8066E5278E93} 2014-04-08 16:11 - 2014-04-08 16:11 - 00000000 ____D () C:\Users\Nico\AppData\Local\{426EAAA7-B1BA-4634-8412-89364AD5B66C} 2014-04-07 09:00 - 2014-04-07 09:00 - 00000000 ____D () C:\Users\Nico\AppData\Local\{FA7485F0-E640-46F6-8D45-06738F7A28B9} ==================== One Month Modified Files and Folders ======= 2014-05-07 23:03 - 2014-05-07 23:02 - 00000000 ____D () C:\FRST 2014-05-07 21:54 - 2009-07-14 05:45 - 00026736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-07 21:54 - 2009-07-14 05:45 - 00026736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-07 21:53 - 2013-11-24 23:22 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-07 21:53 - 2012-01-25 17:52 - 00000000 ____D () C:\Users\Nico\AppData\Local\Deployment 2014-05-07 21:53 - 2011-12-01 12:38 - 00000000 ____D () C:\Users\Nico\Tracing 2014-05-07 21:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-07 21:53 - 2009-07-14 05:51 - 00298439 _____ () C:\Windows\setupact.log 2014-05-07 21:33 - 2011-11-05 16:52 - 01110397 _____ () C:\Windows\WindowsUpdate.log 2014-05-07 21:30 - 2014-03-14 17:15 - 00000000 ____D () C:\Users\Nico\AppData\Local\Battle.net 2014-05-07 21:17 - 2012-01-05 19:57 - 00000000 ____D () C:\Users\Nico\AppData\Local\LogMeIn Hamachi 2014-05-07 21:04 - 2014-05-07 21:04 - 00000000 ____D () C:\Users\Nico\AppData\Local\{F7851421-16BA-4520-B466-88DBB144D624} 2014-05-07 21:02 - 2014-05-07 21:01 - 00000000 ____D () C:\Users\Nico\AppData\Local\{7D0F15EE-D255-48AF-9D85-076934060716} 2014-05-06 21:31 - 2014-05-06 21:30 - 00000000 ____D () C:\ProgramData\jz2bqfs.cpp 2014-05-06 21:27 - 2014-05-06 21:27 - 00302192 _____ (Microsoft Corporation) C:\ProgramData\nzczzg.dat 2014-05-06 21:14 - 2011-11-09 17:39 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\TS3Client 2014-05-06 20:40 - 2013-11-24 23:22 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-06 16:19 - 2010-11-21 07:22 - 00664396 _____ () C:\Windows\System32\perfh007.dat 2014-05-06 16:19 - 2010-11-21 07:22 - 00134564 _____ () C:\Windows\System32\perfc007.dat 2014-05-06 16:19 - 2009-07-14 06:13 - 01527632 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-05-06 16:16 - 2014-05-06 16:16 - 00000000 ____D () C:\Users\Nico\AppData\Local\{D2D62128-9897-410A-9997-5519C690530A} 2014-05-05 09:41 - 2014-05-05 09:41 - 00000000 ____D () C:\Users\Nico\AppData\Local\{AC93510C-26CC-41A2-B63A-476A90F0EBAF} 2014-05-04 20:15 - 2014-02-07 17:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-05-04 09:30 - 2014-05-04 09:30 - 00000000 ____D () C:\Users\Nico\AppData\Local\{4C0C9D4A-C395-4632-9F34-7BF347BF3EF1} 2014-05-03 13:12 - 2014-05-03 13:12 - 00000000 ____D () C:\Users\Nico\AppData\Local\{2CDBE2D1-7066-408E-9292-665E48B58537} 2014-05-02 10:34 - 2014-03-14 17:15 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-05-02 09:18 - 2014-05-02 09:17 - 00000000 ____D () C:\Users\Nico\AppData\Local\{D85530EE-C1EF-436A-9D42-E10432D3E519} 2014-05-01 09:35 - 2014-05-01 09:35 - 00000000 ____D () C:\Users\Nico\AppData\Local\{9D06C82B-21CA-4DB5-A5DB-CBB5369CEA3E} 2014-04-30 09:01 - 2014-04-30 09:01 - 00000000 ____D () C:\Users\Nico\AppData\Local\{8E40603A-24A1-4F1D-8AEF-BCE739857EAA} 2014-04-29 09:40 - 2014-04-29 09:39 - 00000000 ____D () C:\Users\Nico\AppData\Local\{78CCFCE2-2489-447F-BFBD-37F6579A4389} 2014-04-28 14:36 - 2014-04-28 14:36 - 00012362 _____ () C:\Users\Nico\Documents\Anna ADAC.odt 2014-04-28 08:40 - 2014-04-28 08:40 - 00000000 ____D () C:\Users\Nico\AppData\Local\{70EB5851-4F0C-4D8C-83B5-317C70AACACF} 2014-04-27 12:44 - 2014-04-27 12:44 - 00000000 ____D () C:\Users\Nico\AppData\Local\{689F4757-20D5-4098-BBF0-E3E4EBE9E64D} 2014-04-26 13:06 - 2014-04-26 13:06 - 00000000 ____D () C:\Users\Nico\AppData\Local\{F0083861-691B-426B-A7D8-7BC7B003E703} 2014-04-25 09:34 - 2014-04-25 09:33 - 00000000 ____D () C:\Users\Nico\AppData\Local\{EACF50AE-6C11-4035-9D02-1684F286F756} 2014-04-24 09:02 - 2014-04-24 09:02 - 00000000 ____D () C:\Users\Nico\AppData\Local\{B6C991B9-C6B9-4000-8C85-CDF22BC1267F} 2014-04-24 09:01 - 2010-11-21 04:47 - 00035300 _____ () C:\Windows\PFRO.log 2014-04-23 09:51 - 2014-04-23 09:51 - 00000000 ____D () C:\Users\Nico\AppData\Local\{8FDA374E-E7A9-45D6-BBBB-C48D597DD4C2} 2014-04-22 14:14 - 2014-04-22 14:14 - 00000000 ____D () C:\Users\Nico\AppData\Local\{C0D66221-AC8D-4B7F-AB2C-BC08B0C6D1C3} 2014-04-21 14:34 - 2014-04-21 14:34 - 00000000 ____D () C:\Users\Nico\AppData\Local\{A2C5C194-4206-417F-9915-EC76727F71B4} 2014-04-20 21:44 - 2014-04-20 21:43 - 00000000 ____D () C:\Users\Nico\AppData\Local\{C8CA2F36-A5E0-4CE8-8E19-2AC5C45FFBC1} 2014-04-19 22:18 - 2014-04-19 22:18 - 00000000 ____D () C:\Users\Nico\AppData\Local\{30A06474-AB54-4C55-A08D-821665EABF0C} 2014-04-18 10:03 - 2014-04-18 10:03 - 00000000 ____D () C:\Users\Nico\AppData\Local\{259AD94D-6B0E-411D-B9E0-2007C171F6E3} 2014-04-17 14:44 - 2014-04-17 14:43 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-17 14:44 - 2013-03-16 11:45 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-17 14:23 - 2014-04-17 14:23 - 00000000 ____D () C:\Users\Nico\AppData\Local\{45B9EED0-36AF-44EF-8ABB-B6EBB922E300} 2014-04-16 21:52 - 2014-04-16 21:52 - 00000000 ____D () C:\Users\Nico\AppData\Local\{BE4EE636-EBA4-4BCD-BA51-FC974B36CDFC} 2014-04-16 21:52 - 2014-04-16 21:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-04-16 21:52 - 2012-01-05 19:57 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2014-04-16 08:49 - 2014-04-16 08:49 - 00000000 ____D () C:\Users\Nico\AppData\Local\{5CFA552C-AD65-441D-907A-4290EE2D0729} 2014-04-15 16:01 - 2014-04-15 16:01 - 00000000 ____D () C:\Users\Nico\AppData\Local\{893ABFD6-7752-42D0-8F93-2002BF8A31BC} 2014-04-15 15:58 - 2014-04-15 15:58 - 00000000 ____D () C:\Users\Nico\AppData\Local\{83F349AC-8D54-4218-8F30-CE597688106D} 2014-04-14 19:13 - 2014-04-17 14:44 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-14 19:05 - 2014-04-17 14:44 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-14 19:05 - 2014-04-17 14:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-14 19:04 - 2014-04-17 14:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-14 08:43 - 2014-04-14 08:43 - 00000000 ____D () C:\Users\Nico\AppData\Local\{B7D9949E-AAE1-4F33-A718-4EFBFC222A0A} 2014-04-13 16:16 - 2014-04-13 