Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner auf Laptop Keine Lösung

GVU Trojaner auf Laptop Keine Lösung


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner auf Laptop Keine Lösung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 19.06.2013, 11:12   #1
Greaser69
 
GVU Trojaner auf Laptop Keine Lösung - Standard

GVU Trojaner auf Laptop Keine Lösung


Habe mir heute morgen den GVU Trojaner eingefangen.
Laptop mit Window Vista
Habe Avira Rescue Disc und Kaspery Disc versucht, aber das CD Laufwerk nimmt sie nicht an zum booten.
Hitman Pro Kickstart auf dem USB kommt nach dem versuchten Bypass MBR Read / Failed to boot
Funktioniert auch nicht.
Was nun?
Bin ziemlicher Laie....

Alt 19.06.2013, 11:16   #2
schrauber
/// the machine
/// TB-Ausbilder
 
GVU Trojaner auf Laptop Keine Lösung - Standard

GVU Trojaner auf Laptop Keine Lösung


Hi,
[indent]
Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).
__________________

__________________
Alt 19.06.2013, 11:43   #3
Greaser69
 
GVU Trojaner auf Laptop Keine Lösung - Standard

GVU Trojaner auf Laptop Keine Lösung



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by SYSTEM on 19-06-2013 12:38:50
Running from H:\
Windows Vista (TM) Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [509496 2007-04-03] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [90112 2006-11-10] ()
HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [204800 2007-07-27] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2007-10-29] (Toshiba Europe GmbH)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s [958352 2011-08-22] (Samsung)
HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3507088 2011-08-22] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe [593784 2012-10-25] (BlueStack Systems, Inc.)
HKLM\...\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [5178664 2012-02-28] (Nero AG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\NeroMediaHomeUser.4\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Sascha\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Sascha\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Sascha\...\Run: [Center Agent] C:\Program Files\X-TENSIONS Multimedia\HyperMediaCenter\DTVR\Scheduled.exe [ 2008-01-10] ()
HKU\Sascha\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Sascha\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2011-08-22] ()
HKU\Sascha\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Sascha\...\Run: [Messenger (Yahoo!)] "D:\\Messenger\YahooMessenger.exe" -quiet [x]
HKU\Sascha\...\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [ 2012-02-28] (Nero AG)
HKU\Sascha\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Sascha\AppData\Local\Temp\Wr5CHk6.exe [ 2013-06-19] (Mozilla Foundation)
HKU\Sascha\...\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"hxxp://www.dreimausklicks.de/taskloader.php?mode=pupil&sequence=15720&userID=40769&userName=Joanne&type=0" [x]
HKU\Sascha\...\Winlogon: [Shell] cmd.exe [ 2008-01-19] (Microsoft Corporation) <==== ATTENTION 
HKU\Sascha\...\Command Processor: "C:\Users\Sascha\AppData\Local\Temp\Wr5CHk6.exe" <===== ATTENTION!
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

========================== Services (Whitelisted) =================

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393080 2012-10-25] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384888 2012-10-25] (BlueStack Systems, Inc.)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S2 NeroMediaHomeService.4; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
S2 NIS; C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S2 TempoMonitoringService; C:\Program Files\Toshiba TEMPO\TempoSVC.exe [95624 2007-10-29] (Toshiba Europe GmbH)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [327296 2007-12-06] (AfaTech                  )
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63864 2012-10-25] (BlueStack Systems)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S4 CplIR; C:\Windows\system32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-09] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-11-08] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130618.001\IDSvix86.sys [386720 2013-05-28] (Symantec Corporation)
S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130618.017\NAVENG.SYS [93272 2013-05-27] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130618.017\NAVEX15.SYS [1611992 2013-05-27] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SYMDNS; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMDNS.SYS [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [x]
S3 SYMREDRV; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS [x]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-19 12:38 - 2013-06-19 12:38 - 00000000 ____D C:\FRST
2013-06-19 08:28 - 2013-06-19 08:28 - 00163057 ____A C:\Users\Sascha\AppData\Local\2433f433
2013-06-19 08:28 - 2013-06-19 08:28 - 00163051 ____A C:\ProgramData\2433f433
2013-06-19 08:28 - 2013-06-19 08:28 - 00163013 ____A C:\Users\Sascha\AppData\Roaming\2433f433
2013-06-13 06:58 - 2013-05-17 00:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 06:58 - 2013-05-16 23:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 06:58 - 2013-05-16 23:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 06:58 - 2013-05-16 23:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 06:58 - 2013-05-16 23:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 06:58 - 2013-05-16 23:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 06:58 - 2013-05-16 23:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 06:58 - 2013-05-16 23:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 06:58 - 2013-05-16 23:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 06:58 - 2013-05-16 23:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 06:58 - 2013-05-16 23:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 06:58 - 2013-05-16 23:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 06:58 - 2013-05-16 23:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 06:58 - 2013-05-16 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 06:58 - 2013-05-16 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 06:58 - 2013-05-16 23:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 07:36 - 2013-06-12 07:36 - 00193024 ____A C:\Users\Sascha\Documents\Prod-Info6feet.xls
2013-06-12 07:05 - 2013-05-08 05:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 07:00 - 2013-05-02 23:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 07:00 - 2013-05-02 23:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 07:00 - 2013-05-02 05:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 07:00 - 2013-05-02 05:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 07:00 - 2013-04-24 05:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 07:00 - 2013-04-24 05:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 07:00 - 2013-04-24 05:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 07:00 - 2013-04-24 05:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 07:00 - 2013-04-24 02:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 07:00 - 2013-04-17 13:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-06-19 12:38 - 2013-06-19 12:38 - 00000000 ____D C:\FRST
2013-06-19 10:47 - 2006-11-02 14:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-19 10:47 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 10:46 - 2008-04-17 08:52 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-19 10:45 - 2009-07-14 20:21 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 10:45 - 2006-11-02 13:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 10:45 - 2006-11-02 13:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 10:33 - 2008-04-16 10:04 - 01620612 ____A C:\Windows\WindowsUpdate.log
2013-06-19 10:13 - 2012-03-30 06:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 08:41 - 2008-12-19 17:02 - 00000000 ____D C:\Windows\System32\Drivers\NIS
2013-06-19 08:39 - 2009-07-14 20:21 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-19 08:39 - 2008-12-19 17:02 - 00002557 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-06-19 08:28 - 2013-06-19 08:28 - 00163057 ____A C:\Users\Sascha\AppData\Local\2433f433
2013-06-19 08:28 - 2013-06-19 08:28 - 00163051 ____A C:\ProgramData\2433f433
2013-06-19 08:28 - 2013-06-19 08:28 - 00163013 ____A C:\Users\Sascha\AppData\Roaming\2433f433
2013-06-19 07:04 - 2008-12-19 17:02 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-19 07:04 - 2008-09-12 23:48 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-18 13:18 - 2009-03-27 21:17 - 00001052 ____A C:\Windows\Tasks\Google Software Updater.job
2013-06-18 07:03 - 2008-04-22 13:20 - 00002605 ____A C:\Users\Sascha\Desktop\Microsoft Word.lnk
2013-06-16 14:44 - 2011-01-14 12:18 - 00000000 ____D C:\Users\Sascha\AppData\Local\CrashDumps
2013-06-14 09:09 - 2008-04-20 09:10 - 00098816 ____A C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-14 07:45 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 21:47 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 06:50 - 2006-11-02 11:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 07:36 - 2013-06-12 07:36 - 00193024 ____A C:\Users\Sascha\Documents\Prod-Info6feet.xls
2013-06-11 18:49 - 2012-03-30 06:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 18:49 - 2011-05-31 09:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-05 08:13 - 2008-08-27 17:42 - 00172032 ____H C:\Users\Sascha\Documents\~WRL2228.tmp
2013-05-30 16:01 - 2013-05-04 21:03 - 00267128 ____A C:\Windows\PFRO.log
2013-05-29 07:30 - 2013-05-02 19:44 - 00000000 ____D C:\Users\Sascha\AppData\Local\Smartbar
2013-05-29 07:25 - 2012-06-21 08:32 - 00000000 ____D C:\Program Files\Citrix
2013-05-29 07:20 - 2008-04-17 20:43 - 00000000 ____D C:\Program Files\Google
2013-05-29 06:53 - 2008-12-19 15:54 - 00000000 ____D C:\ProgramData\Norton
2013-05-28 11:22 - 2008-12-19 17:02 - 00000000 ____D C:\Program Files\Symantec
2013-05-26 15:47 - 2009-02-14 11:02 - 00000680 ____A C:\Users\Sascha\AppData\Local\d3d9caps.dat
2013-05-23 15:25 - 2006-11-02 11:33 - 01459028 ____A C:\Windows\System32\PerfStringBackup.INI

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-17 18:35:31
Restore point made on: 2013-06-18 19:06:30

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3069.81 MB
Available physical RAM: 2586.61 MB
Total Pagefile: 2807.09 MB
Available Pagefile: 2656.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.5 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:74.52 GB) (Free:14.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:149.05 GB) (Free:46.37 GB) NTFS
Drive e: (Data) (Fixed) (Total:73.06 GB) (Free:52.84 GB) NTFS
Drive f: (130619_1055) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS
Drive g: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS
Drive h: (HITMANPRO) (Removable) (Total:0.11 GB) (Free:0.11 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 1A48DF06)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=73 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 5D379805)
Partition 1: (Not Active) - (Size=149 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 124 MB) (Disk ID: 3C683E52)
Partition 1: (Active) - (Size=118 MB) - (Type=0B)


LastRegBack: 2013-06-19 10:21

==================== End Of Log ============================
--- --- ---
__________________
Alt 19.06.2013, 12:23   #4
schrauber
/// the machine
/// TB-Ausbilder
 
