GVU Trojaner entfernen

Tankwart · 08.07.2013, 09:21

Hallo zusammen,

habe hier einen Rechner mit einem GVU Trojaner darauf.

Ich hoff mir kann jemand helfen, diverse Rescue Discs finden nichts.

Hier das Logfile von Farbar Recov.:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 08-07-2013 10:03:44
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\" [24576 2009-05-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum

n /alerts

n /notifications

n /fl

n /fr

n /appData

n /tmcp

n [53248 2009-10-22] (HP)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1573576 2012-10-16] (Ask)
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [DATEV Update-Monitor] "C:\Datev\PROGRAMM\Install\DvInesASDMon.Exe" [288352 2012-08-29] (DATEV eG)
HKLM-x32\...\Run: [AgentMonitor] O:\LLN\VTech\DownloadManager\System\AgentMonitor.exe [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Gerhard Wagner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-09-03] (Google Inc.)
HKU\Gerhard Wagner\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\GERHAR~1\AppData\Local\Temp\vnujfohxewptajxxp.exe [43008 2013-07-05] (NVIDIA Corporation) <===== ATTENTION
HKU\Gerhard Wagner\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Gerhard Wagner\...\Command Processor: "C:\Users\GERHAR~1\AppData\Local\Temp\vnujfohxewptajxxp.exe" <===== ATTENTION!
Startup: C:\ProgramData\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\Datev\PROGRAMM\BSoffice\service\OfficeDiag.exe (DATEV eG)
Startup: C:\ProgramData\Start Menu\Programs\Startup\CleanupPrintJobs.lnk
ShortcutTarget: CleanupPrintJobs.lnk -> C:\Datev\PROGRAMM\B0001401\CleanupPrintJobs.exe (TODO: <Firmenname>)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\Datev\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

