Trojaner bit 2048 sowie Verlangsamung des Computers

Malli

Guten Tag Zusammen,

ich hatte vorgestern eine Freundin zu Besuch, deren Smartphone vergangenes Wochenende gestohlen wurde. Nun war sie früh morgens an meinem Notebook und hat eine Fake-Telekom-email bekommen, in der Stand, dass sie 126 € zu zahlen habe.
Scheinbar leicht verschlafen hat sie den Anhang geöffnet (eine .exe-Datei geöffnet)

5min danach hat sich ein Bildschirm bei mir geöffnet, der ein Windows-Update für 100€ verkaufen wollte... daraufhin habe ich mich informiert und ich habe herausgefunden, dass es sich um einen Trojaner handelt...

Beim nächsten Starten des Notebooks hat alles noch gut funktionier, nur dass sie Dateien alle "locked" waren und das Dateiformat sich geänder hatte. Die Dateien hiessen dann zum Beispiel "locked - NamederDatei.vsop" (vsop habe ich mir grad ausgedacht, es waren meistens 4-stellige Buchstabenketten, die immer unterschiedlich waren).

Mit der Zeit wurde der PC immer langsamer und ich bin auf euer Forum gestoßen. Habe nun die entsprechenden Schritte durchgeführt und Malewartbytes die Trojaner "oberflächlich" gelöscht und durch den Decrypt-Helper 0.5 die wichtigen Dateien wieder hergestellt.

Dies war allerdings nur noch im abgesicherten Modus möglich. Wenn ich den PC normal starten möchte erscheint nach dem "Willkommen" ein schwarzer Bildschirm auf dem ich die Maus bewegen kann.

Ich befinde mich z.Z. im "Abgesicherten Modus mit Netzwerkerkennung".

Das Scannen des PCs hat anstatt 3min (wie geschrieben) ca. 20 min gebraucht... er ist als wirklich langsam...


Es wäre sehr nett, wenn mir jemand von euch helfen könnte und wir gemeinsam meinen (6Monate alten) PC wieder zum Laufen bringen

Nun folgen 1x defogger_disable, DDS-Log und Attach-Log

defogger_disable:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:12 on 01/05/2012 (Marius)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

