Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner eingefangen (https://www.trojaner-board.de/138124-gvu-trojaner-eingefangen.html)

wildwildwest 12.07.2013 17:29
GVU Trojaner eingefangen
 
Hallo @ll

huet vor ca 30 min habe ich mir auch , das erste mal den GUV Tr angehandelt :headbang:

Wie erkenne ich welche Version ( im Thema steht von 2.12 ) ??

Und soll ich das mit Kaspersky RCD starten oder hat kein sinn ??ß

Sonst muss ich meine Windoof CD suchen ;)

Danke

schrauber 12.07.2013 17:37
HI,

welches Betriebssystem?

wildwildwest 12.07.2013 18:18
System: Windoof 7

Hier ist der Log:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013 01
Ran by SYSTEM on 12-07-2013 19:01:12
Running from G:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SunJavaUpdateSched] - "c:\Program Files\Java\jre6\bin\jusched.exe" [170496 2012-07-16] (Sun Microsystems, Inc.)
HKLM\...\Run: [MouseDriver] - TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [688128 2011-07-06] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWBMOUSE] - C:\Program Files (x86)\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe [429568 2001-03-26] ()
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\MARS\...\Run: [EADM] - "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3456080 2013-06-15] (Electronic Arts)
HKU\MARS\...\Run: [icq] - C:\Users\MARS\AppData\Roaming\ICQM\icq.exe -CU [26599784 2013-01-31] (ICQ)
HKU\MARS\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\MARS\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\MARS\AppData\Local\Temp\gpyrleuucudrcwyuw.exe [46080 2013-07-12] (NVIDIA Corporation) <===== ATTENTION
HKU\MARS\...\Winlogon: [Shell] cmd.exe [345088 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\MARS\...\Command Processor: "C:\Users\MARS\AppData\Local\Temp\gpyrleuucudrcwyuw.exe" <===== ATTENTION!
AppInit_DLLs:    [0 ] ()
AppInit_DLLs-x32:    [0 ] ()
Startup: C:\Users\MARS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137256 2013-05-23] ()
S2 MSSQL$JTLWAWI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-16] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [58088 2013-05-23] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [58088 2013-05-23] (Advanced Micro Devices)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-18] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130711.001\IDSvia64.sys [513184 2013-05-24] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130711.001\IDSvia64.sys [513184 2013-05-24] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130712.003\ENG64.SYS [126040 2013-05-27] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130712.003\ENG64.SYS [126040 2013-05-27] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130712.003\EX64.SYS [2098776 2013-05-27] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130712.003\EX64.SYS [2098776 2013-05-27] (Symantec Corporation)
S2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-12 19:01 - 2013-07-12 19:01 - 00000000 ____D C:\FRST
2013-07-12 18:43 - 2013-07-12 19:01 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-07-12 15:28 - 2013-07-12 15:28 - 00163045 _____ C:\ProgramData\2433f433
2013-07-12 15:28 - 2013-07-12 15:28 - 00163009 _____ C:\Users\MARS\AppData\Roaming\2433f433
2013-07-12 15:28 - 2013-07-12 15:28 - 00162990 _____ C:\Users\MARS\AppData\Local\2433f433
2013-07-12 12:29 - 2013-07-12 12:29 - 00051666 _____ C:\Users\MARS\Downloads\Idealo.csv
2013-07-12 12:29 - 2013-07-12 12:29 - 00000000 ____D C:\Users\MARS\AppData\Roaming\IsolatedStorage
2013-07-12 12:29 - 2013-07-12 12:29 - 00000000 ____D C:\Users\MARS\AppData\Local\_
2013-07-12 12:29 - 2013-07-12 12:29 - 00000000 ____D C:\ProgramData\IsolatedStorage
2013-07-09 09:13 - 2013-07-09 09:13 - 00002067 _____ C:\Users\Public\Desktop\AMD OverDrive.lnk
2013-07-09 09:10 - 2013-07-09 09:11 - 31829816 _____ (Advanced Micro Devices, Inc.                                ) C:\Users\MARS\Downloads\aod_setup_4.2.6.exe
2013-07-08 16:49 - 2013-07-08 16:49 - 02143832 _____ C:\Users\MARS\Downloads\instsf449(1).exe
2013-07-08 16:40 - 2013-07-09 09:41 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-07-08 16:40 - 2013-07-08 16:40 - 00001007 _____ C:\Users\MARS\Desktop\SpeedFan.lnk
2013-07-08 16:40 - 2013-07-08 16:40 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2013-07-08 16:39 - 2013-07-08 16:39 - 02143832 _____ C:\Users\MARS\Downloads\instsf449.exe
2013-07-08 11:05 - 2013-07-08 11:12 - 00000000 ____D C:\Users\MARS\Desktop\E2_HD_settings_2x1_richter_030713
2013-07-08 11:05 - 2013-07-08 11:05 - 00201522 _____ C:\Users\MARS\Downloads\E2_HD_settings_11x1_richter_030713.zip
2013-07-08 11:04 - 2013-07-08 11:04 - 00098233 _____ C:\Users\MARS\Downloads\E2_HD_settings_2x1_richter_030713.zip
2013-07-08 10:45 - 2013-07-08 10:45 - 13081608 _____ (Microsoft Corporation) C:\Users\MARS\Downloads\Silverlight_x64(3).exe
2013-07-08 10:16 - 2013-07-08 10:16 - 05556306 _____ (Jared Breland                                              ) C:\Users\MARS\Downloads\uniextract161.exe
2013-07-08 10:16 - 2013-07-08 10:16 - 00000000 ____D C:\Program Files (x86)\Universal Extractor
2013-07-03 14:26 - 2013-07-03 14:26 - 00019109 _____ C:\Users\MARS\Desktop\channels_list.xlsx
2013-07-03 12:53 - 2013-07-03 12:54 - 61211632 _____ C:\Users\MARS\Downloads\dreambox-image-dm800se-20130619.nfi
2013-07-03 10:04 - 2013-07-03 10:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 15:49 - 2013-06-01 14:05 - 103720384 _____ C:\Users\MARS\Downloads\newnigma2-unstable-dm8000-01_06_2013.nfi
2013-07-02 15:42 - 2013-07-02 16:10 - 00000000 ____D C:\Users\MARS\Desktop\slawek
2013-06-27 10:16 - 2013-06-27 10:16 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security CBE
2013-06-27 10:10 - 2013-06-27 10:10 - 00003242 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-06-27 09:17 - 2013-06-27 09:18 - 00000000 ____D C:\Users\MARS\Documents\2012 Steuern REs
2013-06-26 09:14 - 2013-06-26 09:13 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-26 09:13 - 2013-06-26 09:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-25 17:06 - 2013-06-25 17:06 - 00000000 ____D C:\Users\MARS\Desktop\gucio
2013-06-25 16:21 - 2013-06-25 16:21 - 02379444 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.4.0_all.ipk
2013-06-21 10:32 - 2013-06-21 10:33 - 00000000 ____D C:\Users\MARS\Desktop\MP 1.6
2013-06-21 10:14 - 2013-06-21 10:14 - 02214432 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.3.0_all(2).ipk
2013-06-18 13:06 - 2013-06-18 13:06 - 00000165 ____H C:\Users\MARS\Desktop\~$Reparatur-Auftrag_210313.xlsx
2013-06-18 13:01 - 2013-06-18 13:06 - 00000165 ____H C:\Users\MARS\Desktop\~$Reparatur-Auftrag 190313.xlsx
2013-06-17 10:58 - 2013-06-17 10:58 - 00000000 ____D C:\Users\MARS\Desktop\oscam
2013-06-15 14:53 - 2013-06-15 14:53 - 03820480 _____ C:\Users\MARS\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-15 10:29 - 2013-06-15 10:29 - 16959688 _____ (Electronic Arts, Inc.) C:\Users\MARS\Downloads\OriginThinSetup(1).exe
2013-06-12 12:53 - 2013-07-05 13:32 - 00000000 ____D C:\Users\MARS\AppData\Local\CrashDumps