S2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation)
S3 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-02] (DATEV eG)
S2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-13] (DATEV eG)
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
S2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
S2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4586760 2013-03-13] (StorageCraft Technology Corporation)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S2 StorageCraft ImageReady; C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe [4408000 2013-03-13] ()
S2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [94984 2013-03-13] (StorageCraft Technology Corporation)
S3 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
S2 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
S3 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
S3 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-12] (CSR, plc)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130702.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130702.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130705.002\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130705.002\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130705.002\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130705.002\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [117000 2013-03-13] (StorageCraft Technology Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
S0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [283400 2013-03-13] (StorageCraft Technology Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-01] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
S0 dmboot;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-08 10:03 - 2013-07-08 10:03 - 00000000 ____D C:\FRST
2013-07-05 23:51 - 2013-07-06 00:59 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-07-05 12:05 - 2013-07-05 12:05 - 00163073 ____A C:\ProgramData\2433f433
2013-07-05 12:05 - 2013-07-05 12:05 - 00163062 ____A C:\Users\Gerhard Wagner\AppData\Local\2433f433
2013-07-05 12:05 - 2013-07-05 12:05 - 00163008 ____A C:\Users\Gerhard Wagner\AppData\Roaming\2433f433
2013-06-28 08:27 - 2013-06-28 08:27 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (3).zip
2013-06-24 06:10 - 2013-06-24 06:10 - 00000010 ____A C:\Users\Gerhard Wagner\Desktop\Neues Textdokument (2).txt
2013-06-24 05:54 - 2013-06-24 06:53 - 00000000 ____D C:\Users\Gerhard Wagner\Downloads\mailpv
2013-06-24 05:54 - 2012-05-04 15:24 - 00015842 ____A C:\Users\Gerhard Wagner\Downloads\mailpv.chm
2013-06-24 05:54 - 2012-05-04 15:24 - 00011877 ____A C:\Users\Gerhard Wagner\Downloads\readme.txt
2013-06-24 05:53 - 2013-06-24 05:53 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (4).zip
2013-06-24 05:52 - 2013-06-24 05:52 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (2).zip
2013-06-24 05:52 - 2013-06-24 05:52 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (1).zip
2013-06-24 05:06 - 2013-06-24 05:05 - 00375970 ____A C:\Users\Gerhard Wagner\Downloads\FRITZ.Box Fon WLAN 7390 84.05.52_24.06.13_1505.export
2013-06-24 00:57 - 2013-06-29 11:55 - 00000000 ____D C:\Users\Gerhard Wagner\Desktop\downgrade fritzbox
2013-06-24 00:44 - 2013-06-24 00:44 - 00077608 ____A C:\Users\Gerhard Wagner\Downloads\Setup.exe
2013-06-24 00:37 - 2013-06-24 00:37 - 15800320 ____A C:\Users\Gerhard Wagner\Downloads\FRITZ.Box_Fon_WLAN_7390.AnnexB.84.05.52.image
2013-06-13 02:44 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 02:44 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 02:44 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 02:44 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 02:44 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 02:44 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 02:44 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-13 02:44 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-13 02:44 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-13 02:44 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-13 02:44 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-13 02:44 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 01:17 - 2013-06-13 01:17 - 00275320 ____A C:\Windows\Minidump\061313-5881-01.dmp
2013-06-13 00:49 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 00:49 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 00:49 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 00:49 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 00:49 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 00:49 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 00:49 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 00:49 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 00:49 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 00:49 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 00:49 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 00:49 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 00:49 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 00:49 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 00:49 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 00:49 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 00:49 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 00:49 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 00:49 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 12:31 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 12:31 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 12:31 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 12:31 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 12:31 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 12:31 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 12:31 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 12:31 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 12:31 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 12:31 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 12:31 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 12:31 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 12:31 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 12:31 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-08 10:03 - 2013-07-08 10:03 - 00000000 ____D C:\FRST
2013-07-07 23:52 - 2013-03-08 02:59 - 00006470 ____A C:\Windows\setupact.log
2013-07-07 23:52 - 2012-03-06 09:14 - 01660679 ____A C:\Windows\WindowsUpdate.log
2013-07-07 23:52 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 23:50 - 2012-03-06 18:09 - 00762792 ____A C:\Windows\System32\perfh007.dat
2013-07-07 23:50 - 2012-03-06 18:09 - 00173498 ____A C:\Windows\System32\perfc007.dat
2013-07-07 23:50 - 2009-07-13 21:13 - 01799866 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-07 23:47 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-07 23:47 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-07 23:28 - 2009-07-13 20:45 - 00367816 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-07 22:15 - 2012-09-03 00:21 - 00001122 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-06 06:54 - 2013-03-07 19:13 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-07-06 00:59 - 2013-07-05 23:51 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-07-05 12:08 - 2012-04-22 21:00 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-05 12:07 - 2012-09-03 00:21 - 00001126 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-05 12:05 - 2013-07-05 12:05 - 00163073 ____A C:\ProgramData\2433f433
2013-07-05 12:05 - 2013-07-05 12:05 - 00163062 ____A C:\Users\Gerhard Wagner\AppData\Local\2433f433
2013-07-05 12:05 - 2013-07-05 12:05 - 00163008 ____A C:\Users\Gerhard Wagner\AppData\Roaming\2433f433
2013-07-04 03:39 - 2010-11-20 19:47 - 00074674 ____A C:\Windows\PFRO.log
2013-07-01 12:46 - 2012-11-27 06:16 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-06-29 11:55 - 2013-06-24 00:57 - 00000000 ____D C:\Users\Gerhard Wagner\Desktop\downgrade fritzbox
2013-06-29 11:54 - 2012-12-19 07:16 - 00000000 ____D C:\Users\Gerhard Wagner\AppData\Local\FRITZ!
2013-06-28 08:27 - 2013-06-28 08:27 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (3).zip
2013-06-24 10:40 - 2012-09-03 00:21 - 00000000 ____D C:\Users\Gerhard Wagner\AppData\Local\Google
2013-06-24 06:53 - 2013-06-24 05:54 - 00000000 ____D C:\Users\Gerhard Wagner\Downloads\mailpv
2013-06-24 06:10 - 2013-06-24 06:10 - 00000010 ____A C:\Users\Gerhard Wagner\Desktop\Neues Textdokument (2).txt
2013-06-24 05:53 - 2013-06-24 05:53 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (4).zip
2013-06-24 05:52 - 2013-06-24 05:52 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (2).zip
2013-06-24 05:52 - 2013-06-24 05:52 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (1).zip
2013-06-24 05:05 - 2013-06-24 05:06 - 00375970 ____A C:\Users\Gerhard Wagner\Downloads\FRITZ.Box Fon WLAN 7390 84.05.52_24.06.13_1505.export
2013-06-24 00:44 - 2013-06-24 00:44 - 00077608 ____A C:\Users\Gerhard Wagner\Downloads\Setup.exe
2013-06-24 00:37 - 2013-06-24 00:37 - 15800320 ____A C:\Users\Gerhard Wagner\Downloads\FRITZ.Box_Fon_WLAN_7390.AnnexB.84.05.52.image
2013-06-21 03:08 - 2012-09-03 00:21 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-19 11:29 - 2012-03-07 06:49 - 00000000 ____D C:\ProgramData\Norton
2013-06-19 11:24 - 2013-05-19 09:03 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-06-18 12:20 - 2012-03-07 05:30 - 01776824 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-18 05:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-13 09:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:04 - 2012-09-03 11:05 - 00002669 ____A C:\Users\Public\Desktop\TAXMAN 2012 spezial.lnk
2013-06-13 05:08 - 2012-04-22 21:00 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 05:08 - 2012-03-07 05:43 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-13 01:17 - 2013-06-13 01:17 - 00275320 ____A C:\Windows\Minidump\061313-5881-01.dmp
2013-06-13 01:17 - 2013-04-23 11:56 - 614690721 ____A C:\Windows\MEMORY.DMP
2013-06-13 01:17 - 2013-04-23 11:56 - 00000000 ____D C:\Windows\Minidump
2013-06-13 00:56 - 2009-07-13 21:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-13 00:50 - 2009-07-13 18:34 - 00000534 ____A C:\Windows\win.ini
2013-06-13 00:49 - 2012-04-22 06:47 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 11:36 - 2013-03-13 00:30 - 00001090 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-06-08 06:08 - 2013-06-13 02:44 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 06:07 - 2013-06-13 02:44 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 06:06 - 2013-06-13 02:44 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 06:06 - 2013-06-13 02:44 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 06:06 - 2013-06-13 02:44 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 04:28 - 2013-06-13 02:44 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 03:42 - 2013-06-13 02:44 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 03:40 - 2013-06-13 02:44 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 03:40 - 2013-06-13 02:44 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 03:40 - 2013-06-13 02:44 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 03:40 - 2013-06-13 02:44 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 03:13 - 2013-06-13 02:44 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Files to move or delete:
====================
C:\ProgramData\1813545.bat
C:\ProgramData\1813545.pad
C:\ProgramData\1813545.reg