16:15 - 00000000 ____D () C:\Users\Nico\AppData\Local\{B8B9F2A9-E987-4F00-9E62-3EECD3515DFD} 2014-04-12 14:48 - 2014-03-14 17:21 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-04-12 14:45 - 2014-04-12 14:45 - 00000000 ____D () C:\Users\Nico\AppData\Local\{07C9E289-5B9A-4354-B06B-E02EA403F29F} 2014-04-11 16:54 - 2014-04-11 16:54 - 00000000 ____D () C:\Users\Nico\AppData\Local\{9FA3705A-1A99-42B5-A40B-4663AC4DD3BB} 2014-04-09 22:26 - 2014-04-09 22:25 - 00000000 ____D () C:\Users\Nico\AppData\Local\{BE196C76-27C0-4185-B375-AEB5A6F5FE4C} 2014-04-09 07:54 - 2014-04-09 07:54 - 00000000 ____D () C:\Users\Nico\AppData\Local\{C16DD7CA-6266-4AF9-B367-8066E5278E93} 2014-04-08 16:11 - 2014-04-08 16:11 - 00000000 ____D () C:\Users\Nico\AppData\Local\{426EAAA7-B1BA-4634-8412-89364AD5B66C} 2014-04-07 14:19 - 2012-06-13 19:37 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Skype 2014-04-07 14:19 - 2012-06-13 19:37 - 00000000 ____D () C:\ProgramData\Skype 2014-04-07 09:00 - 2014-04-07 09:00 - 00000000 ____D () C:\Users\Nico\AppData\Local\{FA7485F0-E640-46F6-8D45-06738F7A28B9} Files to move or delete: ==================== C:\ProgramData\nzczzg.dat Some content of TEMP: ==================== C:\Users\Nico\AppData\Local\Temp\APNSetup.exe C:\Users\Nico\AppData\Local\Temp\AskSLib.dll C:\Users\Nico\AppData\Local\Temp\AutoRun.exe C:\Users\Nico\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Nico\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\Nico\AppData\Local\Temp\Delta.exe C:\Users\Nico\AppData\Local\Temp\DeltaTB.exe C:\Users\Nico\AppData\Local\Temp\eauninstall.exe C:\Users\Nico\AppData\Local\Temp\fgyhh.dll C:\Users\Nico\AppData\Local\Temp\FileSystemView.dll C:\Users\Nico\AppData\Local\Temp\FreemakeVideoConverter_4.0.0.15.exe C:\Users\Nico\AppData\Local\Temp\FreemakeVideoConverter_4.1.3.0.exe C:\Users\Nico\AppData\Local\Temp\GameuxInstallHelper.dll C:\Users\Nico\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe C:\Users\Nico\AppData\Local\Temp\ICReinstall_Alcohol120_trial_2.0.2.3931.exe C:\Users\Nico\AppData\Local\Temp\ICReinstall_Facemoods.exe C:\Users\Nico\AppData\Local\Temp\ICReinstall_ICReinstall_Alcohol120_trial_2.0.2.3931.exe C:\Users\Nico\AppData\Local\Temp\ICReinstall_ICReinstall_ICReinstall_Alcohol120_trial_2.0.2.3931.exe C:\Users\Nico\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe C:\Users\Nico\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Nico\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Nico\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Nico\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Nico\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Nico\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Nico\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Nico\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Nico\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Nico\AppData\Local\Temp\MybabylonTB.exe C:\Users\Nico\AppData\Local\Temp\plus-hd-2-6.exe C:\Users\Nico\AppData\Local\Temp\propsys.dll C:\Users\Nico\AppData\Local\Temp\ShellLink.dll C:\Users\Nico\AppData\Local\Temp\ShellLink0.dll