==================== One Month Modified Files and Folders =======

2013-07-12 19:01 - 2013-07-12 19:01 - 00000000 ____D C:\FRST
2013-07-12 19:01 - 2013-07-12 18:43 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-07-12 17:51 - 2013-02-18 10:07 - 00010673 _____ C:\Windows\setupact.log
2013-07-12 17:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-12 17:40 - 2012-07-16 16:14 - 01921985 _____ C:\Windows\WindowsUpdate.log
2013-07-12 17:16 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-12 17:16 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-12 17:13 - 2012-07-17 09:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-12 15:28 - 2013-07-12 15:28 - 00163045 _____ C:\ProgramData\2433f433
2013-07-12 15:28 - 2013-07-12 15:28 - 00163009 _____ C:\Users\MARS\AppData\Roaming\2433f433
2013-07-12 15:28 - 2013-07-12 15:28 - 00162990 _____ C:\Users\MARS\AppData\Local\2433f433
2013-07-12 15:22 - 2012-07-16 17:43 - 00000000 ____D C:\Users\MARS\Documents\Outlook-Dateien
2013-07-12 15:09 - 2012-07-16 18:36 - 00000000 ____D C:\Users\MARS\AppData\Roaming\Skype
2013-07-12 12:29 - 2013-07-12 12:29 - 00051666 _____ C:\Users\MARS\Downloads\Idealo.csv
2013-07-12 12:29 - 2013-07-12 12:29 - 00000000 ____D C:\Users\MARS\AppData\Roaming\IsolatedStorage
2013-07-12 12:29 - 2013-07-12 12:29 - 00000000 ____D C:\Users\MARS\AppData\Local\_
2013-07-12 12:29 - 2013-07-12 12:29 - 00000000 ____D C:\ProgramData\IsolatedStorage
2013-07-12 12:28 - 2013-07-12 12:28 - 18741360 _____ (Solvusoft Corporation                                      ) C:\Users\MARS\Downloads\FileViewPro_2013.exe
2013-07-12 12:16 - 2013-07-12 12:16 - 00051666 _____ C:\Users\MARS\Downloads\Idealo.txt.csv
2013-07-12 11:27 - 2012-07-16 16:18 - 00000000 ____D C:\users\MARS
2013-07-12 11:26 - 2012-09-13 11:58 - 00000121 _____ C:\Users\Public\LMDebug.log
2013-07-11 14:50 - 2012-07-16 19:49 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-11 14:50 - 2012-07-16 19:26 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-11 14:46 - 2012-07-16 19:26 - 00281520 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-11 11:39 - 2013-07-11 11:39 - 00016381 _____ C:\Users\MARS\Desktop\Reparatur-10.07.13.xlsx
2013-07-11 11:23 - 2012-07-16 16:46 - 00000000 ____D C:\ProgramData\Lexware
2013-07-11 10:25 - 2013-07-11 10:25 - 17938198 _____ C:\Users\MARS\Desktop\MaaxTV Poster TR A5-01.tif
2013-07-11 10:19 - 2013-07-11 10:19 - 17939216 _____ C:\Users\MARS\Desktop\MaaxTV Poster AR A5-01.tif
2013-07-11 09:08 - 2013-03-11 10:02 - 00014408 _____ C:\Windows\PFRO.log
2013-07-11 09:08 - 2012-07-16 17:49 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-10 18:38 - 2012-07-17 09:25 - 00000000 ____D C:\Users\MARS\AppData\Local\Adobe
2013-07-10 13:26 - 2011-04-12 08:43 - 00714408 _____ C:\Windows\System32\perfh007.dat
2013-07-10 13:26 - 2011-04-12 08:43 - 00154276 _____ C:\Windows\System32\perfc007.dat
2013-07-10 13:26 - 2009-07-14 06:13 - 01654424 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-09 09:41 - 2013-07-08 16:40 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-07-09 09:13 - 2013-07-09 09:13 - 00002067 _____ C:\Users\Public\Desktop\AMD OverDrive.lnk
2013-07-09 09:11 - 2013-07-09 09:10 - 31829816 _____ (Advanced Micro Devices, Inc.                                ) C:\Users\MARS\Downloads\aod_setup_4.2.6.exe
2013-07-09 09:11 - 2012-09-14 10:10 - 00000000 ____D C:\Users\MARS\AppData\Local\Downloaded Installations
2013-07-08 16:49 - 2013-07-08 16:49 - 02143832 _____ C:\Users\MARS\Downloads\instsf449(1).exe
2013-07-08 16:40 - 2013-07-08 16:40 - 00001007 _____ C:\Users\MARS\Desktop\SpeedFan.lnk
2013-07-08 16:40 - 2013-07-08 16:40 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2013-07-08 16:39 - 2013-07-08 16:39 - 02143832 _____ C:\Users\MARS\Downloads\instsf449.exe
2013-07-08 12:05 - 2013-02-14 11:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-08 12:05 - 2013-02-14 11:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-08 11:12 - 2013-07-08 11:05 - 00000000 ____D C:\Users\MARS\Desktop\E2_HD_settings_2x1_richter_030713
2013-07-08 11:08 - 2013-01-19 10:41 - 00000000 ____D C:\Users\MARS\Desktop\N Box - BSLA BSKA
2013-07-08 11:05 - 2013-07-08 11:05 - 00201522 _____ C:\Users\MARS\Downloads\E2_HD_settings_11x1_richter_030713.zip
2013-07-08 11:04 - 2013-07-08 11:04 - 00098233 _____ C:\Users\MARS\Downloads\E2_HD_settings_2x1_richter_030713.zip