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 8174.45 MB
Available physical RAM: 7138.95 MB
Total Pagefile: 8172.64 MB
Available Pagefile: 7158.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:51.63 GB) NTFS (Disk=1 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:465.72 GB) (Free:420.19 GB) NTFS (Disk=0 Partition=2)
Drive e: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=1 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive f: (W7SP1_PROFESSIONAL) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:7.6 GB) (Free:7.6 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: D5136530)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: D1DC332E)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 8 GB) (Disk ID: 4EAB0811)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)

LastRegBack: 2013-07-03 05:40

==================== End Of Log ============================

schrauber · 08.07.2013, 09:28

hi,

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Gerhard Wagner\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\GERHAR~1\AppData\Local\Temp\vnujfohxewptajxxp.exe [43008 2013-07-05] (NVIDIA Corporation) <===== ATTENTION
HKU\Gerhard Wagner\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Gerhard Wagner\...\Command Processor: "C:\Users\GERHAR~1\AppData\Local\Temp\vnujfohxewptajxxp.exe" <===== ATTENTION!
2013-07-05 12:05 - 2013-07-05 12:05 - 00163073 ____A C:\ProgramData\2433f433
2013-07-05 12:05 - 2013-07-05 12:05 - 00163062 ____A C:\Users\Gerhard Wagner\AppData\Local\2433f433
2013-07-05 12:05 - 2013-07-05 12:05 - 00163008 ____A C:\Users\Gerhard Wagner\AppData\Roaming\2433f433
C:\ProgramData\1813545.bat
C:\ProgramData\1813545.pad
C:\ProgramData\1813545.reg
C:\Users\GERHAR~1\AppData\Local\Temp\vnujfohxewptajxxp.exe

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Tankwart · 08.07.2013, 09:38

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013
Ran by SYSTEM at 2013-07-08 10:32:02 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

HKU\Gerhard Wagner\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\GERHAR~1\AppData\Local\Temp\vnujfohxewptajxxp.exe [43008 2013-07-05 => Value not found.
HKU\Gerhard Wagner\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Gerhard Wagner\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Gerhard Wagner\AppData\Local\2433f433 => Moved successfully.
C:\Users\Gerhard Wagner\AppData\Roaming\2433f433 => Moved successfully.
C:\ProgramData\1813545.bat => Moved successfully.
C:\ProgramData\1813545.pad => Moved successfully.
C:\ProgramData\1813545.reg => Moved successfully.
C:\Users\GERHAR~1\AppData\Local\Temp\vnujfohxewptajxxp.exe => Moved successfully.