GVU Trojaner auf Laptop Keine Lösung - Standard

GVU Trojaner auf Laptop Keine Lösung


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
HKU\Sascha\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Sascha\AppData\Local\Temp\Wr5CHk6.exe [ 2013-06-19] (Mozilla Foundation)
HKU\Sascha\...\Winlogon: [Shell] cmd.exe [ 2008-01-19] (Microsoft Corporation) <==== ATTENTION 
HKU\Sascha\...\Command Processor: "C:\Users\Sascha\AppData\Local\Temp\Wr5CHk6.exe" <===== ATTENTION!
2013-06-19 08:28 - 2013-06-19 08:28 - 00163057 ____A C:\Users\Sascha\AppData\Local\2433f433
2013-06-19 08:28 - 2013-06-19 08:28 - 00163051 ____A C:\ProgramData\2433f433
2013-06-19 08:28 - 2013-06-19 08:28 - 00163013 ____A C:\Users\Sascha\AppData\Roaming\2433f433
C:\Users\Sascha\AppData\Local\Temp\Wr5CHk6.exe
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Neu booten, freuen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.06.2013, 13:09   #5
Greaser69
 
GVU Trojaner auf Laptop Keine Lösung - Standard

GVU Trojaner auf Laptop Keine Lösung


Habe ich alles gemacht, aber es hat nichts gebracht. Das GVU Startfenster taucht immer noch sofort auf.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-06-2013
Ran by SYSTEM at 2013-06-19 14:03:53 Run:1
Running from H:\
Boot Mode: Recovery

==============================================

HKU\Sascha\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Sascha\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Sascha\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Sascha\AppData\Local\2433f433 => Moved successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Sascha\AppData\Roaming\2433f433 => Moved successfully.
C:\Users\Sascha\AppData\Local\Temp\Wr5CHk6.exe => Moved successfully.

==== End of Fixlog ====.
habe auch nochmal neu gescannt.
Das hier kam dabei raus

Code:
ATTFilter
can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by SYSTEM on 19-06-2013 14:38:25
Running from H:\
Windows Vista (TM) Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [509496 2007-04-03] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [90112 2006-11-10] ()
HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [204800 2007-07-27] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2007-10-29] (Toshiba Europe GmbH)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s [958352 2011-08-22] (Samsung)
HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3507088 2011-08-22] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe [593784 2012-10-25] (BlueStack Systems, Inc.)
HKLM\...\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [5178664 2012-02-28] (Nero AG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\NeroMediaHomeUser.4\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Sascha\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Sascha\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Sascha\...\Run: [Center Agent] C:\Program Files\X-TENSIONS Multimedia\HyperMediaCenter\DTVR\Scheduled.exe [ 2008-01-10] ()
HKU\Sascha\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Sascha\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2011-08-22] ()
HKU\Sascha\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Sascha\...\Run: [Messenger (Yahoo!)] "D:\\Messenger\YahooMessenger.exe" -quiet [x]
HKU\Sascha\...\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [ 2012-02-28] (Nero AG)
HKU\Sascha\...\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"hxxp://www.dreimausklicks.de/taskloader.php?mode=pupil&sequence=15720&userID=40769&userName=Joanne&type=0" [x]
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

========================== Services (Whitelisted) =================

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393080 2012-10-25] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384888 2012-10-25] (BlueStack Systems, Inc.)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S2 NeroMediaHomeService.4; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
S2 NIS; C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S2 TempoMonitoringService; C:\Program Files\Toshiba TEMPO\TempoSVC.exe [95624 2007-10-29] (Toshiba Europe GmbH)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [327296 2007-12-06] (AfaTech                  )
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63864 2012-10-25] (BlueStack Systems)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S4 CplIR; C:\Windows\system32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-09] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-11-08] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130618.001\IDSvix86.sys [386720 2013-05-28] (Symantec Corporation)
S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130618.017\NAVENG.SYS [93272 2013-05-27] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130618.017\NAVEX15.SYS [1611992 2013-05-27] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SYMDNS; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMDNS.SYS [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [x]
S3 SYMREDRV; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS [x]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-19 12:38 - 2013-06-19 12:38 - 00000000 ____D C:\FRST
2013-06-13 06:58 - 2013-05-17 00:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 06:58 - 2013-05-16 23:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 06:58 - 2013-05-16 23:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 06:58 - 2013-05-16 23:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 06:58 - 2013-05-16 23:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 06:58 - 2013-05-16 23:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 06:58 - 2013-05-16 23:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 06:58 - 2013-05-16 23:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 06:58 - 2013-05-16 23:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 06:58 - 2013-05-16 23:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 06:58 - 2013-05-16 23:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 06:58 - 2013-05-16 23:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 06:58 - 2013-05-16 23:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 06:58 - 2013-05-16 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 06:58 - 2013-05-16 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 06:58 - 2013-05-16 23:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 07:36 - 2013-06-12 07:36 - 00193024 ____A C:\Users\Sascha\Documents\Prod-Info6feet.xls
2013-06-12 07:05 - 2013-05-08 05:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 07:00 - 2013-05-02 23:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 07:00 - 2013-05-02 23:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 07:00 - 2013-05-02 05:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 07:00 - 2013-05-02 05:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 07:00 - 2013-04-24 05:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 07:00 - 2013-04-24 05:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 07:00 - 2013-04-24 05:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 07:00 - 2013-04-24 05:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 07:00 - 2013-04-24 02:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 07:00 - 2013-04-17 13:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-06-19 13:26 - 2006-11-02 11:33 - 01459028 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 13:23 - 2008-04-17 08:52 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-19 13:22 - 2009-07-14 20:21 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 13:22 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 13:22 - 2006-11-02 13:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 13:22 - 2006-11-02 13:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 13:11 - 2008-04-16 10:04 - 01631028 ____A C:\Windows\WindowsUpdate.log
2013-06-19 13:11 - 2006-11-02 14:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-19 12:38 - 2013-06-19 12:38 - 00000000 ____D C:\FRST
2013-06-19 10:13 - 2012-03-30 06:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 08:41 - 2008-12-19 17:02 - 00000000 ____D C:\Windows\System32\Drivers\NIS
2013-06-19 08:39 - 2009-07-14 20:21 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-19 08:39 - 2008-12-19 17:02 - 00002557 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-06-19 07:04 - 2008-12-19 17:02 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-19 07:04 - 2008-09-12 23:48 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-18 13:18 - 2009-03-27 21:17 - 00001052 ____A C:\Windows\Tasks\Google Software Updater.job
2013-06-18 07:03 - 2008-04-22 13:20 - 00002605 ____A C:\Users\Sascha\Desktop\Microsoft Word.lnk
2013-06-16 14:44 - 2011-01-14 12:18 - 00000000 ____D C:\Users\Sascha\AppData\Local\CrashDumps
2013-06-14 09:09 - 2008-04-20 09:10 - 00098816 ____A C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-14 07:45 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 21:47 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 06:50 - 2006-11-02 11:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 07:36 - 2013-06-12 07:36 - 00193024 ____A C:\Users\Sascha\Documents\Prod-Info6feet.xls
2013-06-11 18:49 - 2012-03-30 06:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 18:49 - 2011-05-31 09:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-05 08:13 - 2008-08-27 17:42 - 00172032 ____H C:\Users\Sascha\Documents\~WRL2228.tmp
2013-05-30 16:01 - 2013-05-04 21:03 - 00267128 ____A C:\Windows\PFRO.log
2013-05-29 07:30 - 2013-05-02 19:44 - 00000000 ____D C:\Users\Sascha\AppData\Local\Smartbar
2013-05-29 07:25 - 2012-06-21 08:32 - 00000000 ____D C:\Program Files\Citrix
2013-05-29 07:20 - 2008-04-17 20:43 - 00000000 ____D C:\Program Files\Google
2013-05-29 06:53 - 2008-12-19 15:54 - 00000000 ____D C:\ProgramData\Norton
2013-05-28 11:22 - 2008-12-19 17:02 - 00000000 ____D C:\Program Files\Symantec
2013-05-26 15:47 - 2009-02-14 11:02 - 00000680 ____A C:\Users\Sascha\AppData\Local\d3d9caps.dat

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-17 18:35:31
Restore point made on: 2013-06-18 19:06:30

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3069.81 MB
Available physical RAM: 2587.27 MB
Total Pagefile: 2807.09 MB
Available Pagefile: 2657.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.14 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:74.52 GB) (Free:14.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:149.05 GB) (Free:46.37 GB) NTFS
Drive e: (Data) (Fixed) (Total:73.06 GB) (Free:52.84 GB) NTFS
Drive g: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS
Drive h: (HITMANPRO) (Removable) (Total:0.11 GB) (Free:0.11 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 1A48DF06)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=73 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 5D379805)
Partition 1: (Not Active) - (Size=149 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 124 MB) (Disk ID: 3C683E52)
Partition 1: (Active) - (Size=118 MB) - (Type=0B)


LastRegBack: 2013-06-19 13:11

==================== End Of Log ============================


Alt 19.06.2013, 13:46   #6
schrauber
/// the machine
/// TB-Ausbilder
 
GVU Trojaner auf Laptop Keine Lösung - Standard

GVU Trojaner auf Laptop Keine Lösung


What?

poste mal ein frisches FRST Scanlog.
__________________
--> GVU Trojaner auf Laptop Keine Lösung

Alt 19.06.2013, 13:53   #7
Greaser69
 
GVU Trojaner auf Laptop Keine Lösung - Standard

GVU Trojaner auf Laptop Keine Lösung


Zitat:
Zitat von schrauber Beitrag anzeigen
What?