2013-07-08 10:45 - 2013-07-08 10:45 - 13081608 _____ (Microsoft Corporation) C:\Users\MARS\Downloads\Silverlight_x64(3).exe
2013-07-08 10:16 - 2013-07-08 10:16 - 05556306 _____ (Jared Breland                                              ) C:\Users\MARS\Downloads\uniextract161.exe
2013-07-08 10:16 - 2013-07-08 10:16 - 00000000 ____D C:\Program Files (x86)\Universal Extractor
2013-07-08 09:12 - 2012-07-16 16:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-06 14:04 - 2013-03-25 17:37 - 00000000 ____D C:\Users\MARS\Documents\bar-re-SW
2013-07-06 14:03 - 2012-09-22 10:57 - 00000000 ___SD C:\Users\MARS\Documents\Meine Websites
2013-07-05 13:32 - 2013-06-12 12:53 - 00000000 ____D C:\Users\MARS\AppData\Local\CrashDumps
2013-07-03 14:26 - 2013-07-03 14:26 - 00019109 _____ C:\Users\MARS\Desktop\channels_list.xlsx
2013-07-03 12:54 - 2013-07-03 12:53 - 61211632 _____ C:\Users\MARS\Downloads\dreambox-image-dm800se-20130619.nfi
2013-07-03 10:04 - 2013-07-03 10:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 16:10 - 2013-07-02 15:42 - 00000000 ____D C:\Users\MARS\Desktop\slawek
2013-07-02 15:38 - 2013-05-31 12:59 - 00000000 ____D C:\Users\MARS\Desktop\E2_HD_settings_st_richter_300513
2013-07-02 10:50 - 2013-02-18 10:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-02 10:50 - 2012-07-16 18:35 - 00000000 ____D C:\ProgramData\Skype
2013-06-27 10:16 - 2013-06-27 10:16 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security CBE
2013-06-27 10:11 - 2013-05-27 09:23 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-06-27 10:10 - 2013-06-27 10:10 - 00003242 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-06-27 10:10 - 2013-05-27 09:24 - 00002545 _____ C:\Users\Public\Desktop\Norton Internet Security CBE.lnk
2013-06-27 09:18 - 2013-06-27 09:17 - 00000000 ____D C:\Users\MARS\Documents\2012 Steuern REs
2013-06-26 09:13 - 2013-06-26 09:14 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-26 09:13 - 2013-06-26 09:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-26 09:13 - 2013-04-19 11:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-26 09:13 - 2013-04-19 11:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-26 09:13 - 2012-07-19 14:35 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-26 09:13 - 2012-07-19 14:35 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-26 09:13 - 2012-07-16 16:44 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-25 17:06 - 2013-06-25 17:06 - 00000000 ____D C:\Users\MARS\Desktop\gucio
2013-06-25 16:33 - 2013-05-14 15:18 - 00000000 ____D C:\Users\MARS\Desktop\MyPremiumEntertainment
2013-06-25 16:21 - 2013-06-25 16:21 - 02379444 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.4.0_all.ipk
2013-06-21 10:49 - 2012-08-01 13:34 - 00000000 ____D C:\Users\MARS\Desktop\DM Zahlung
2013-06-21 10:33 - 2013-06-21 10:32 - 00000000 ____D C:\Users\MARS\Desktop\MP 1.6
2013-06-21 10:14 - 2013-06-21 10:14 - 02214432 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.3.0_all(2).ipk
2013-06-19 16:16 - 2013-05-27 09:24 - 00177312 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-06-19 16:16 - 2013-05-27 09:24 - 00007631 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-06-18 13:06 - 2013-06-18 13:06 - 00000165 ____H C:\Users\MARS\Desktop\~$Reparatur-Auftrag_210313.xlsx
2013-06-18 13:06 - 2013-06-18 13:01 - 00000165 ____H C:\Users\MARS\Desktop\~$Reparatur-Auftrag 190313.xlsx
2013-06-17 10:58 - 2013-06-17 10:58 - 00000000 ____D C:\Users\MARS\Desktop\oscam
2013-06-15 14:54 - 2012-07-16 19:29 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-15 14:53 - 2013-06-15 14:53 - 03820480 _____ C:\Users\MARS\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-15 10:32 - 2012-07-16 17:51 - 00000000 ____D C:\Users\MARS\AppData\Local\Origin
2013-06-15 10:32 - 2012-07-16 17:51 - 00000000 ____D C:\ProgramData\Origin
2013-06-15 10:32 - 2012-07-16 17:50 - 00000000 ____D C:\Users\MARS\AppData\Roaming\Origin
2013-06-15 10:29 - 2013-06-15 10:29 - 16959688 _____ (Electronic Arts, Inc.) C:\Users\MARS\Downloads\OriginThinSetup(1).exe
2013-06-13 09:22 - 2013-06-07 11:04 - 00000000 ____D C:\Users\MARS\Desktop\Newsletter
2013-06-12 10:13 - 2012-07-17 09:36 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 10:13 - 2012-07-17 09:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 10:13 - 2012-07-17 09:36 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-11 13:16:52
Restore point made on: 2013-06-26 09:12:20
Restore point made on: 2013-07-09 09:12:03