==== End of Fixlog ====

schrauber · 08.07.2013, 09:47

neu boote, jubilieren

Tankwart · 08.07.2013, 09:51

Hi Schrauber,

vielen Dank für die sehr schnelle und sehr gute Hilfe.

Gruß
TankWart

schrauber · 08.07.2013, 09:52

Supi, dann machen wir aber noch Kontrollscans im normalen Windows

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Tankwart · 08.07.2013, 10:03

AdwCleaner[S2].txt:

Code:

ATTFilter

# AdwCleaner v2.304 - Datei am 08/07/2013 um 10:46:20 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Gerhard Wagner - GERHARDWAGNER
# Bootmodus : Normal
# Ausgeführt unter : K:\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Gerhard Wagner\AppData\Local\APN
Ordner Gelöscht : C:\Users\Gerhard Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Ordner Gelöscht : C:\Users\Gerhard Wagner\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Gerhard Wagner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.22] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.25] : keyword = "ask.com",
Gelöscht [l.29] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=8A[...]
Gelöscht [l.30] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]

*************************

AdwCleaner[R1].txt - [5135 octets] - [08/07/2013 10:44:46]
AdwCleaner[S1].txt - [327 octets] - [08/07/2013 10:44:58]
AdwCleaner[S2].txt - [4853 octets] - [08/07/2013 10:46:20]