poste mal ein frisches FRST Scanlog.
Code:
ATTFilter
can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by SYSTEM on 19-06-2013 14:38:25
Running from H:\
Windows Vista (TM) Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [509496 2007-04-03] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [90112 2006-11-10] ()
HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [204800 2007-07-27] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2007-10-29] (Toshiba Europe GmbH)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s [958352 2011-08-22] (Samsung)
HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3507088 2011-08-22] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe [593784 2012-10-25] (BlueStack Systems, Inc.)
HKLM\...\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [5178664 2012-02-28] (Nero AG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\NeroMediaHomeUser.4\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Sascha\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Sascha\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Sascha\...\Run: [Center Agent] C:\Program Files\X-TENSIONS Multimedia\HyperMediaCenter\DTVR\Scheduled.exe [ 2008-01-10] ()
HKU\Sascha\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Sascha\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2011-08-22] ()
HKU\Sascha\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Sascha\...\Run: [Messenger (Yahoo!)] "D:\\Messenger\YahooMessenger.exe" -quiet [x]
HKU\Sascha\...\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [ 2012-02-28] (Nero AG)
HKU\Sascha\...\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"hxxp://www.dreimausklicks.de/taskloader.php?mode=pupil&sequence=15720&userID=40769&userName=Joanne&type=0" [x]
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

========================== Services (Whitelisted) =================

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393080 2012-10-25] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384888 2012-10-25] (BlueStack Systems, Inc.)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S2 NeroMediaHomeService.4; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
S2 NIS; C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S2 TempoMonitoringService; C:\Program Files\Toshiba TEMPO\TempoSVC.exe [95624 2007-10-29] (Toshiba Europe GmbH)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [327296 2007-12-06] (AfaTech                  )
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63864 2012-10-25] (BlueStack Systems)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S4 CplIR; C:\Windows\system32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-09] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-11-08] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130618.001\IDSvix86.sys [386720 2013-05-28] (Symantec Corporation)
S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130618.017\NAVENG.SYS [93272 2013-05-27] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130618.017\NAVEX15.SYS [1611992 2013-05-27] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SYMDNS; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMDNS.SYS [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [x]
S3 SYMREDRV; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS [x]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-19 12:38 - 2013-06-19 12:38 - 00000000 ____D C:\FRST
2013-06-13 06:58 - 2013-05-17 00:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 06:58 - 2013-05-16 23:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 06:58 - 2013-05-16 23:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 06:58 - 2013-05-16 23:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 06:58 - 2013-05-16 23:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 06:58 - 2013-05-16 23:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 06:58 - 2013-05-16 23:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 06:58 - 2013-05-16 23:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 06:58 - 2013-05-16 23:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 06:58 - 2013-05-16 23:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 06:58 - 2013-05-16 23:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 06:58 - 2013-05-16 23:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 06:58 - 2013-05-16 23:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 06:58 - 2013-05-16 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 06:58 - 2013-05-16 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 06:58 - 2013-05-16 23:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 07:36 - 2013-06-12 07:36 - 00193024 ____A C:\Users\Sascha\Documents\Prod-Info6feet.xls
2013-06-12 07:05 - 2013-05-08 05:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 07:00 - 2013-05-02 23:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 07:00 - 2013-05-02 23:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 07:00 - 2013-05-02 05:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 07:00 - 2013-05-02 05:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 07:00 - 2013-04-24 05:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 07:00 - 2013-04-24 05:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 07:00 - 2013-04-24 05:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 07:00 - 2013-04-24 05:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 07:00 - 2013-04-24 02:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 07:00 - 2013-04-17 13:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-06-19 13:26 - 2006-11-02 11:33 - 01459028 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 13:23 - 2008-04-17 08:52 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-19 13:22 - 2009-07-14 20:21 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 13:22 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 13:22 - 2006-11-02 13:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 13:22 - 2006-11-02 13:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 13:11 - 2008-04-16 10:04 - 01631028 ____A C:\Windows\WindowsUpdate.log
2013-06-19 13:11 - 2006-11-02 14:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-19 12:38 - 2013-06-19 12:38 - 00000000 ____D C:\FRST
2013-06-19 10:13 - 2012-03-30 06:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 08:41 - 2008-12-19 17:02 - 00000000 ____D C:\Windows\System32\Drivers\NIS
2013-06-19 08:39 - 2009-07-14 20:21 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-19 08:39 - 2008-12-19 17:02 - 00002557 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-06-19 07:04 - 2008-12-19 17:02 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-19 07:04 - 2008-09-12 23:48 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-18 13:18 - 2009-03-27 21:17 - 00001052 ____A C:\Windows\Tasks\Google Software Updater.job
2013-06-18 07:03 - 2008-04-22 13:20 - 00002605 ____A C:\Users\Sascha\Desktop\Microsoft Word.lnk
2013-06-16 14:44 - 2011-01-14 12:18 - 00000000 ____D C:\Users\Sascha\AppData\Local\CrashDumps
2013-06-14 09:09 - 2008-04-20 09:10 - 00098816 ____A C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-14 07:45 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 21:47 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 06:50 - 2006-11-02 11:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 07:36 - 2013-06-12 07:36 - 00193024 ____A C:\Users\Sascha\Documents\Prod-Info6feet.xls
2013-06-11 18:49 - 2012-03-30 06:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 18:49 - 2011-05-31 09:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-05 08:13 - 2008-08-27 17:42 - 00172032 ____H C:\Users\Sascha\Documents\~WRL2228.tmp
2013-05-30 16:01 - 2013-05-04 21:03 - 00267128 ____A C:\Windows\PFRO.log
2013-05-29 07:30 - 2013-05-02 19:44 - 00000000 ____D C:\Users\Sascha\AppData\Local\Smartbar
2013-05-29 07:25 - 2012-06-21 08:32 - 00000000 ____D C:\Program Files\Citrix
2013-05-29 07:20 - 2008-04-17 20:43 - 00000000 ____D C:\Program Files\Google
2013-05-29 06:53 - 2008-12-19 15:54 - 00000000 ____D C:\ProgramData\Norton
2013-05-28 11:22 - 2008-12-19 17:02 - 00000000 ____D C:\Program Files\Symantec
2013-05-26 15:47 - 2009-02-14 11:02 - 00000680 ____A C:\Users\Sascha\AppData\Local\d3d9caps.dat

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-17 18:35:31
Restore point made on: 2013-06-18 19:06:30

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3069.81 MB
Available physical RAM: 2587.27 MB
Total Pagefile: 2807.09 MB
Available Pagefile: 2657.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.14 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:74.52 GB) (Free:14.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:149.05 GB) (Free:46.37 GB) NTFS
Drive e: (Data) (Fixed) (Total:73.06 GB) (Free:52.84 GB) NTFS
Drive g: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS
Drive h: (HITMANPRO) (Removable) (Total:0.11 GB) (Free:0.11 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 1A48DF06)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=73 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 5D379805)
Partition 1: (Not Active) - (Size=149 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 124 MB) (Disk ID: 3C683E52)
Partition 1: (Active) - (Size=118 MB) - (Type=0B)


LastRegBack: 2013-06-19 13:11

==================== End Of Log ============================

Alt 19.06.2013, 14:00   #8
schrauber
/// the machine
/// TB-Ausbilder
 
GVU Trojaner auf Laptop Keine Lösung - Standard

GVU Trojaner auf Laptop Keine Lösung


Neuer Fix, diesmal damit:

Code:
ATTFilter
HKU\Sascha\...\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"hxxp://www.dreimausklicks.de/taskloader.php?mode=pupil&sequence=15720&userID=40769&userName=Joanne&type=0" [x]
C:\Users\Sascha\AppData\Local\Temp
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.06.2013, 14:20   #9
Greaser69
 
GVU Trojaner auf Laptop Keine Lösung - Standard

GVU Trojaner auf Laptop Keine Lösung


So, jetzt hat es geklappt.
Allerdings lässt sich das Windows Sicherheits Center nicht einschalten. Hat das was damit zu tun? Oder wird das von Norton geblockt?

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-06-2013
Ran by SYSTEM at 2013-06-19 15:05:58 Run:3
Running from H:\
Boot Mode: Recovery

==============================================

HKU\Sascha\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater => Value deleted successfully.
C:\Users\Sascha\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====
Auf jeden Fall mal ein fettes Dankeschön für deine Mühe!

Alt 19.06.2013, 14:40   #10
schrauber
/// the machine
/// TB-Ausbilder
 
GVU Trojaner auf Laptop Keine Lösung - Standard

GVU Trojaner auf Laptop Keine Lösung


Wir sind ja auch noch nit fertig

Ab jetzt alles im normalen WIndows.

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.06.2013, 15:06   #11
Greaser69
 
GVU Trojaner auf Laptop Keine Lösung - Standard

GVU Trojaner auf Laptop Keine Lösung


here we go
die frst.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by Sascha (administrator) on 19-06-2013 15:59:40
Running from C:\Users\Sascha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJFSN537
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Nero AG) C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPO\TempoSVC.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
() C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Nero AG) C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\X-TENSIONS Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Yahoo! Inc.) D:\Messenger\YahooMessenger.exe
(Yahoo! Inc.) D:\Messenger\YahooMessenger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [509496 2007-04-03] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [90112 2006-11-10] ()
HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [204800 2007-07-27] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2007-10-29] (Toshiba Europe GmbH)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s [958352 2011-08-22] (Samsung)
HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3507088 2011-08-22] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe [593784 2012-10-25] (BlueStack Systems, Inc.)
HKLM\...\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [5178664 2012-02-28] (Nero AG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [413696 2006-11-13] (TOSHIBA)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Center Agent] C:\Program Files\X-TENSIONS Multimedia\HyperMediaCenter\DTVR\Scheduled.exe [1524224 2008-01-10] ()
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-08-08] (Google Inc.)
HKCU\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-08-22] ()
HKCU\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKCU\...\Run: [Messenger (Yahoo!)] "D:\\Messenger\YahooMessenger.exe" -quiet [x]
HKCU\...\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [5178664 2012-02-28] (Nero AG)
MountPoints2: {0ba30697-7bf1-11e2-8167-001eec02028b} - H:\iStudio.exe
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac-43d9-b0aa-de47606421bf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=02/05/2013&type=hp1000
HKLM SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac-43d9-b0aa-de47606421bf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=02/05/2013&type=hp1000
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac-43d9-b0aa-de47606421bf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=02/05/2013&type=hp1000
SearchScopes: HKLM - {74DD18FC-EF2E-47C4-836C-B1DFCDE49EB3} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
HKCU SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac-43d9-b0aa-de47606421bf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=02/05/2013&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac-43d9-b0aa-de47606421bf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=02/05/2013&type=hp1000
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=18
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\vdq6ogev.default
FF Homepage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac-43d9-b0aa-de47606421bf&searchtype=hp&fr=linkury-tb&installDate=02/05/2013&type=hp1000
FF SearchEngine: Web Search
FF Keyword.URL: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac-43d9-b0aa-de47606421bf&searchtype=ds&fr=linkury-tb&installDate=02/05/2013&type=hp1000&p=
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - D:\Neuer Ordner (2)\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\vdq6ogev.default\Extensions\staged
FF Extension: No Name - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\vdq6ogev.default\Extensions\{052a6f74-6bac-43d9-b0aa-de47606421bf}