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8191.3 MB
Available physical RAM: 7342.29 MB
Total Pagefile: 8189.5 MB
Available Pagefile: 7337.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:439.45 GB) (Free:337.52 GB) NTFS (Disk=0 Partition=2)
Drive e: () (Fixed) (Total:491.96 GB) (Free:491.21 GB) NTFS (Disk=0 Partition=3)
Drive f: (Madmax7641011) (CDROM) (Total:3.52 GB) (Free:0 GB) UDF
Drive g: (RST) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E4D131CD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=439 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=492 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 2307640D)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-06-15 14:29

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---




Also was ich sehe ( hoffe ) und gehe davon aus das vollgende einträge verdächtigt sind

13-07-12 15:28 - 2013-07-12 15:28 - 00163045 _____ C:\ProgramData\2433f433
2013-07-12 15:28 - 2013-07-12 15:28 - 00163009 _____ C:\Users\MARS\AppData\Roaming\2433f433
2013-07-12 15:28 - 2013-07-12 15:28 - 00162990 _____ C:\Users\MARS\AppData\Local\2433f433

dann

HKU\MARS\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\MARS\AppData\Local\Temp\gpyrleuucudrcwyuw.exe [46080 2013-07-12] (NVIDIA Corporation) <===== ATTENTION

HKU\MARS\...\Command Processor: "C:\Users\MARS\AppData\Local\Temp\gpyrleuucudrcwyuw.exe" <===== ATTENTION!

schrauber 12.07.2013 20:46
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\MARS\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\MARS\AppData\Local\Temp\gpyrleuucudrcwyuw.exe [46080 2013-07-12] (NVIDIA Corporation) <===== ATTENTION
HKU\MARS\...\Winlogon: [Shell] cmd.exe [345088 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\MARS\...\Command Processor: "C:\Users\MARS\AppData\Local\Temp\gpyrleuucudrcwyuw.exe" <===== ATTENTION!
AppInit_DLLs:    [0 ] ()
AppInit_DLLs-x32:    [0 ] ()
2013-07-12 15:28 - 2013-07-12 15:28 - 00163045 _____ C:\ProgramData\2433f433
2013-07-12 15:28 - 2013-07-12 15:28 - 00163009 _____ C:\Users\MARS\AppData\Roaming\2433f433
2013-07-12 15:28 - 2013-07-12 15:28 - 00162990 _____ C:\Users\MARS\AppData\Local\2433f433
C:\Users\MARS\AppData\Local\Temp\gpyrleuucudrcwyuw.exe
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


neu booten, freuen :D

wildwildwest 13.07.2013 07:22
Danke, habe auch schon gestern gemacht nach Auswertung andere Beiträge ;)

Da beim Start CMD Fesnter sich öffnete und eine exe startete gehe ich ja davon aus dass die cmd und gpyrleuucudrcwyuw.exe ( die nichts mit NVIDIA zur tun hat ) die Täter sind ;)

Aber wie ich sehe da habe ich die hier übersehen

AppInit_DLLs: [0 ] ()
AppInit_DLLs-x32: [0 ] ()

Danke für die HILFE .