########## EOF - C:\AdwCleaner[S2].txt - [4913 octets] ##########

FRST.txt:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Gerhard Wagner (administrator) on 08-07-2013 10:59:08
Running from K:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-09-03] (Google Inc.)
HKCU\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\GERHAR~1\AppData\Local\Temp\vnujfohxewptajxxp.exe [x] <===== ATTENTION
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\" [24576 2009-05-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on [53248 2009-10-22] (HP)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [DATEV Update-Monitor] "C:\Datev\PROGRAMM\Install\DvInesASDMon.Exe" [288352 2012-08-30] (DATEV eG)
HKLM-x32\...\Run: [AgentMonitor] O:\LLN\VTech\DownloadManager\System\AgentMonitor.exe [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\Datev\PROGRAMM\BSoffice\service\OfficeDiag.exe (DATEV eG)
Startup: C:\ProgramData\Start Menu\Programs\Startup\CleanupPrintJobs.lnk
ShortcutTarget: CleanupPrintJobs.lnk -> C:\Datev\PROGRAMM\B0001401\CleanupPrintJobs.exe (TODO: <Firmenname>)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\Datev\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Ask) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Gerhard Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Extension: (YouTube) - C:\Users\Gerhard Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Gerhard Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\Users\Gerhard Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0
CHR Extension: (Gmail) - C:\Users\Gerhard Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation)
R3 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG)
R2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4586760 2013-03-13] (StorageCraft Technology Corporation)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 StorageCraft ImageReady; C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe [4408000 2013-03-13] ()
R2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [94984 2013-03-13] (StorageCraft Technology Corporation)
S3 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R2 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
R3 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
R3 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130702.001\IDSvia64.sys [513184 2012-09-01] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130702.001\IDSvia64.sys [513184 2012-09-01] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130705.002\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130705.002\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130705.002\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130705.002\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [117000 2013-03-13] (StorageCraft Technology Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [283400 2013-03-13] (StorageCraft Technology Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-01] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
U0 dmboot; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-08 20:03 - 2013-07-08 20:03 - 00000000 ____D C:\FRST
2013-07-08 10:57 - 2013-07-08 10:57 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-08 10:57 - 2013-07-08 10:57 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-08 10:57 - 2013-07-08 10:57 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-08 10:57 - 2013-07-08 10:57 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-08 10:57 - 2013-07-08 10:57 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-08 10:55 - 2013-07-08 10:56 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Gerhard Wagner\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-08 10:52 - 2013-07-08 10:52 - 00001077 ____A C:\Users\Gerhard Wagner\Desktop\JRT.txt
2013-07-08 10:49 - 2013-07-08 10:49 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Gerhard Wagner\Downloads\JRT494.exe
2013-07-08 10:49 - 2013-07-08 10:49 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 10:49 - 2013-07-08 10:49 - 00000000 ____D C:\JRT
2013-07-08 10:46 - 2013-07-08 10:46 - 00004972 ____A C:\AdwCleaner[S2].txt
2013-07-08 10:44 - 2013-07-08 10:44 - 00005135 ____A C:\AdwCleaner[R1].txt
2013-07-08 10:44 - 2013-07-08 10:44 - 00000327 ____A C:\AdwCleaner[S1].txt
2013-07-06 09:51 - 2013-07-06 10:59 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-28 18:27 - 2013-06-28 18:27 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (3).zip
2013-06-24 16:10 - 2013-06-24 16:10 - 00000010 ____A C:\Users\Gerhard Wagner\Desktop\Neues Textdokument (2).txt
2013-06-24 15:54 - 2013-06-24 16:53 - 00000000 ____D C:\Users\Gerhard Wagner\Downloads\mailpv
2013-06-24 15:54 - 2012-05-05 01:24 - 00015842 ____A C:\Users\Gerhard Wagner\Downloads\mailpv.chm
2013-06-24 15:54 - 2012-05-05 01:24 - 00011877 ____A C:\Users\Gerhard Wagner\Downloads\readme.txt
2013-06-24 15:53 - 2013-06-24 15:53 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (4).zip
2013-06-24 15:52 - 2013-06-24 15:52 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (2).zip
2013-06-24 15:52 - 2013-06-24 15:52 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (1).zip
2013-06-24 15:06 - 2013-06-24 15:05 - 00375970 ____A C:\Users\Gerhard Wagner\Downloads\FRITZ.Box Fon WLAN 7390 84.05.52_24.06.13_1505.export
2013-06-24 10:57 - 2013-06-29 21:55 - 00000000 ____D C:\Users\Gerhard Wagner\Desktop\downgrade fritzbox
2013-06-24 10:44 - 2013-06-24 10:44 - 00077608 ____A C:\Users\Gerhard Wagner\Downloads\Setup.exe
2013-06-24 10:37 - 2013-06-24 10:37 - 15800320 ____A C:\Users\Gerhard Wagner\Downloads\FRITZ.Box_Fon_WLAN_7390.AnnexB.84.05.52.image
2013-06-13 12:44 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 12:44 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 12:44 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 12:44 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 12:44 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 12:44 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 12:44 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-13 12:44 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-13 12:44 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-13 12:44 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-13 12:44 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-13 12:44 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 11:17 - 2013-06-13 11:17 - 00275320 ____A C:\Windows\Minidump\061313-5881-01.dmp