Chrome: 
=======
CHR HomePage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac-43d9-b0aa-de47606421bf&searchtype=hp&fr=linkury-tb&installDate=02/05/2013&type=hp1000
CHR RestoreOnStartup: "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac-43d9-b0aa-de47606421bf&searchtype=hp&fr=linkury-tb&installDate=02/05/2013&type=hp1000"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Google Drive) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Norton Identity Protection) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0
CHR Extension: (Gmail) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393080 2012-10-25] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384888 2012-10-25] (BlueStack Systems, Inc.)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 NeroMediaHomeService.4; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 NIS; C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPO\TempoSVC.exe [95624 2007-10-29] (Toshiba Europe GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [327296 2007-12-06] (AfaTech                  )
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63864 2012-10-25] (BlueStack Systems)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S4 CplIR; C:\Windows\system32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-11-08] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130618.001\IDSvix86.sys [386720 2013-05-28] (Symantec Corporation)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130618.022\NAVENG.SYS [93272 2013-05-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130618.022\NAVEX15.SYS [1611992 2013-05-27] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SYMDNS; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMDNS.SYS [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [x]
S3 SYMREDRV; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS [x]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-19 13:38 - 2013-06-19 13:38 - 00000000 ____D C:\FRST
2013-06-13 07:58 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 07:58 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 07:58 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 07:58 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 07:58 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 07:58 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 07:58 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 07:58 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 07:58 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 07:58 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 07:58 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 07:58 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 07:58 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 07:58 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 07:58 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 07:58 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 08:36 - 2013-06-12 08:36 - 00193024 ____A C:\Users\Sascha\Documents\Prod-Info6feet.xls
2013-06-12 08:05 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:00 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 08:00 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 08:00 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:00 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 08:00 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:00 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:00 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:00 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:00 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:00 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-06-19 15:54 - 2009-02-14 12:02 - 00000680 ____A C:\Users\Sascha\AppData\Local\d3d9caps.dat
2013-06-19 15:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-19 15:42 - 2008-04-16 11:04 - 01662847 ____A C:\Windows\WindowsUpdate.log
2013-06-19 15:39 - 2009-07-14 21:21 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-19 15:29 - 2006-11-02 12:33 - 01483132 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 15:14 - 2012-03-30 07:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 15:11 - 2008-04-17 09:52 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-19 15:09 - 2009-07-14 21:21 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 15:09 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 15:09 - 2006-11-02 14:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 15:09 - 2006-11-02 14:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 14:11 - 2006-11-02 15:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-19 13:38 - 2013-06-19 13:38 - 00000000 ____D C:\FRST
2013-06-19 09:41 - 2008-12-19 18:02 - 00000000 ____D C:\Windows\System32\Drivers\NIS
2013-06-19 09:39 - 2008-12-19 18:02 - 00002557 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-06-19 08:04 - 2008-12-19 18:02 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-19 08:04 - 2008-09-13 00:48 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-18 14:18 - 2009-03-27 22:17 - 00001052 ____A C:\Windows\Tasks\Google Software Updater.job
2013-06-18 08:03 - 2008-04-22 14:20 - 00002605 ____A C:\Users\Sascha\Desktop\Microsoft Word.lnk
2013-06-16 15:44 - 2011-01-14 13:18 - 00000000 ____D C:\Users\Sascha\AppData\Local\CrashDumps
2013-06-14 10:09 - 2008-04-20 10:10 - 00098816 ____A C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-14 08:45 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 22:47 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 07:50 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 08:36 - 2013-06-12 08:36 - 00193024 ____A C:\Users\Sascha\Documents\Prod-Info6feet.xls
2013-06-11 19:49 - 2012-03-30 07:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 19:49 - 2011-05-31 10:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-05 09:13 - 2008-08-27 18:42 - 00172032 ____H C:\Users\Sascha\Documents\~WRL2228.tmp
2013-05-30 17:01 - 2013-05-04 22:03 - 00267128 ____A C:\Windows\PFRO.log
2013-05-29 08:30 - 2013-05-02 20:44 - 00000000 ____D C:\Users\Sascha\AppData\Local\Smartbar
2013-05-29 08:25 - 2012-06-21 09:32 - 00000000 ____D C:\Program Files\Citrix
2013-05-29 08:20 - 2008-04-17 21:43 - 00000000 ____D C:\Program Files\Google
2013-05-29 07:53 - 2008-12-19 16:54 - 00000000 ____D C:\ProgramData\Norton
2013-05-28 12:22 - 2008-12-19 18:02 - 00000000 ____D C:\Program Files\Symantec

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-19 15:17

==================== End Of Log ============================
--- --- ---


und die addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-06-2013
Ran by Sascha at 2013-06-19 16:03:26 Run:
Running from C:\Users\Sascha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJFSN537
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader 7.1.0 - Deutsch (Version: 7.1.0)
Adobe Shockwave Player (Version: 11)
Advertising Center (Version: 0.0.0.2)
Ashampoo Burning Studio 6 FREE v.6.83 (Version: 6.8.3)
ATI Catalyst Install Manager (Version: 3.0.648.0)
AudibleManager (Version: 4702824.-2.2000580726.2000579740)
AudioCon (Version: 1.0)
AVS DVD Player version 2.4
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Bing Rewards Client Installer (Version: 16.0.345.0)
Bluetooth Stack for Windows by Toshiba (Version: v5.10.06(T))
Broadcom High Definition Video Decoder 2.6.40.1 (Version: 2.6.40.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2007.1101.2317.39832)
Catalyst Control Center Graphics Full Existing (Version: 2007.1101.2317.39832)
Catalyst Control Center Graphics Full New (Version: 2007.1101.2317.39832)
Catalyst Control Center Graphics Light (Version: 2007.1101.2317.39832)
Catalyst Control Center Graphics Previews Common (Version: 2007.1101.2317.39832)
Catalyst Control Center Graphics Previews Vista (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Chinese Standard (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Czech (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Danish (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Dutch (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Finnish (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization French (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization German (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Greek (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Hungarian (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Italian (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Japanese (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Korean (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Norwegian (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Polish (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Portuguese (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Russian (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Spanish (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Swedish (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Thai (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Turkish (Version: 2007.1101.2317.39832)
CCC Help Chinese Standard (Version: 2007.1101.2316.39832)
CCC Help Chinese Traditional (Version: 2007.1101.2316.39832)
CCC Help Czech (Version: 2007.1101.2316.39832)
CCC Help Danish (Version: 2007.1101.2316.39832)
CCC Help Dutch (Version: 2007.1101.2316.39832)
CCC Help English (Version: 2007.1101.2316.39832)
CCC Help Finnish (Version: 2007.1101.2316.39832)
CCC Help French (Version: 2007.1101.2316.39832)
CCC Help German (Version: 2007.1101.2316.39832)
CCC Help Greek (Version: 2007.1101.2316.39832)
CCC Help Hungarian (Version: 2007.1101.2316.39832)
CCC Help Italian (Version: 2007.1101.2316.39832)
CCC Help Japanese (Version: 2007.1101.2316.39832)
CCC Help Korean (Version: 2007.1101.2316.39832)
CCC Help Norwegian (Version: 2007.1101.2316.39832)
CCC Help Polish (Version: 2007.1101.2316.39832)
CCC Help Portuguese (Version: 2007.1101.2316.39832)
CCC Help Russian (Version: 2007.1101.2316.39832)
CCC Help Spanish (Version: 2007.1101.2316.39832)
CCC Help Swedish (Version: 2007.1101.2316.39832)
CCC Help Thai (Version: 2007.1101.2316.39832)
CCC Help Turkish (Version: 2007.1101.2316.39832)
ccc-core-static (Version: 2007.1101.2317.39832)
ccc-utility (Version: 2007.1101.2317.39832)
CD/DVD Drive Acoustic Silencer (Version: 2.00.02)
CDBurnerXP (Version: 4.5.1.3868)
D3DX10 (Version: 15.4.2368.0902)
Desktop SMS (Version: 1.2.0)
DVB-T USB BDA Driver
DVD MovieFactory for TOSHIBA (Version: 5.3)
Emdedded IR Driver (Version: 0.0.0.6C)
Feiyr MusicUploader (Version: 1.0.0.1)
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (Version: 2.0.0.1)
Freemake Video Converter Version 4.0.1 (Version: 4.0.1)
Google Earth (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.145)
Google Updater (Version: 2.4.2432.1652)
HyperMediaCenter (Version: 3.0)
Intel Matrix Storage Manager
Java(TM) 6 Update 22 (Version: 6.0.220)
Java(TM) 6 Update 31 (Version: 6.0.310)
Java(TM) 6 Update 5 (Version: 1.6.0.50)
Java(TM) 6 Update 7 (Version: 1.6.0.70)
Java(TM) SE Runtime Environment 6 (Version: 1.6.0.0)
join.me (Version: 1.9.0.133)
Logitech Unifying-Software 2.00 (Version: 2.00.43)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2000 Premium (Version: 9.00.2816)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft UI Engine (Version: 6.3.2380.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft XML Parser (Version: 8.0.7820.0)
Microsoft XML Parser (Version: 8.20.8730.4)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyFreeCodec
myphotobook 3.1 (Version: 3.1)
NAVIGON Fresh 2.0.2 (Version: 2.0.2)
Nero ControlCenter (Version: 9.0.0.1)
Nero Installer (Version: 4.4.9.0)
Nero MediaHome 4 (Version: 4.5.20.45)
Nero MediaHome 4 Essentials
Nero MediaHome 4 Help (Version: 4.5.5.0)
Nero Online Upgrade (Version: 1.3.0.0)
Norton Internet Security (Version: 20.4.0.40)
Notification Center (Version: 0.7.7.813)
OpenOffice.org 3.3 (Version: 3.3.9567)
PhotoScape
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5477)
SAMSUNG Intelli-studio
Samsung Kies (Version: 2.0.2.11071_128)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.3.9001)
Segoe UI (Version: 15.4.2271.0615)
Skins (Version: 2007.1101.2317.39832)
Switch Audiodatei-Konverter
Synaptics Pointing Device Driver (Version: 10.0.9.0)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0001)
TIPCI (Version: 2.00.0001)
TOSHIBA Assist (Version: 2.01.02)
TOSHIBA ConfigFree (Version: 7.00.32)
TOSHIBA Disc Creator (Version: 2.0.0.8)
TOSHIBA DVD PLAYER (Version: 1.10.13)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Flash Cards Support Utility (Version: 1.48.0.3C)
TOSHIBA Hardware Setup (Version: 1.48.0.11C)
Toshiba Online Product Information (Version: 1.00.0012)
TOSHIBA SD Memory Utilities (Version: 1.8.1.1)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Supervisor Password (Version: 1.48.0.8C)
TOSHIBA Supervisorkennwort (Version: 1.48.0.8C)
Toshiba TEMPO (Version: 1.0)
TOSHIBA Value Added Package (Version: 1.0.28)
TuneUp Utilities 2013 (Version: 13.0.3020.2)
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.3020.2)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Utility Common Driver (Version: 0.0.1.1C)
VLC media player 2.0.5 (Version: 2.0.5)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Encoder 9-Reihe
Windows Media Encoder 9-Reihe (Version: 9.00.3374)
WinX Free MP4 to WMV Converter 4.1.3
Xfire (remove only)
Yahoo! Messenger