PS : Habe ja AV über die Nacht am laufen aber sollte man sonst noch was machen ?? :killpc:

schrauber 13.07.2013 10:23
Kontrollscans im normalen Modus:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


wildwildwest 13.07.2013 10:55
Hallo

anbei die Logs:
AdwCleaner Logfile:
Code:
# AdwCleaner v2.305 - Datei am 13/07/2013 um 11:41:42 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : MARS - MARS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MARS\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\MARS\AppData\Roaming\Mozilla\Firefox\Profiles\hgdg5jfp.default\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\MARS\AppData\Roaming\Mozilla\Firefox\Profiles\hgdg5jfp.default\extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\MARS\AppData\Roaming\Mozilla\Firefox\Profiles\hgdg5jfp.default\jetpack
Ordner Gelöscht : C:\Users\MARS\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\MARS\AppData\Roaming\yourfiledownloader

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\Software\iLividSRTB
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16447

Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={91D53F2E-E6BA-11E1-8A82-00252222B6C7} --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\MARS\AppData\Roaming\Mozilla\Firefox\Profiles\hgdg5jfp.default\prefs.js

C:\Users\MARS\AppData\Roaming\Mozilla\Firefox\Profiles\hgdg5jfp.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "SweetIM Search");

*************************

AdwCleaner[S1].txt - [5913 octets] - [13/07/2013 11:41:42]