2013-06-13 10:49 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 10:49 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 10:49 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 10:49 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 10:49 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 10:49 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 10:49 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 10:49 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 10:49 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 10:49 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 10:49 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 10:49 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 10:49 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 10:49 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 10:49 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 10:49 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 10:49 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 10:49 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 10:49 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 22:31 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 22:31 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 22:31 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 22:31 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 22:31 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 22:31 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 22:31 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 22:31 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 22:31 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 22:31 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 22:31 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 22:31 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 22:31 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 22:31 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-08 20:03 - 2013-07-08 20:03 - 00000000 ____D C:\FRST
2013-07-08 10:57 - 2013-07-08 10:57 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-08 10:57 - 2013-07-08 10:57 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-08 10:57 - 2013-07-08 10:57 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-08 10:57 - 2013-07-08 10:57 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-08 10:57 - 2013-07-08 10:57 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-08 10:57 - 2012-11-06 20:52 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-08 10:57 - 2012-11-06 20:52 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-08 10:56 - 2013-07-08 10:55 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Gerhard Wagner\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-08 10:55 - 2009-07-14 06:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 10:55 - 2009-07-14 06:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 10:52 - 2013-07-08 10:52 - 00001077 ____A C:\Users\Gerhard Wagner\Desktop\JRT.txt
2013-07-08 10:52 - 2012-03-07 04:09 - 00762792 ____A C:\Windows\System32\perfh007.dat
2013-07-08 10:52 - 2012-03-07 04:09 - 00173498 ____A C:\Windows\System32\perfc007.dat
2013-07-08 10:52 - 2009-07-14 07:13 - 01799866 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-08 10:49 - 2013-07-08 10:49 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Gerhard Wagner\Downloads\JRT494.exe
2013-07-08 10:49 - 2013-07-08 10:49 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 10:49 - 2013-07-08 10:49 - 00000000 ____D C:\JRT
2013-07-08 10:47 - 2013-03-08 12:59 - 00006582 ____A C:\Windows\setupact.log
2013-07-08 10:47 - 2012-09-03 10:21 - 00001122 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-08 10:47 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 10:46 - 2013-07-08 10:46 - 00004972 ____A C:\AdwCleaner[S2].txt
2013-07-08 10:46 - 2012-03-06 19:14 - 01671923 ____A C:\Windows\WindowsUpdate.log
2013-07-08 10:44 - 2013-07-08 10:44 - 00005135 ____A C:\AdwCleaner[R1].txt
2013-07-08 10:44 - 2013-07-08 10:44 - 00000327 ____A C:\AdwCleaner[S1].txt
2013-07-08 09:28 - 2009-07-14 06:45 - 00367816 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-06 16:54 - 2013-03-08 05:13 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-07-06 10:59 - 2013-07-06 09:51 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-07-05 22:08 - 2012-04-23 07:00 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-05 22:07 - 2012-09-03 10:21 - 00001126 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-04 13:39 - 2010-11-21 05:47 - 00074674 ____A C:\Windows\PFRO.log
2013-07-01 22:46 - 2012-11-27 16:16 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-06-29 21:55 - 2013-06-24 10:57 - 00000000 ____D C:\Users\Gerhard Wagner\Desktop\downgrade fritzbox
2013-06-29 21:54 - 2012-12-19 17:16 - 00000000 ____D C:\Users\Gerhard Wagner\AppData\Local\FRITZ!
2013-06-28 18:27 - 2013-06-28 18:27 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (3).zip
2013-06-24 20:40 - 2012-09-03 10:21 - 00000000 ____D C:\Users\Gerhard Wagner\AppData\Local\Google
2013-06-24 16:53 - 2013-06-24 15:54 - 00000000 ____D C:\Users\Gerhard Wagner\Downloads\mailpv
2013-06-24 16:10 - 2013-06-24 16:10 - 00000010 ____A C:\Users\Gerhard Wagner\Desktop\Neues Textdokument (2).txt
2013-06-24 15:53 - 2013-06-24 15:53 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (4).zip
2013-06-24 15:52 - 2013-06-24 15:52 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (2).zip
2013-06-24 15:52 - 2013-06-24 15:52 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (1).zip
2013-06-24 15:05 - 2013-06-24 15:06 - 00375970 ____A C:\Users\Gerhard Wagner\Downloads\FRITZ.Box Fon WLAN 7390 84.05.52_24.06.13_1505.export
2013-06-24 10:44 - 2013-06-24 10:44 - 00077608 ____A C:\Users\Gerhard Wagner\Downloads\Setup.exe
2013-06-24 10:37 - 2013-06-24 10:37 - 15800320 ____A C:\Users\Gerhard Wagner\Downloads\FRITZ.Box_Fon_WLAN_7390.AnnexB.84.05.52.image
2013-06-21 13:08 - 2012-09-03 10:21 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-19 21:29 - 2012-03-07 16:49 - 00000000 ____D C:\ProgramData\Norton
2013-06-19 21:24 - 2013-05-19 19:03 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-06-18 22:20 - 2012-03-07 15:30 - 01776824 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-18 15:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-13 19:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 19:04 - 2012-09-03 21:05 - 00002669 ____A C:\Users\Public\Desktop\TAXMAN 2012 spezial.lnk
2013-06-13 15:08 - 2012-04-23 07:00 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 15:08 - 2012-03-07 15:43 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-13 11:17 - 2013-06-13 11:17 - 00275320 ____A C:\Windows\Minidump\061313-5881-01.dmp
2013-06-13 11:17 - 2013-04-23 21:56 - 614690721 ____A C:\Windows\MEMORY.DMP
2013-06-13 11:17 - 2013-04-23 21:56 - 00000000 ____D C:\Windows\Minidump
2013-06-13 10:56 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-13 10:50 - 2009-07-14 04:34 - 00000534 ____A C:\Windows\win.ini
2013-06-13 10:49 - 2012-04-22 16:47 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 21:36 - 2013-03-13 10:30 - 00001090 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-06-08 16:08 - 2013-06-13 12:44 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-13 12:44 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-13 12:44 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-13 12:44 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-13 12:44 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-13 12:44 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-13 12:44 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-13 12:44 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-13 12:44 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-13 12:44 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-13 12:44 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-13 12:44 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 15:40