==================== Restore Points  =========================

17-06-2013 17:34:46 Geplanter Prüfpunkt
18-06-2013 18:06:17 Geplanter Prüfpunkt
19-06-2013 13:20:49 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {037E50E6-9916-4CA5-84C9-CD664D58B92C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {06DAC6E9-FFD2-4306-AE34-6B5921241AD5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
Task: {094DCC3C-E88B-4D85-9F90-74C755A8E40E} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-10] (Google)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {24696C83-E67F-4ADE-9A58-F147C90D98F2} - System32\Tasks\WPD\SqmUpload_S-1-5-21-4166308108-578177805-213925538-1000 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {268031AE-738C-4C3C-9165-DFE74F3C44F7} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\rundll32 No File
Task: {38CFA131-9F24-42F0-BE01-256977D89936} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs [2008-01-05] ()
Task: {667DF03A-B612-4C5B-86AA-EDB922418E22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-14] (Google Inc.)
Task: {6859F8C9-1B16-4191-8D39-A18994BA20A9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {690A59F1-1B05-41A4-A77D-14E4FA5FC7A9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {6F5E934C-A446-4F84-9D15-C6DB2174633D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {7B2E2D6C-A4EA-4511-8667-AC90690699FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-14] (Google Inc.)
Task: {7DE74849-0757-4569-8CA3-425B500B72FD} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {9F2323D5-1681-4CDA-94DC-4ADE83670B6A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {A69CEB5F-D7A5-40EF-BD14-0F0584F58B20} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {CF404714-44C6-4DA8-AB58-D497C7EA5254} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sascha => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {E0930830-22DB-4C35-873D-F8C5285220A2} - System32\Tasks\NCH Software\SwitchReminder => C:\Program Files\NCH Software\Switch\Switch.exe [2012-06-07] (NCH Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\rundll32 No File

==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2013 03:10:23 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 02:22:13 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 02:06:10 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 11:45:28 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 11:29:55 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 11:23:23 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 11:07:04 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 10:59:52 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 09:58:48 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 09:50:32 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (06/19/2013 03:11:15 PM) (Source: Service Control Manager) (User: )
Description: BlueStacks Android Service%%1064

Error: (06/19/2013 03:11:15 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (06/19/2013 03:09:49 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 19.06.2013 um 14:33:59 unerwartet heruntergefahren.

Error: (06/19/2013 02:30:53 PM) (Source: Service Control Manager) (User: )
Description: PnP-X-IP-BusauflistungFunktionssuchanbieter-Host%%1068

Error: (06/19/2013 02:30:16 PM) (Source: Service Control Manager) (User: )
Description: AFD
BHDrvx86
ccSet_NIS
DfsC
eeCtrl
IDSVix86
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
SRTSPX
SymIRON
SYMTDIv
tdx
Wanarpv6

Error: (06/19/2013 02:30:16 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (06/19/2013 02:30:16 PM) (Source: Service Control Manager) (User: )
Description: NLA (Network Location Awareness)Netzwerkspeicher-Schnittstellendienst%%1068

Error: (06/19/2013 02:30:16 PM) (Source: Service Control Manager) (User: )
Description: NetzwerkverbindungenNetzwerkspeicher-Schnittstellendienst%%1068

Error: (06/19/2013 02:30:16 PM) (Source: Service Control Manager) (User: )
Description: IP-HilfsdienstNetzwerkspeicher-Schnittstellendienst%%1068

Error: (06/19/2013 02:30:16 PM) (Source: Service Control Manager) (User: )
Description: SMB 2.0 MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068


Microsoft Office Sessions:
=========================
Error: (06/19/2013 03:10:23 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 02:22:13 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 02:06:10 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 11:45:28 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 11:29:55 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 11:23:23 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 11:07:04 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 10:59:52 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 09:58:48 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/19/2013 09:50:32 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


CodeIntegrity Errors:
===================================
  Date: 2013-06-19 16:03:14.290
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 16:03:14.013
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 16:03:13.713
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 16:03:13.424
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 16:02:57.440
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 16:02:57.087
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 16:02:56.805
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 16:02:56.516
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 16:02:46.630
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 16:02:46.326
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 3069.69 MB
Available physical RAM: 1340.66 MB
Total Pagefile: 6340.39 MB
Available Pagefile: 4347.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.95 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:74.52 GB) (Free:13.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:149.05 GB) (Free:46.37 GB) NTFS
Drive f: (Data) (Fixed) (Total:73.06 GB) (Free:52.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 1A48DF06)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=73 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 5D379805)
Partition 1: (Not Active) - (Size=149 GB) - (Type=OF Extended)

==================== End Of Log ============================

Alt 19.06.2013, 15:43   #12
schrauber
/// the machine
/// TB-Ausbilder
 
GVU Trojaner auf Laptop Keine Lösung - Standard

GVU Trojaner auf Laptop Keine Lösung


Der Service Scanner fehlt noch
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.06.2013, 16:29   #13
Greaser69
 
GVU Trojaner auf Laptop Keine Lösung - Standard

GVU Trojaner auf Laptop Keine Lösung


Ach ja. Hier ist sie:

Code:
ATTFilter
Farbar Service Scanner Version: 16-06-2013
Ran by Sascha (administrator) on 19-06-2013 at 17:27:43
Running from "C:\Users\Sascha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRWEDWEU"
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-06-12 08:05] - [2013-05-08 06:37] - 0905576 ____A (Microsoft Corporation) 548E198BAE21EFC21F8B5F0C1728AD27

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-06-12 08:00] - [2013-04-24 06:00] - 0133120 ____A (Microsoft Corporation) 3EDE4C1F9672C972479201544969ADCB

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Alt 19.06.2013, 19:00   #14
schrauber
/// the machine
/// TB-Ausbilder
 
GVU Trojaner auf Laptop Keine Lösung - Standard

GVU Trojaner auf Laptop Keine Lösung


http://download.bleepingcomputer.com...sta/wscsvc.reg

Bitte laden und ausführen, reboot und frisches FSS Logfile.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.06.2013, 19:25   #15
Greaser69
 
GVU Trojaner auf Laptop Keine Lösung - Standard

GVU Trojaner auf Laptop Keine Lösung


Hier die erste:

Code:
ATTFilter
 AdwCleaner v2.303 - Datei am 19/06/2013 um 20:15:00 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Sascha - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sascha\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\vdq6ogev.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Users\Sascha\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\vdq6ogev.default\extensions\staged
Ordner Gelöscht : C:\Users\Sascha\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKU\S-1-5-21-4166308108-578177805-213925538-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac-43d9-b0aa-de47606421bf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=02/05/2013&type=hp1000 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac-43d9-b0aa-de47606421bf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=02/05/2013&type=hp1000 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac-43d9-b0aa-de47606421bf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=02/05/2013&type=hp1000 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac-43d9-b0aa-de47606421bf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=02/05/2013&type=hp1000 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac-43d9-b0aa-de47606421bf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=02/05/2013&type=hp1000 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac-43d9-b0aa-de47606421bf&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=02/05/2013&type=hp1000 --> hxxp://www.google.com

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\vdq6ogev.default\prefs.js

Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=[...]
Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.415] : homepage = "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=052a6f74-6bac[...]
Gelöscht [l.474] : urls_to_restore_on_startup = [ "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=[...]