########## EOF - C:\AdwCleaner[S1].txt - [5973 octets] ##########
--- --- ---


Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Ultimate x64
Ran by MARS on 13.07.2013 at 11:47:50,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\SMToolbar.cToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\SMToolbar.cToolbarHost
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\MARS\appdata\locallow\datamngr"



~~~ FireFox

Emptied folder: C:\Users\MARS\AppData\Roaming\mozilla\firefox\profiles\hgdg5jfp.default\minidumps [51 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.07.2013 at 11:52:09,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und hier der FRST Log


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013 01
Ran by MARS (administrator) on 13-07-2013 11:57:05
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oleg N. Scherbakov) C:\Users\MARS\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SunJavaUpdateSched] - "c:\Program Files\Java\jre6\bin\jusched.exe" [170496 2012-07-16] (Sun Microsystems, Inc.)
HKLM\...\Run: [MouseDriver] - TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKCU\...\Run: [EADM] - "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3456080 2013-06-15] (Electronic Arts)
HKCU\...\Run: [icq] - C:\Users\MARS\AppData\Roaming\ICQM\icq.exe -CU [26599784 2013-01-31] (ICQ)
HKCU\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Command Processor: "C:\Users\MARS\AppData\Local\Temp\gpyrleuucudrcwyuw.exe" <======= ATTENTION
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [688128 2011-07-06] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWBMOUSE] - C:\Program Files (x86)\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe [429568 2001-03-26] ()
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\Users\MARS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

==================== Internet (Whitelisted) ====================

ProxyServer: 94.200.77.244:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://onet.pl/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\MARS\AppData\Roaming\Mozilla\Firefox\Profiles\hgdg5jfp.default
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: multimediatec.de
FF NetworkProxy: "backup.ftp", "72.64.146.136"
FF NetworkProxy: "backup.ftp_port", 43
FF NetworkProxy: "backup.socks", "72.64.146.136"
FF NetworkProxy: "backup.socks_port", 43
FF NetworkProxy: "backup.ssl", "72.64.146.136"
FF NetworkProxy: "backup.ssl_port", 43
FF NetworkProxy: "ftp", "173.213.96.229"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "173.213.96.229"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "173.213.96.229"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "173.213.96.229"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\MARS\AppData\Roaming\Mozilla\Firefox\Profiles\hgdg5jfp.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137256 2013-05-24] ()
R2 MSSQL$JTLWAWI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-16] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [58088 2013-05-24] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [58088 2013-05-24] (Advanced Micro Devices)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-18] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130712.001\IDSvia64.sys [513184 2013-05-24] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130712.001\IDSvia64.sys [513184 2013-05-24] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130712.016\ENG64.SYS [126040 2013-05-27] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130712.016\ENG64.SYS [126040 2013-05-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130712.016\EX64.SYS [2098776 2013-05-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130712.016\EX64.SYS [2098776 2013-05-27] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-13 11:52 - 2013-07-13 11:52 - 00001513 _____ C:\Users\MARS\Desktop\JRT.txt
2013-07-13 11:47 - 2013-07-13 11:47 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 11:46 - 2013-07-13 11:46 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\MARS\Desktop\JRT.exe
2013-07-13 11:46 - 2013-07-13 11:46 - 00006026 _____ C:\Users\MARS\Desktop\AdwCleaner[S1].txt
2013-07-13 11:41 - 2013-07-13 11:41 - 00006026 _____ C:\AdwCleaner[S1].txt
2013-07-13 11:29 - 2013-07-13 11:29 - 00662345 _____ C:\Users\MARS\Desktop\adwcleaner.exe
2013-07-13 10:35 - 2013-07-13 10:35 - 02386912 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.5.0_all.ipk
2013-07-12 20:01 - 2013-07-12 20:01 - 00000000 ____D C:\FRST
2013-07-12 19:43 - 2013-07-12 20:01 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-07-12 13:29 - 2013-07-12 13:29 - 00051666 _____ C:\Users\MARS\Downloads\Idealo.csv
2013-07-12 13:29 - 2013-07-12 13:29 - 00000000 ____D C:\Users\MARS\AppData\Roaming\IsolatedStorage
2013-07-12 13:29 - 2013-07-12 13:29 - 00000000 ____D C:\Users\MARS\AppData\Local\_
2013-07-12 13:29 - 2013-07-12 13:29 - 00000000 ____D C:\ProgramData\IsolatedStorage
2013-07-12 13:28 - 2013-07-12 13:28 - 18741360 _____ (Solvusoft Corporation                                      ) C:\Users\MARS\Downloads\FileViewPro_2013.exe
2013-07-12 13:16 - 2013-07-12 13:16 - 00051666 _____ C:\Users\MARS\Downloads\Idealo.txt.csv
2013-07-11 12:39 - 2013-07-11 12:39 - 00016381 _____ C:\Users\MARS\Desktop\Reparatur-10.07.13.xlsx
2013-07-11 11:25 - 2013-07-11 11:25 - 17938198 _____ C:\Users\MARS\Desktop\MaaxTV Poster TR A5-01.tif
2013-07-11 11:19 - 2013-07-11 11:19 - 17939216 _____ C:\Users\MARS\Desktop\MaaxTV Poster AR A5-01.tif
2013-07-09 10:13 - 2013-07-09 10:13 - 00002067 _____ C:\Users\Public\Desktop\AMD OverDrive.lnk
2013-07-09 10:10 - 2013-07-09 10:11 - 31829816 _____ (Advanced Micro Devices, Inc.                                ) C:\Users\MARS\Downloads\aod_setup_4.2.6.exe
2013-07-08 17:49 - 2013-07-08 17:49 - 02143832 _____ C:\Users\MARS\Downloads\instsf449(1).exe
2013-07-08 17:40 - 2013-07-09 10:41 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-07-08 17:40 - 2013-07-08 17:40 - 00001007 _____ C:\Users\MARS\Desktop\SpeedFan.lnk