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013
Ran by Gerhard Wagner at 2013-07-08 10:59:31
Running from K:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
AMD APP SDK Runtime (Version: 10.0.851.4)
AMD Catalyst Install Manager (Version: 3.0.859.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.61205.2219)
AVM FRITZ!fax für FRITZ!Box (x32)
B1315AppGuid (x32 Version: 1.0.0)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.37)
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 14.2.4.1)
BufferChm (x32 Version: 100.0.170.000)
Bullzip PDF Printer 7.2.0.1304 (Version: 7.2.0.1304)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32)
Canon MP Navigator EX 4.0 (x32)
Canon Solution Menu EX (x32)
CanoScan LiDE 210 Scanner Driver
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.1205.2215.39827)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1205.2215.39827)
Catalyst Control Center InstallProxy (x32 Version: 2011.1205.2215.39827)
Catalyst Control Center Localization All (x32 Version: 2011.1205.2215.39827)
CCC Help Chinese Standard (x32 Version: 2011.1205.2214.39827)
CCC Help Chinese Traditional (x32 Version: 2011.1205.2214.39827)
CCC Help Czech (x32 Version: 2011.1205.2214.39827)
CCC Help Danish (x32 Version: 2011.1205.2214.39827)
CCC Help Dutch (x32 Version: 2011.1205.2214.39827)
CCC Help English (x32 Version: 2011.1205.2214.39827)
CCC Help Finnish (x32 Version: 2011.1205.2214.39827)
CCC Help French (x32 Version: 2011.1205.2214.39827)
CCC Help German (x32 Version: 2011.1205.2214.39827)
CCC Help Greek (x32 Version: 2011.1205.2214.39827)
CCC Help Hungarian (x32 Version: 2011.1205.2214.39827)
CCC Help Italian (x32 Version: 2011.1205.2214.39827)
CCC Help Japanese (x32 Version: 2011.1205.2214.39827)
CCC Help Korean (x32 Version: 2011.1205.2214.39827)
CCC Help Norwegian (x32 Version: 2011.1205.2214.39827)
CCC Help Polish (x32 Version: 2011.1205.2214.39827)
CCC Help Portuguese (x32 Version: 2011.1205.2214.39827)
CCC Help Russian (x32 Version: 2011.1205.2214.39827)
CCC Help Spanish (x32 Version: 2011.1205.2214.39827)
CCC Help Swedish (x32 Version: 2011.1205.2214.39827)
CCC Help Thai (x32 Version: 2011.1205.2214.39827)
CCC Help Turkish (x32 Version: 2011.1205.2214.39827)
ccc-utility64 (Version: 2011.1205.2215.39827)
CDBurnerXP (x32 Version: 4.4.0.2971)
Crystal Reports Runtime XI (x32 Version: 1.0.9)
CustomerResearchQFolder (x32 Version: 1.00.0000)
DATEV Infragistics Runtime V.3.2 (x32 Version: 3.2.0)
DATEV Installation V.3.0 (x32)
Dell Wireless Driver Installation (x32 Version: 9.0)
DeviceDiscovery (x32 Version: 100.0.190.000)
DeviceManagementQFolder (x32 Version: 1.00.0000)
DFL2010 ConfigDB (x32 Version: 4.17.3326.0)
DFL2010 Microkernel (x32 Version: 4.17.3326.0)
dm-Fotowelt (x32 Version: 5.0.1)
Garmin Communicator Plugin (x32 Version: 4.0.1)
Garmin Communicator Plugin x64 (Version: 4.0.1)
Garmin USB Drivers (x32 Version: 2.3.0.0)
Google Chrome (x32 Version: 27.0.1453.116)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.145)
GPL Ghostscript Lite 9.04 (x32)
HP Color LaserJet CM1312 MFP Series 5.1 (Version: 5.1)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Update (x32 Version: 4.000.007.003)
hppCLJCM1312 (x32 Version: 005.001.00142)
hppFaxDrvCM1312 (x32 Version: 005.000.00001)
hppFaxUtilityCM1312 (x32 Version: 005.001.00137)
hppFonts (x32 Version: 001.001.00061)
hppLaserJetService (x32 Version: 001.001.0.0)
hppManualsCM1312 (x32 Version: 005.001.00145)
hppPQVideoCM1312 (x32 Version: 005.001.00142)
hppQFolderCM1312 (x32 Version: 1.00.0000)
hppScanToCM1312 (x32 Version: 005.001.00140)
hppSendFaxCM1312 (x32 Version: 005.000.00001)
hppTLBXFXCM1312 (x32 Version: 001.017.00050)
hppusgCM1312 (x32 Version: 1.1.0.1)
HPSSupply (x32 Version: 100.0.170.000)
hpzTLBXFX (x32 Version: 005.003.00171)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1118)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2253)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Lexware Info Service (x32 Version: 2.80.00.0007)
MarketResearch (x32 Version: 100.0.170.000)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)
Microsoft SQL Server Browser (x32 Version: 10.51.2500.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 10.51.2500.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XML Parser (x32 Version: 8.70.1104.04)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Norton 360 Premier Edition (x32 Version: 6.4.1.14)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (Version: 10.51.2500.0)
Shop for HP Supplies (Version: 10.0)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
SQLXML4 (Version: 9.00.5000.00)
StorageCraft ShadowProtect (x32 Version: 5.0.1.23057)
TAXMAN 2012 spezial (x32 Version: 18.09.00.0004)
TeamViewer 8 (x32 Version: 8.0.18930)
TrayApp (x32 Version: 100.0.170.000)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VTech Download Agent Library (x32 Version: 1.00.0000)
VTech Download Manager (x32)
WebReg (x32 Version: 100.0.170.000)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {059E0798-D4CC-4ECE-83C8-A5157FC6C4A9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {445CF79D-3E27-45FB-9E19-EC9997547BA6} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {89741E2E-EBBD-4B5C-A939-8F4D0BAF4301} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {94186E99-300E-4425-AA3C-5421656C1EF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03] (Google Inc.)
Task: {A24EDF44-BDAF-48A8-A7F2-77A10941D675} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {C4322D00-149C-4A27-AA8A-CAEC49C6705C} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe No File
Task: {D10CA758-C14D-4F73-AE72-1267CC42DFF3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {D9DDC6B7-7D11-47E3-A476-75D808B740AB} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {ECC8233A-87E9-4286-92B3-63CF4E59D618} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (07/08/2013 10:58:21 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 8174.45 MB
Available physical RAM: 5965.01 MB
Total Pagefile: 16347.07 MB
Available Pagefile: 13772.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:51.45 GB) NTFS (Disk=1 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:465.72 GB) (Free:420.19 GB) NTFS (Disk=0 Partition=2)
Drive e: (W7SP1_PROFESSIONAL) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=1 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive k: () (Removable) (Total:7.6 GB) (Free:7.6 GB) FAT32 (Disk=2 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: D5136530)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: D1DC332E)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 8 GB) (Disk ID: 4EAB0811)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)