*************************

AdwCleaner[S1].txt - [5514 octets] - [19/06/2013 20:15:00]

########## EOF - C:\AdwCleaner[S1].txt - [5574 octets] ##########
die nächste

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Sascha on 19.06.2013 at 22:00:43,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\system32\turegopt.exe"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{040A37F9-7223-4202-B195-3592A42CCC81}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{043677AB-07C3-4ED8-A13D-148A7EE6F761}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{06814E9B-5EC3-483C-8A6F-20EF268D69D5}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{08BC8B06-3F73-4C77-984A-9197064B63C3}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{0A99A844-ABB3-41BB-B0CC-BD4323531919}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{0AC30564-BC06-41EE-954C-AFAB67228242}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{0C07C301-A33B-483C-8EA4-61EEFBE6A0DF}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{0C580507-E3A1-4426-B728-A9346F671231}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{0C93A8FF-7AD8-450B-9705-3CC4E5848B0A}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{0E4E9267-F9B0-439B-B2FA-F8992EB21004}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{0F098CE7-72F0-4612-94E1-B4B7ED52472E}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{0FCBF0F7-5510-4828-B138-7CB45CFC8A51}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{10648C40-6E45-4DCB-B65F-8197E9E0F2E4}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{114FB603-D025-4542-9F41-DC35911DFDD2}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{1199C879-EF81-4E12-BA62-6DB22C359E78}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{14DA17F3-B02A-40E9-A7A7-23E06EF8DFAA}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{175654DB-17A2-4790-AED1-4E8A525AA8AB}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{1774C9CA-FF9A-45B0-A673-AB073DE90549}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{17E1AA47-9CD0-4889-A784-FAB931D5E2D9}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{1911D75C-4B76-4E6E-A198-41ABC16D19FE}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{193F4306-968C-4A96-A861-7128D5492C00}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{1A0F6E7F-68C5-427E-A568-CFDAC9621BF6}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{1B193544-2339-44A0-8CFA-DCE0C44D4550}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{1DB80A90-806E-4E03-82CD-63908FE0B696}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{1E62249D-E1EC-4D64-A51B-84156A955FC2}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{1EE62785-14BA-4A7D-8421-CAA63AAA88A5}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{1F0AAF11-11B8-433A-975E-9912528C1E18}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{1FFF07BA-1542-4414-BD6D-8043923F6663}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{20DEBCBC-B9B5-4431-B8A9-AB0EBB4471D7}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{20E5BC61-5712-4840-BB86-2CCADFCD9D2A}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{2174EF0A-E251-42D4-A687-D0C20366447C}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{22AB2B0E-E531-4570-A28B-80968E27AE26}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{22B5ED56-1787-4C8C-B672-225AC28B2BAB}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{26061108-C159-4F8D-9F13-30DFB9069A75}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{289D1316-955E-432E-9E4B-34196923EC96}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{2BF925AE-F570-46F1-B9B0-D09758C23CE5}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{2C38B451-53DC-462F-AB18-C557B453ED31}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{2D21DA5C-B94D-47D2-BE02-CA98BCA6BCA3}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{2D622C49-8BA5-4E7D-A6BE-92F7443387BE}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{32842F81-44CD-44CA-89E5-B331DBC53CE5}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{330B9C12-DAAC-48AD-B516-531BC4AAF693}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{331C4F76-FEC9-43A1-9DDD-482754D39648}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{337F6D83-51E0-4154-A609-3F7B282DF622}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{3464CEB9-CAAD-4E12-AE90-4557B55D65C1}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{3479D19D-F1C1-497E-8A03-AD20E5B65EE3}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{34B3EC3F-55D5-45EA-9590-B26F287597C0}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{351427E2-3273-4682-8B8D-FE4522F8387A}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{365997CA-7F06-4434-9426-BB4BE7D7D9D2}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{376EE9B9-43A9-4D9E-B90F-7A7D35007E43}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{37740CA7-FCEC-4E2E-A28F-BBAE7A299A06}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{382C866D-70E5-4D37-BFD8-71F160F5B8F9}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{38602D90-0877-42B3-BDC4-6826C8EFBEBE}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{3978358C-A39E-4203-92EB-9973EC9A1EE5}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{39DA3B2B-FB39-4D3B-98F1-E91D779CCB7D}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{3B07C496-7649-493F-BCA0-1F21B0E11C39}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{3B86AF82-0884-4F42-85D5-2B308EACD1C4}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{3C2E3FDB-F1B4-462B-B1DB-368FB5F8A39C}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{3C2E9FB2-BC93-4AA4-81B1-B9E17570B7D6}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{3CB9160E-70A6-4DD5-BBC8-D83C35683722}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{3FB2DFF8-590D-4AE1-890A-842D6BD254BE}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{4057FDDE-1DB3-4B05-A0E7-2AB4E7F230F6}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{431EFB4D-50D7-4EC1-B464-351941DE734B}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{45EFAAD9-66AA-4F04-A647-69CBFAB4196B}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{46D2EECF-2044-45F6-951B-E002662B63F1}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{48A04672-3FDB-444F-8F84-235745DB8B9D}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{49FEA84D-E6C7-4387-A73F-93BA35BB1505}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{4A4C7638-556C-4A83-AB58-288475DF4E08}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{4BECADFC-252B-4202-A3C8-B290F6E7D996}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{4C0653B8-3EC5-496E-82D1-8072412D2234}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{4F307A69-BBA3-4AFF-BCF9-A71F751FC06F}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{4FBAADA3-72DD-4DEC-BDAF-5EB13F0460C4}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{5013A76D-3382-4327-8055-02D6C7A1E126}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{51E257A2-5647-4B18-88DC-E23761C48D28}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{51E4ACD5-3541-4EAC-AEFE-C682DE4339F8}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{5221CADD-BF03-4EDF-A9EA-458806CEE657}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{52BC03FB-3AF5-4C2C-ACD7-531E0EC39144}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{53FFE563-9BB4-408F-9382-B213170A366E}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{55FAE1A7-1A84-4930-86C3-5DF30CD8564D}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{59D23779-1183-405A-A948-92D4C2A3E99D}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{5A317837-E8C8-4154-9518-CF8BA7624A76}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{5A775A51-61AE-403B-8237-C99BF48D43E8}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{5B277808-DA8D-4BB0-8C19-6B5A414DC692}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{5B9FD6C5-017C-4BF7-A237-10D2E7F3176C}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{5BBD3F47-8F1E-4273-B678-736C6174F526}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{5C81B2B4-691A-437C-BCF6-B43F5E1E0A09}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{5D7848CA-6FFE-454F-A455-49F47CC2D87D}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{607004BB-4995-4A8F-80C8-C22397BB2276}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{60A67A4F-11CA-42BC-8B70-40844A26790C}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{627DE8A8-1912-4498-8E78-91314E017350}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{6313B0CF-3933-478E-AEDC-66B40A5453B0}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{6352E556-ACBA-4C32-8FF8-A720F364DB75}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{64319415-B580-4BF4-85E8-E6A2FA5BC9FF}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{64838A2D-1A78-46A0-AB0E-AC04BA458AE0}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{64E64F1D-CA00-4308-A237-EE57CC6789D8}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{6865DC8E-8ACF-4B1E-AB51-C23A5871B748}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{6A09273F-5258-4AF2-8415-711FC69CD0EE}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{6BDEA796-FF65-4962-B5BF-B8C95D53C25F}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{6C0CCB34-FBC9-4E68-A1C1-1C70E2C2F911}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{71EBF496-5951-4692-A29F-F5F12B68E6D4}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{722A3EFC-4438-4761-97F5-C47B5D9F59BB}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{72C894BB-E3F8-47C2-B578-90109760D922}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{75C20B78-78AF-4E4E-807E-5534CBB29D9A}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{7693403F-AF5F-480E-814D-4D8922E0613E}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{76AFA30F-CE35-44FB-85BD-FD8CAA9833A2}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{77ACEC50-D20C-47B0-8C89-52D7498D2386}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{7A167CF7-217E-4508-A85D-D1E8395C72A4}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{7A3A89FD-59D2-45C1-A0DE-9BFED0FE852E}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{7A98F961-E3B1-42E2-A29F-29ECAB9916D4}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{7C12BA67-E3E0-4B02-8E9D-D5D84BED8627}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{7CA301FB-517A-4E33-A669-7908ED678452}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{7CAC3B42-0429-45A6-B5F8-4E6031E69986}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{7D832CEB-DEF5-47E7-9507-6415E338F6F0}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{7DA61C3F-6BF4-42CC-B722-A4EFA2A0C964}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{7E8F830D-947A-4175-BDE7-6E4BAAA9E4E6}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{7ED569FD-850C-4EC4-84EC-A43A1F408A9C}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{802D5544-A1EC-4F79-ABAD-171901DD8601}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{804EA65B-54E4-4188-B68D-D0444AE03645}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{8113CFDB-DE54-4113-BAC5-EABE7CEB4471}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{81C60ACA-888E-4998-A960-85A20E449C52}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{81E81CFB-6E24-4979-B24D-970A6117D216}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{8213312B-76A6-4A4F-A26A-D97237CC5795}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{8246BB81-F99D-4DA2-B306-E4AA2D688837}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{831D5191-EF14-446F-A854-C9032CCFFD3A}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{831FC0D6-B3A3-4CB5-A2FB-02A833AB01C4}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{83DDF25A-16F8-4C31-81D6-42B60F7FBF12}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{85452CB5-28BA-437C-AA6D-69647C8B7965}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{862FD817-1276-40E8-A605-100204249B4D}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{863067C1-65A1-4EF8-92F1-F2C59533840D}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{86A318EA-321C-4B4A-9DE7-7B239E0A12CE}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{8861E739-A860-484C-91CA-BF42E2B2E2E1}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{8B1EC42A-241F-4FFB-BAE7-C59483821C01}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{8B367973-1677-4581-8621-B51ABD431242}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{8C62EC53-0343-4F71-AAA4-FEF10181D694}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{8DC672AE-F060-4987-9B97-AD80CB9202C8}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{8E01525A-420B-4017-ABF9-0842E59B4972}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{8FA13C7D-0E68-477C-A134-0A891C0BE373}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{8FCF79C4-A1E7-4015-9244-D940CEC10201}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{9037F31D-B49D-4B4D-9B4B-EAB6AE09D807}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{91C9F424-F97E-4F73-BEDF-CA6CC0E407D6}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{97320B64-A793-4123-9573-CB14CD1E12C7}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{97FA5CCE-CC42-4BB1-9FB8-4C9E2CBCD85D}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{9971E494-9CC8-4A94-B837-89660397C930}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{9CF605D8-5D7A-46FA-815D-A18D6CC1BD59}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{9D0DD9C9-3868-4F40-8BBD-DA41873A08ED}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{9D0FDCD4-F772-43EC-82B6-6ABB5301D416}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{9D31C061-AFE4-42B7-B830-696873CC4171}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{9FC3BEB3-0943-4998-A7BA-EFB05235D3A3}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{A023F6C9-97C1-4634-9082-B3D0E9FEC74F}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{A119D424-7E4E-4201-B207-3C01751FCF1A}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{A1B0DFB5-56B7-4C48-832F-910D9FE33806}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{A21D7E49-AA11-4855-9FB9-B4F52C0720A0}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{A4286F91-FE4E-41A2-8C2B-A5184BEEBCBF}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{A5FCF3B9-0E84-48AD-9463-34819165EC89}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{A6E0EE74-FFC9-4BC3-A70B-9C10D3AF9E3F}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{A7BAA325-A346-4DF0-ABF5-5CF7F63E892C}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{AE492BC3-21CF-45DE-84A0-D0481707E34D}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{AE850815-BBCD-4C14-B0D4-992381AEC3ED}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{AF469D13-AF2D-4E90-9B1B-AD52C1951204}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{AF7A6780-7046-4EF9-B8B9-303435FA7BEE}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{B0E5975B-51AC-4C16-93EB-BDD970A9CA89}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{B183C84E-2D6C-4DF5-A1E6-84EAD0E5E3AF}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{B1B9A48E-079D-4042-9865-CA607D52717F}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{B3618183-8177-4F4F-8D29-DEBB823405FD}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{B388EFE7-32E0-4B2C-B88A-508CEFA37215}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{B43C3D73-57FA-4C17-A91E-D02153CFFD60}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{B5ACE0D5-D0FC-4C14-B679-CD51B4E8E2E6}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{B62B2764-A4A0-4735-9A50-F050FDB0E825}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{B665DFDE-45DD-4745-BA94-12A24D3AB2B5}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{B7A1F785-9AFE-4EC7-80F3-05FD4D7FEC3C}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{B7F297DF-C45F-45E7-8AF7-8A4019935BC9}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{B89FA6C6-984B-4D49-A070-5F74B835E19E}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{BC942CB0-2D1D-4BBC-AA61-4F571AECC8AA}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C054A20C-3AE0-4378-ABD4-DDFEB847A621}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C11F6A79-AF84-46F5-93E6-E2A220329269}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C1972C6F-CF77-4EBD-A914-A5B4071CE6DD}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C2717AB3-A3BC-4EC3-94E4-B0EFB8F1DF59}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C2AAF76E-2F6F-4322-A65C-C7491F47293A}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C3E0B634-0536-4187-AAB6-2ABC5D13D94C}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C4457388-7DE0-4B44-A60D-F6652B0AAE81}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C4663B77-5A16-4181-A99F-20AA2619CFCA}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C4C1707A-9A80-4025-A4F6-71AC542D2805}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C4F9AAAE-9B87-416A-998D-186765096D13}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C55BD4DA-B583-4C37-A20D-0732603D42F4}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C7E2D82E-505F-4114-A5B9-6B3EE8FE005A}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C873A952-0F7B-4E31-B805-52D5E2B70C85}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C91DE6AD-9C53-4658-9305-4A9546362686}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C944FED3-324E-4FBD-8959-A3DB723A9CF8}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{C9715C0C-0CDD-4D90-99AF-D3AF71DE445B}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{CA24665C-0856-4953-B44D-2D4ACF190525}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{CC82AB1B-2C57-4C8D-841F-0CB49CA2579A}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{CDB448D6-E7D9-4785-9E7F-62391F26127A}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{CDEBD3A7-14E8-4151-B73B-0DCEEE4D94E1}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{CF75CD73-BBDF-4B85-BCEC-6FDA535E7DDE}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{D187AA80-CD56-4175-AACD-C19EDB970256}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{D1DDE872-E77B-44E9-B81F-BB5D1CCECECF}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{D44B7BF9-7451-4BB8-9D82-22AF4449CA15}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{D52B942E-A44F-4B7C-8ABE-4CB1105FF658}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{D63751E2-866C-45B0-8A6A-C4185B186E95}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{D7F79A8C-704E-4E1E-88EE-A282870D6D06}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{DA680267-D539-4F00-8C38-0FAB5AD56DBE}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{DA7A2B47-923C-40D6-B981-F134E15EBC68}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{DB397397-7220-4A95-B275-96B0488CC9ED}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{DB776018-BCA3-4205-988F-94C79B7E7FC3}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{DCB0EBEE-327B-416E-A087-8F84C7B29513}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{DE33FB9B-EB8F-44C4-9461-0D96004521C1}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{DE5B3D45-A506-4E6C-8C49-CCD1D4B20E62}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{DE8A5DA8-52E9-4AFB-B47E-F914E46E029F}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{DEC3FB5B-2264-4F77-BCD6-58CDBEE4EB9E}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{DFB3BBEC-3CFC-480A-8D05-C7DB9A444E43}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{E08F0005-7BE1-46A7-83DE-E79ED594AD90}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{E0A2FBE0-1EEE-461A-92D5-C273B77D1412}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{E16AA402-F30B-4050-9A7D-2D2C47287C1E}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{E1B2D581-3C9B-4AD9-AE4F-34B2ABF27E18}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{E454BC2D-B560-4149-91CC-764BEC6EF21D}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{E49A3B26-2029-4E98-A1D1-8AC17FC777D1}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{E5A3998C-7C8B-466F-8B91-DF39C7DCA68F}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{E7ADF7F8-8F2D-45DD-8DEE-C7ED6C98F30F}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{E83EA1F1-82AB-4B6E-9226-0A8568554E4A}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{E9AAB327-4841-43C7-A106-855F431E5CC6}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{EA4BE88E-E0E6-46C8-8337-E38A7D7710F1}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{EADA91CB-9F0B-41B1-BB98-4EDFF23B6D2B}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{EC2F0E88-5F4F-4623-8522-93DF87543AA0}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{EE6B793F-E9FB-4A54-9AB0-3DBB4F0CD814}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{F022FC03-C70E-4750-AB18-802164F0D1BA}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{F06151E4-CDFF-46E5-A6A2-C78C2C3B3B26}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{F103DB86-08A5-4AE0-BAF3-BEE86D8261D7}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{F1D1A1FC-CBC2-4595-B89A-E31B10B565F7}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{F277D226-5788-4798-AABE-6835726FDFD5}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{F2AB78FA-C330-4D39-99DC-52DF64A7141E}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{F3B837D0-4BA1-40B7-871D-A0A102844330}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{F604CB43-D79B-4310-92CC-1D3EB5D2A379}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{F614159E-4179-4D13-A804-F0B6E7F01A14}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{F617A7B1-6E3A-4454-A007-5BADD57B391B}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{F784ADCC-0263-46DD-890D-A7407B30D0E8}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{F7E9A4D1-9F33-4C2D-B6D9-177B51CA810C}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{F8125A98-FCBC-40DE-BA4F-F344658D3587}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{FA2A6912-44C7-4562-A748-7023E2AE7A7B}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{FA7D71FD-BB86-4B2E-8EB1-2C348C49F87F}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{FD491E4A-3D81-47EB-92CC-2B0D20E610B4}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{FE6BA156-C701-4481-A66D-3B96201DB31C}
Successfully deleted: [Empty Folder] C:\Users\Sascha\appdata\local\{FEAFD23F-87FF-4A85-B98D-84443086AE66}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.06.2013 at 22:03:21,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hier der Eset
er zeigt an 3 infected files