C:\Users\Nico\AppData\Local\Temp\siinst.exe C:\Users\Nico\AppData\Local\Temp\silent_pricora_DE.exe C:\Users\Nico\AppData\Local\Temp\SIntf16.dll C:\Users\Nico\AppData\Local\Temp\SIntf32.dll C:\Users\Nico\AppData\Local\Temp\SIntfNT.dll C:\Users\Nico\AppData\Local\Temp\SkypeSetup.exe C:\Users\Nico\AppData\Local\Temp\strings.dll C:\Users\Nico\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Nico\AppData\Local\Temp\tbXfi2.dll C:\Users\Nico\AppData\Local\Temp\The Battle for Middle-earth_uninst.exe C:\Users\Nico\AppData\Local\Temp\tmp12E4.exe C:\Users\Nico\AppData\Local\Temp\tmp1F14.exe C:\Users\Nico\AppData\Local\Temp\tmp7454.exe C:\Users\Nico\AppData\Local\Temp\tmp8803.exe C:\Users\Nico\AppData\Local\Temp\tmp8AF0.exe C:\Users\Nico\AppData\Local\Temp\tmpBB43.exe C:\Users\Nico\AppData\Local\Temp\tmpBC3D.exe C:\Users\Nico\AppData\Local\Temp\tmpDB9E.exe C:\Users\Nico\AppData\Local\Temp\uninst1.exe C:\Users\Nico\AppData\Local\Temp\war3_Install.exe C:\Users\Nico\AppData\Local\Temp\WSSetup.exe C:\Users\Nico\AppData\Local\Temp\_5C33.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2014-04-06 12:03:13 Restore point made on: 2014-04-07 14:19:07 Restore point made on: 2014-04-08 16:33:41 Restore point made on: 2014-04-15 16:58:54 Restore point made on: 2014-04-17 14:43:44 Restore point made on: 2014-04-22 14:21:24 Restore point made on: 2014-05-01 10:13:21 Restore point made on: 2014-05-06 16:29:45 ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8191.3 MB Available physical RAM: 7447.21 MB Total Pagefile: 8189.5 MB Available Pagefile: 7444.89 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:151.6 GB) (Free:57.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (GameZ) (Fixed) (Total:146.48 GB) (Free:98.9 GB) NTFS Drive f: (INTENSO) (Removable) (Total:7.46 GB) (Free:6.1 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 00000001) Partition 1: (Active) - (Size=152 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7 GB) (Disk ID: 00000000) Partition: GPT Partition Type. LastRegBack: 2014-04-29 10:31 ==================== End Of Log ============================ |
:hallo: Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Ich bedanke mich für deine Geduld :) |
Ich bedanke mich jetzt schon mal mit dieser schnellen Antwort :) |
Hallo Spartan123 und :hallo: Ich werde dir bei der Bereinigung des Computers helfen.
Schritt 1 Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code: Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sfqb2zj.lnk
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Starte deinen Computer nach dem vorherigen Schritt neu. Wenn der Computer nun wieder geht, mache so weiter: Schritt 2 Verschiebe FRST vom USB-Stick auf den Desktop.
|
Also ich habe es mal mit Rescue versucht, aber ohne Erfolg, also ich glaube das ich meinen Pc platt mache und alles neu mache. Ich hoffe jetzt aber nicht das ich eure Zeit verschwendet. Aber vielen lieben Dank für eure Hilfe!!! :) |
Du musst nur meiner Anlteitung folgen. |
Hallo, benötigst Du noch weiterhin Hilfe? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 16:55 Uhr. |
Copyright ©2000-2025, Trojaner-Board