==================== End Of Log ============================

schrauber · 08.07.2013, 11:13

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKCU\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\GERHAR~1\AppData\Local\Temp\vnujfohxewptajxxp.exe [x] <===== ATTENTION
C:\Users\GERHAR~1\AppData\Local\Temp\vnujfohxewptajxxp.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Tankwart · 08.07.2013, 13:39

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013
Ran by Gerhard Wagner at 2013-07-08 12:16:18 Run:2
Running from K:\
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\GERHAR~1\AppData\Local\Temp\vnujfohxewptajxxp.exe [x => Value not found.
"C:\Users\GERHAR~1\AppData\Local\Temp\vnujfohxewptajxxp.exe" => File/Directory not found.

==== End of Fixlog ====

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7108fa840432e54c834df830a6540d43
# engine=14313
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-08 11:09:45
# local_time=2013-07-08 01:09:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 95 1096363 123944281 0 0
# compatibility_mode=5893 16776574 100 94 42222916 124911635 0 0
# scanned=203851
# found=1
# cleaned=1
# scan_time=2886
sh=9899FB69B74860DE6251DBA8E6E72993C5745005 ft=1 fh=aaf418556efaeb9b vn="Variante von Win32/Adware.iBryte.H Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Gerhard Wagner\Downloads\Setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7108fa840432e54c834df830a6540d43
# engine=14313
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-08 12:33:40
# local_time=2013-07-08 02:33:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 95 1101398 123949316 0 0
# compatibility_mode=5893 16776574 100 94 42231551 124916670 0 0
# scanned=203956
# found=0
# cleaned=0
# scan_time=3916

Bei SecurityCheck bekomme ich folgende Meldung:
UNSUPPORTED OPERATING SYSTEM! ABORTED!

schrauber · 08.07.2013, 18:15

FRST muss auf dem Desktop sein, bitte Fix wiederholen und aufpassen dass Du alles aus der Codebox kopierst.

Fixen und ein frisches Scanlog anhängen. SecurityCheck ignorieren. Noch Probleme?

08.07.2013, 09:47	#4
schrauber /// the machine /// TB-Ausbilder	GVU Trojaner entfernen neu boote, jubilieren __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

GVU Trojaner entfernen

Log-Analyse und Auswertung: GVU Trojaner entfernen