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=85e2aab80c7b504f8b67776888411470
# engine=14113
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-19 11:36:04
# local_time=2013-06-20 01:36:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3591 16777213 100 93 57229 134281549 0 0
# compatibility_mode=5892 16776574 66 100 116649135 209217692 0 0
# scanned=234474
# found=3
# cleaned=0
# scan_time=12237
sh=F161D7CB90D86628F6598BBB24D10732B299C61E ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\Sascha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y4C74TC6\first[1].htm"
sh=5DB1A94A1292F715DC8F62B7C17935DB30C19241 ft=0 fh=0000000000000000 vn="probably a variant of Java/Exploit.Agent.NMS trojan" ac=I fn="C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\3e3e6599-522b294b"
sh=69F954DB8763D982D5A4D4BF0D25984F901F3B41 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.KH trojan" ac=I fn="C:\Users\Sascha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\3c56caab-13c054fe"
bei security check
kam unsupported system. aborted.
geht also nicht bei mir

hier der frst log


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by Sascha (administrator) on 20-06-2013 07:43:22
Running from C:\Users\Sascha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MHV8LUB
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Nero AG) C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPO\TempoSVC.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Nero AG) C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\X-TENSIONS Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [509496 2007-04-03] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [90112 2006-11-10] ()
HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [204800 2007-07-27] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2007-10-29] (Toshiba Europe GmbH)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s [958352 2011-08-22] (Samsung)
HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3507088 2011-08-22] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe [593784 2012-10-25] (BlueStack Systems, Inc.)
HKLM\...\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [5178664 2012-02-28] (Nero AG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [413696 2006-11-13] (TOSHIBA)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Center Agent] C:\Program Files\X-TENSIONS Multimedia\HyperMediaCenter\DTVR\Scheduled.exe [1524224 2008-01-10] ()
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-08-08] (Google Inc.)
HKCU\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-08-22] ()
HKCU\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKCU\...\Run: [Messenger (Yahoo!)] "D:\\Messenger\YahooMessenger.exe" -quiet [x]
HKCU\...\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [5178664 2012-02-28] (Nero AG)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {0ba30697-7bf1-11e2-8167-001eec02028b} - H:\iStudio.exe
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
SearchScopes: HKLM - {74DD18FC-EF2E-47C4-836C-B1DFCDE49EB3} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\vdq6ogev.default
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - D:\Neuer Ordner (2)\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\vdq6ogev.default\Extensions\{052a6f74-6bac-43d9-b0aa-de47606421bf}