2013-07-08 17:40 - 2013-07-08 17:40 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2013-07-08 17:40 - 2013-07-08 17:40 - 00000000 ____D C:\Users\MARS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-07-08 17:39 - 2013-07-08 17:39 - 02143832 _____ C:\Users\MARS\Downloads\instsf449.exe
2013-07-08 12:05 - 2013-07-08 12:12 - 00000000 ____D C:\Users\MARS\Desktop\E2_HD_settings_2x1_richter_030713
2013-07-08 12:05 - 2013-07-08 12:05 - 00201522 _____ C:\Users\MARS\Downloads\E2_HD_settings_11x1_richter_030713.zip
2013-07-08 12:04 - 2013-07-08 12:04 - 00098233 _____ C:\Users\MARS\Downloads\E2_HD_settings_2x1_richter_030713.zip
2013-07-08 11:45 - 2013-07-08 11:45 - 13081608 _____ (Microsoft Corporation) C:\Users\MARS\Downloads\Silverlight_x64(3).exe
2013-07-08 11:16 - 2013-07-08 11:16 - 05556306 _____ (Jared Breland                                              ) C:\Users\MARS\Downloads\uniextract161.exe
2013-07-08 11:16 - 2013-07-08 11:16 - 00000000 ____D C:\Program Files (x86)\Universal Extractor
2013-07-03 15:26 - 2013-07-03 15:26 - 00019109 _____ C:\Users\MARS\Desktop\channels_list.xlsx
2013-07-03 13:53 - 2013-07-03 13:54 - 61211632 _____ C:\Users\MARS\Downloads\dreambox-image-dm800se-20130619.nfi
2013-07-03 11:04 - 2013-07-03 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 16:49 - 2013-06-01 15:05 - 103720384 _____ C:\Users\MARS\Downloads\newnigma2-unstable-dm8000-01_06_2013.nfi
2013-07-02 16:42 - 2013-07-02 17:10 - 00000000 ____D C:\Users\MARS\Desktop\slawek
2013-06-27 11:16 - 2013-06-27 11:16 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security CBE
2013-06-27 11:10 - 2013-06-27 11:10 - 00003242 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-06-27 10:17 - 2013-06-27 10:18 - 00000000 ____D C:\Users\MARS\Documents\2012 Steuern REs
2013-06-26 10:14 - 2013-06-26 10:13 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-26 10:13 - 2013-06-26 10:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-25 18:06 - 2013-06-25 18:06 - 00000000 ____D C:\Users\MARS\Desktop\gucio
2013-06-25 17:21 - 2013-06-25 17:21 - 02379444 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.4.0_all.ipk
2013-06-21 11:32 - 2013-06-21 11:33 - 00000000 ____D C:\Users\MARS\Desktop\MP 1.6
2013-06-21 11:14 - 2013-06-21 11:14 - 02214432 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.3.0_all(2).ipk
2013-06-18 14:06 - 2013-06-18 14:06 - 00000165 ____H C:\Users\MARS\Desktop\~$Reparatur-Auftrag_210313.xlsx
2013-06-18 14:01 - 2013-06-18 14:06 - 00000165 ____H C:\Users\MARS\Desktop\~$Reparatur-Auftrag 190313.xlsx
2013-06-17 11:58 - 2013-06-17 11:58 - 00000000 ____D C:\Users\MARS\Desktop\oscam
2013-06-15 15:53 - 2013-06-15 15:53 - 03820480 _____ C:\Users\MARS\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-15 11:29 - 2013-06-15 11:29 - 16959688 _____ (Electronic Arts, Inc.) C:\Users\MARS\Downloads\OriginThinSetup(1).exe

==================== One Month Modified Files and Folders =======

2013-07-13 11:56 - 2013-06-12 13:53 - 00000000 ____D C:\Users\MARS\AppData\Local\CrashDumps
2013-07-13 11:56 - 2012-07-16 19:36 - 00000000 ____D C:\Users\MARS\AppData\Roaming\Skype
2013-07-13 11:52 - 2013-07-13 11:52 - 00001513 _____ C:\Users\MARS\Desktop\JRT.txt
2013-07-13 11:50 - 2009-07-14 06:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 11:50 - 2009-07-14 06:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 11:47 - 2013-07-13 11:47 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 11:46 - 2013-07-13 11:46 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\MARS\Desktop\JRT.exe
2013-07-13 11:46 - 2013-07-13 11:46 - 00006026 _____ C:\Users\MARS\Desktop\AdwCleaner[S1].txt
2013-07-13 11:46 - 2012-07-16 17:14 - 01982767 ____N C:\Windows\WindowsUpdate.log
2013-07-13 11:43 - 2012-07-16 18:49 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-13 11:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 11:41 - 2013-07-13 11:41 - 00006026 _____ C:\AdwCleaner[S1].txt
2013-07-13 11:41 - 2012-07-16 18:43 - 00000000 ____D C:\Users\MARS\Documents\Outlook-Dateien
2013-07-13 11:41 - 2012-07-16 17:46 - 00000000 ____D C:\ProgramData\Lexware
2013-07-13 11:39 - 2013-03-25 18:37 - 00000000 ____D C:\Users\MARS\Documents\bar-re-SW
2013-07-13 11:38 - 2012-07-16 17:18 - 00000000 ____D C:\Users\MARS
2013-07-13 11:37 - 2012-09-13 12:58 - 00000121 _____ C:\Users\Public\LMDebug.log
2013-07-13 11:29 - 2013-07-13 11:29 - 00662345 _____ C:\Users\MARS\Desktop\adwcleaner.exe
2013-07-13 11:13 - 2012-07-17 10:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 10:35 - 2013-07-13 10:35 - 02386912 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.5.0_all.ipk
2013-07-12 20:01 - 2013-07-12 20:01 - 00000000 ____D C:\FRST
2013-07-12 20:01 - 2013-07-12 19:43 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-07-12 19:36 - 2011-04-12 09:43 - 00714408 _____ C:\Windows\system32\perfh007.dat
2013-07-12 19:36 - 2011-04-12 09:43 - 00154276 _____ C:\Windows\system32\perfc007.dat
2013-07-12 19:36 - 2009-07-14 07:13 - 01654424 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 13:29 - 2013-07-12 13:29 - 00051666 _____ C:\Users\MARS\Downloads\Idealo.csv
2013-07-12 13:29 - 2013-07-12 13:29 - 00000000 ____D C:\Users\MARS\AppData\Roaming\IsolatedStorage
2013-07-12 13:29 - 2013-07-12 13:29 - 00000000 ____D C:\Users\MARS\AppData\Local\_
2013-07-12 13:29 - 2013-07-12 13:29 - 00000000 ____D C:\ProgramData\IsolatedStorage
2013-07-12 13:28 - 2013-07-12 13:28 - 18741360 _____ (Solvusoft Corporation                                      ) C:\Users\MARS\Downloads\FileViewPro_2013.exe
2013-07-12 13:16 - 2013-07-12 13:16 - 00051666 _____ C:\Users\MARS\Downloads\Idealo.txt.csv
2013-07-11 15:50 - 2012-07-16 20:49 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-11 15:50 - 2012-07-16 20:26 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-11 15:46 - 2012-07-16 20:26 - 00281520 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-11 12:39 - 2013-07-11 12:39 - 00016381 _____ C:\Users\MARS\Desktop\Reparatur-10.07.13.xlsx