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Google Drive) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Norton Identity Protection) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0
CHR Extension: (Gmail) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393080 2012-10-25] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384888 2012-10-25] (BlueStack Systems, Inc.)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 NeroMediaHomeService.4; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 NIS; C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPO\TempoSVC.exe [95624 2007-10-29] (Toshiba Europe GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [327296 2007-12-06] (AfaTech                  )
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63864 2012-10-25] (BlueStack Systems)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S4 CplIR; C:\Windows\system32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-11-08] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130619.001\IDSvix86.sys [386720 2013-05-28] (Symantec Corporation)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130619.016\NAVENG.SYS [93272 2013-05-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130619.016\NAVEX15.SYS [1611992 2013-05-27] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SYMDNS; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMDNS.SYS [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [x]
S3 SYMREDRV; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS [x]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-19 22:03 - 2013-06-19 22:03 - 00026491 ____A C:\Users\Sascha\Desktop\JRT.txt
2013-06-19 22:00 - 2013-06-19 22:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 22:00 - 2013-06-19 22:00 - 00000000 ____D C:\JRT
2013-06-19 20:25 - 2013-06-19 20:25 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Sascha\Desktop\JRT.exe
2013-06-19 20:15 - 2013-06-19 20:15 - 00005643 ____A C:\AdwCleaner[S1].txt
2013-06-19 20:13 - 2013-06-19 20:13 - 00648201 ____A C:\Users\Sascha\Desktop\adwcleaner.exe
2013-06-19 20:04 - 2013-06-19 20:04 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2013-06-19 17:27 - 2013-06-19 17:27 - 00003545 ____A C:\Users\Sascha\Desktop\FSS.txt
2013-06-19 13:38 - 2013-06-19 13:38 - 00000000 ____D C:\FRST
2013-06-13 07:58 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 07:58 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 07:58 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 07:58 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 07:58 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 07:58 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 07:58 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 07:58 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 07:58 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 07:58 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 07:58 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 07:58 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 07:58 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 07:58 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 07:58 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 07:58 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 08:36 - 2013-06-12 08:36 - 00193024 ____A C:\Users\Sascha\Documents\Prod-Info6feet.xls
2013-06-12 08:05 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:00 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 08:00 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 08:00 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:00 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 08:00 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:00 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:00 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:00 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:00 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:00 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-06-20 06:18 - 2006-11-02 14:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-20 06:18 - 2006-11-02 14:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-20 01:39 - 2009-07-14 21:21 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-20 01:13 - 2012-03-30 07:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 22:03 - 2013-06-19 22:03 - 00026491 ____A C:\Users\Sascha\Desktop\JRT.txt
2013-06-19 22:00 - 2013-06-19 22:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 22:00 - 2013-06-19 22:00 - 00000000 ____D C:\JRT
2013-06-19 20:39 - 2009-07-14 21:21 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 20:25 - 2013-06-19 20:25 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Sascha\Desktop\JRT.exe
2013-06-19 20:24 - 2008-04-16 11:04 - 01683672 ____A C:\Windows\WindowsUpdate.log
2013-06-19 20:20 - 2008-04-17 09:52 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-19 20:18 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 20:15 - 2013-06-19 20:15 - 00005643 ____A C:\AdwCleaner[S1].txt
2013-06-19 20:15 - 2006-11-02 15:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-19 20:13 - 2013-06-19 20:13 - 00648201 ____A C:\Users\Sascha\Desktop\adwcleaner.exe
2013-06-19 20:04 - 2013-06-19 20:04 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2013-06-19 20:03 - 2011-01-14 13:18 - 00000000 ____D C:\Users\Sascha\AppData\Local\CrashDumps
2013-06-19 17:27 - 2013-06-19 17:27 - 00003545 ____A C:\Users\Sascha\Desktop\FSS.txt
2013-06-19 16:51 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-19 15:54 - 2009-02-14 12:02 - 00000680 ____A C:\Users\Sascha\AppData\Local\d3d9caps.dat
2013-06-19 15:29 - 2006-11-02 12:33 - 01483132 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 13:38 - 2013-06-19 13:38 - 00000000 ____D C:\FRST
2013-06-19 09:41 - 2008-12-19 18:02 - 00000000 ____D C:\Windows\System32\Drivers\NIS
2013-06-19 09:39 - 2008-12-19 18:02 - 00002557 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-06-19 08:04 - 2008-12-19 18:02 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-19 08:04 - 2008-09-13 00:48 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-18 14:18 - 2009-03-27 22:17 - 00001052 ____A C:\Windows\Tasks\Google Software Updater.job
2013-06-18 08:03 - 2008-04-22 14:20 - 00002605 ____A C:\Users\Sascha\Desktop\Microsoft Word.lnk
2013-06-14 10:09 - 2008-04-20 10:10 - 00098816 ____A C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-14 08:45 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 22:47 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 07:50 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 08:36 - 2013-06-12 08:36 - 00193024 ____A C:\Users\Sascha\Documents\Prod-Info6feet.xls
2013-06-11 19:49 - 2012-03-30 07:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 19:49 - 2011-05-31 10:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-05 09:13 - 2008-08-27 18:42 - 00172032 ____H C:\Users\Sascha\Documents\~WRL2228.tmp
2013-05-30 17:01 - 2013-05-04 22:03 - 00267128 ____A C:\Windows\PFRO.log
2013-05-29 08:25 - 2012-06-21 09:32 - 00000000 ____D C:\Program Files\Citrix
2013-05-29 08:20 - 2008-04-17 21:43 - 00000000 ____D C:\Program Files\Google
2013-05-29 07:53 - 2008-12-19 16:54 - 00000000 ____D C:\ProgramData\Norton
2013-05-28 12:22 - 2008-12-19 18:02 - 00000000 ____D C:\Program Files\Symantec

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-19 20:25

==================== End Of Log ============================
--- --- ---

--- --- ---

Antwort
Seite 1 von 2 1 2

Themen zu GVU Trojaner auf Laptop Keine Lösung
avira, avira rescue, bypass, failed, gvu trojaner, heute, html/iframe.b.gen, java/exploit.agent.nms, java/exploit.cve-2012-1723.kh, laptop, laufwerk, lösung, morgen, rescue, troja, trojaner, usb, versuch, versucht, window


« Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" | wssetup.exe von Perion Network Ltd. fragt nach jedem Hochfahren des Computers nach Bestätigung »


Ähnliche Themen: GVU Trojaner auf Laptop Keine Lösung


  1. BKA-Virus, Hab bis jetzt keine Lösung gefunden!
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (18)
  2. Weisser bildschirm und keine lösung in sicht:(
    Log-Analyse und Auswertung - 12.03.2012 (4)
  3. GEMA Trojaner, bisher keine Lösung gefunden, OTPLE Log
    Log-Analyse und Auswertung - 16.11.2011 (12)
  4. Viele Probleme , keine Lösung ....
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (1)
  5. Youtube Lags.. Finde keine Lösung.
    Diskussionsforum - 18.03.2010 (1)
  6. Virenprobleme und keine Lösung
    Log-Analyse und Auswertung - 12.03.2010 (2)
  7. TR/Vundo.FUL9-keine Lösung
    Plagegeister aller Art und deren Bekämpfung - 13.11.2008 (2)
  8. TR/Vundo.Ful9-keine Lösung
    Mülltonne - 09.11.2008 (0)
  9. Sehr langsamer PC - keine Lösung gefunden!
    Log-Analyse und Auswertung - 28.05.2008 (0)
  10. NTOS.exe und ich find einfach keine Hilfe und Lösung
    Mülltonne - 04.09.2007 (1)
  11. Ein Haufen Probleme und keine Lösung in Sicht!
    Plagegeister aller Art und deren Bekämpfung - 23.07.2007 (4)
  12. Ich habe keine Lösung mehr!
    Plagegeister aller Art und deren Bekämpfung - 25.06.2007 (19)
  13. Mailversand, aber keine Lösung
    Log-Analyse und Auswertung - 24.12.2006 (6)
  14. Finde keine Lösung
    Log-Analyse und Auswertung - 20.04.2005 (2)
  15. Keine Lösung für TR/StartPage.ig.1
    Plagegeister aller Art und deren Bekämpfung - 06.11.2004 (2)
  16. Extrem Fall! Keine Lösung in Sich...
    Plagegeister aller Art und deren Bekämpfung - 11.07.2004 (12)
  17. Wurm Trojaner o.ä. weiß keine Lösung mehr!!!
    Plagegeister aller Art und deren Bekämpfung - 04.06.2004 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner auf Laptop Keine Lösung - Habe mir heute morgen den GVU Trojaner eingefangen. Laptop mit Window Vista Habe Avira Rescue Disc und Kaspery Disc versucht, aber das CD Laufwerk nimmt sie nicht an zum booten. - GVU Trojaner auf Laptop Keine Lösung...
Archiv
Du betrachtest: GVU Trojaner auf Laptop Keine Lösung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131