2013-07-11 11:25 - 2013-07-11 11:25 - 17938198 _____ C:\Users\MARS\Desktop\MaaxTV Poster TR A5-01.tif
2013-07-11 11:19 - 2013-07-11 11:19 - 17939216 _____ C:\Users\MARS\Desktop\MaaxTV Poster AR A5-01.tif
2013-07-10 19:38 - 2012-07-17 10:25 - 00000000 ____D C:\Users\MARS\AppData\Local\Adobe
2013-07-09 10:41 - 2013-07-08 17:40 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-07-09 10:13 - 2013-07-09 10:13 - 00002067 _____ C:\Users\Public\Desktop\AMD OverDrive.lnk
2013-07-09 10:11 - 2013-07-09 10:10 - 31829816 _____ (Advanced Micro Devices, Inc.                                ) C:\Users\MARS\Downloads\aod_setup_4.2.6.exe
2013-07-09 10:11 - 2012-09-14 11:10 - 00000000 ____D C:\Users\MARS\AppData\Local\Downloaded Installations
2013-07-08 17:49 - 2013-07-08 17:49 - 02143832 _____ C:\Users\MARS\Downloads\instsf449(1).exe
2013-07-08 17:40 - 2013-07-08 17:40 - 00001007 _____ C:\Users\MARS\Desktop\SpeedFan.lnk
2013-07-08 17:40 - 2013-07-08 17:40 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2013-07-08 17:40 - 2013-07-08 17:40 - 00000000 ____D C:\Users\MARS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-07-08 17:39 - 2013-07-08 17:39 - 02143832 _____ C:\Users\MARS\Downloads\instsf449.exe
2013-07-08 13:05 - 2013-02-14 12:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-08 13:05 - 2013-02-14 12:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-08 12:12 - 2013-07-08 12:05 - 00000000 ____D C:\Users\MARS\Desktop\E2_HD_settings_2x1_richter_030713
2013-07-08 12:08 - 2013-01-19 11:41 - 00000000 ____D C:\Users\MARS\Desktop\N Box - BSLA BSKA
2013-07-08 12:05 - 2013-07-08 12:05 - 00201522 _____ C:\Users\MARS\Downloads\E2_HD_settings_11x1_richter_030713.zip
2013-07-08 12:04 - 2013-07-08 12:04 - 00098233 _____ C:\Users\MARS\Downloads\E2_HD_settings_2x1_richter_030713.zip
2013-07-08 11:45 - 2013-07-08 11:45 - 13081608 _____ (Microsoft Corporation) C:\Users\MARS\Downloads\Silverlight_x64(3).exe
2013-07-08 11:16 - 2013-07-08 11:16 - 05556306 _____ (Jared Breland                                              ) C:\Users\MARS\Downloads\uniextract161.exe
2013-07-08 11:16 - 2013-07-08 11:16 - 00000000 ____D C:\Program Files (x86)\Universal Extractor
2013-07-08 10:12 - 2012-07-16 17:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-06 15:03 - 2012-09-22 11:57 - 00000000 ___SD C:\Users\MARS\Documents\Meine Websites
2013-07-03 15:26 - 2013-07-03 15:26 - 00019109 _____ C:\Users\MARS\Desktop\channels_list.xlsx
2013-07-03 13:54 - 2013-07-03 13:53 - 61211632 _____ C:\Users\MARS\Downloads\dreambox-image-dm800se-20130619.nfi
2013-07-03 11:04 - 2013-07-03 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 17:10 - 2013-07-02 16:42 - 00000000 ____D C:\Users\MARS\Desktop\slawek
2013-07-02 16:38 - 2013-05-31 13:59 - 00000000 ____D C:\Users\MARS\Desktop\E2_HD_settings_st_richter_300513
2013-07-02 11:50 - 2013-02-18 11:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-02 11:50 - 2012-07-16 19:35 - 00000000 ____D C:\ProgramData\Skype
2013-06-27 11:16 - 2013-06-27 11:16 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security CBE
2013-06-27 11:11 - 2013-05-27 10:23 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-06-27 11:10 - 2013-06-27 11:10 - 00003242 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-06-27 11:10 - 2013-05-27 10:24 - 00002545 _____ C:\Users\Public\Desktop\Norton Internet Security CBE.lnk
2013-06-27 10:18 - 2013-06-27 10:17 - 00000000 ____D C:\Users\MARS\Documents\2012 Steuern REs
2013-06-26 10:13 - 2013-06-26 10:14 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-26 10:13 - 2013-06-26 10:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-26 10:13 - 2013-04-19 12:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-26 10:13 - 2013-04-19 12:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-26 10:13 - 2012-07-19 15:35 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-26 10:13 - 2012-07-19 15:35 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-26 10:13 - 2012-07-16 17:44 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-25 18:06 - 2013-06-25 18:06 - 00000000 ____D C:\Users\MARS\Desktop\gucio
2013-06-25 17:33 - 2013-05-14 16:18 - 00000000 ____D C:\Users\MARS\Desktop\MyPremiumEntertainment
2013-06-25 17:21 - 2013-06-25 17:21 - 02379444 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.4.0_all.ipk
2013-06-21 11:49 - 2012-08-01 14:34 - 00000000 ____D C:\Users\MARS\Desktop\DM Zahlung
2013-06-21 11:33 - 2013-06-21 11:32 - 00000000 ____D C:\Users\MARS\Desktop\MP 1.6
2013-06-21 11:14 - 2013-06-21 11:14 - 02214432 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.3.0_all(2).ipk
2013-06-19 17:16 - 2013-05-27 10:24 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-06-19 17:16 - 2013-05-27 10:24 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-06-18 14:06 - 2013-06-18 14:06 - 00000165 ____H C:\Users\MARS\Desktop\~$Reparatur-Auftrag_210313.xlsx
2013-06-18 14:06 - 2013-06-18 14:01 - 00000165 ____H C:\Users\MARS\Desktop\~$Reparatur-Auftrag 190313.xlsx
2013-06-17 11:58 - 2013-06-17 11:58 - 00000000 ____D C:\Users\MARS\Desktop\oscam
2013-06-15 15:54 - 2012-07-16 20:29 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-15 15:53 - 2013-06-15 15:53 - 03820480 _____ C:\Users\MARS\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-15 11:32 - 2012-07-16 18:51 - 00000000 ____D C:\Users\MARS\AppData\Local\Origin
2013-06-15 11:32 - 2012-07-16 18:51 - 00000000 ____D C:\ProgramData\Origin
2013-06-15 11:32 - 2012-07-16 18:50 - 00000000 ____D C:\Users\MARS\AppData\Roaming\Origin
2013-06-15 11:29 - 2013-06-15 11:29 - 16959688 _____ (Electronic Arts, Inc.) C:\Users\MARS\Downloads\OriginThinSetup(1).exe
2013-06-13 10:22 - 2013-06-07 12:04 - 00000000 ____D C:\Users\MARS\Desktop\Newsletter

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 00:19

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 13.07.2013 12:22

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:16 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129