DDS-Log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Marius at 15:14:13 on 2012-05-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3764.2894 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Marius\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marius\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marius\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marius\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Marius\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marius\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360911h406l0498z1k5t67j1k591
uStart Page = hxxp://search.babylon.com/?affID=112037&babsrc=HP_ss&mntrId=2c1cedee00000000000018f46a0c79b5
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360911h406l0498z1k5t67j1k591
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360911h406l0498z1k5t67j1k591
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: 2YourFace Addon: {1185823f-f22f-4027-80e5-4f68acd5de5e} - C:\Program Files (x86)\2YourFace\bho.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: eType Toolbar Helper: {7d9463cd-bbd8-42f4-ab72-d7b1191d9f3d} - C:\Program Files (x86)\eType Toolbar\Toolbar32.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: eType Toolbar: {bde58274-7a2a-4682-8c47-a379dd9e36cb} - C:\Program Files (x86)\eType Toolbar\Toolbar32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File
uRun: [Google Update] "C:\Users\Marius\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Facebook Update] "C:\Users\Marius\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [eType] C:\Users\Marius\AppData\Roaming\eType\eType.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [eTypeToolbarHelper] "C:\Program Files (x86)\eType Toolbar\ToolbarHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [ Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Marius\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Marius\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E9BF632C-5288-4EF0-A478-D81513FEB55D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E9BF632C-5288-4EF0-A478-D81513FEB55D}\64259445A51224F6870235C40275C414E4 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{E9BF632C-5288-4EF0-A478-D81513FEB55D}\64259445A51224F6870264F6E60275C414E40273131323 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{E9BF632C-5288-4EF0-A478-D81513FEB55D}\75C414E4D2030303430354440354449393 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E9BF632C-5288-4EF0-A478-D81513FEB55D}\B46434 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{E9BF632C-5288-4EF0-A478-D81513FEB55D}\C45657078616E616 : DhcpNameServer = 141.39.208.200 193.174.46.7
TCP: Interfaces\{E9BF632C-5288-4EF0-A478-D81513FEB55D}\D4F6378696 : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
{1185823F-F22F-4027-80E5-4F68ACD5DE5E}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{2EECD738-5844-4a99-B4B6-146BF802613B}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{7D9463CD-BBD8-42f4-AB72-D7B1191D9F3D}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
{BDE58274-7A2A-4682-8C47-A379DD9E36CB}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{98889811-442D-49dd-99D7-DC866BE87DBC}
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [eTypeToolbarHelper] "C:\Program Files (x86)\eType Toolbar\ToolbarHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [ Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R? acsock;acsock
R? AdobeARMservice;Adobe Acrobat Update Service
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? AMD External Events Utility;AMD External Events Utility
R? amdkmdag;amdkmdag
R? amdkmdap;amdkmdap
R? AmUStor;AM USB Stroage Driver
R? AntiVirSchedulerService;Avira AntiVir Planer
R? AntiVirService;Avira AntiVir Guard
R? aswFsBlk;aswFsBlk
R? aswKbd;aswKbd
R? aswMonFlt;aswMonFlt
R? aswSnx;aswSnx
R? aswSP;aswSP
R? avast! Antivirus;avast! Antivirus
R? avgntflt;avgntflt
R? btwampfl;Bluetooth AMP USB Filter
R? btwl2cap;Bluetooth L2CAP Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? cvhsvc;Client Virtualization Handler
R? DsiWMIService;Dritek WMI Service
R? ePowerSvc;Acer ePower Service
R? GREGService;GREGService
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update-Dienst (gupdatem)
R? hshld;Hotspot Shield Service
R? HssWd;Hotspot Shield Monitoring Service
R? intelkmd;intelkmd
R? mwlPSDFilter;mwlPSDFilter
R? mwlPSDNServ;mwlPSDNServ
R? mwlPSDVDisk;mwlPSDVDisk
R? MWLService;MyWinLocker Service
R? NTI IScheduleSvc;NTI IScheduleSvc
R? osppsvc;Office Software Protection Platform
R? RS_Service;Raw Socket Service
R? Sftfs;Sftfs
R? sftlist;Application Virtualization Client
R? Sftplay;Sftplay
R? Sftredir;Sftredir
R? Sftvol;Sftvol
R? sftvsa;Application Virtualization Service Agent
R? UNS;Intel(R) Management & Security Application User Notification Service
R? Updater Service for eType Toolbar;Updater Service for eType Toolbar
R? Updater Service;Updater Service
R? vpnagent;Cisco AnyConnect Secure Mobility Agent
R? vwifimp;Microsoft Virtual WiFi Miniport Service
R? WatAdminSvc;Windows-Aktivierungstechnologieservice
S? HECIx64;Intel(R) Management Engine Interface
S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
S? USBAAPL64;Apple Mobile USB Driver
S? vwififlt;Virtual WiFi Filter Driver
.
=============== Created Last 30 ================
.
2012-05-01 09:33:18 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF747217-CEB4-46FB-AF11-739DB4C394EB}\offreg.dll
2012-04-29 20:37:01 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-29 11:33:42 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF747217-CEB4-46FB-AF11-739DB4C394EB}\mpengine.dll
2012-04-29 09:58:43 -------- d-----w- C:\Users\Marius\AppData\Roaming\Malwarebytes
2012-04-29 09:58:38 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-29 09:58:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-22 13:57:41 -------- d-----w- C:\microsoft
2012-04-20 21:00:22 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-20 20:51:29 28504 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-04-20 20:45:57 -------- d-----w- C:\Program Files (x86)\hpmonitor
2012-04-20 20:44:43 -------- d-----w- C:\Program Files (x86)\2YourFace
2012-04-20 20:43:52 -------- d-----w- C:\ProgramData\Hotspot Shield
2012-04-20 20:43:31 -------- d-----w- C:\Hotspot Shield
2012-04-20 20:43:26 -------- d-----w- C:\Program Files (x86)\Hotspot Shield
2012-04-20 20:38:17 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-04-20 20:38:16 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-04-20 20:38:16 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-04-20 20:37:44 41184 ----a-w- C:\Windows\avastSS.scr
2012-04-20 20:37:34 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-20 20:37:34 -------- d-----w- C:\Program Files\AVAST Software
2012-04-15 22:49:25 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-15 22:49:25 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-15 22:49:24 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-15 22:46:50 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-15 22:46:50 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-15 22:46:50 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-15 22:46:50 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-15 22:46:50 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-15 22:46:50 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-15 22:46:50 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
==================== Find3M ====================
.
2012-04-20 21:00:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-26 21:45:18 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys
2012-03-14 16:23:22 65024 ----a-w- C:\Windows\System32\pdfcmon.dll
2012-02-28 06:35:54 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:33:03 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 05:40:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 05:17:41 482816 ----a-w- C:\Windows\System32\html.iec
2012-02-28 04:35:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 04:31:46 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 03:57:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
2012-02-15 09:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 09:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-14 10:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 15:35:05,97 ===============

Attach-Log:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 09.09.2011 10:42:19
System Uptime: 01.05.2012 11:25:18 (4 hours ago)
.
Motherboard: Acer | | JM31_CP
.
==== Installed Programs ======================
.
2YourFace 1.0
Acer Arcade Deluxe
Acer Arcade Movie
Acer Backup Manager
Acer Crystal Eye webcam
Acer eRecovery Management
Acer GameZone Console
Acer PowerSmart Manager
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Reader X (10.1.1) - Deutsch
Alcor Micro USB Card Reader
Amazonia
Apple Application Support
Apple Software Update
ARIS Express
ARIS Express 2.3
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
Avira AntiVir Personal - Free Antivirus
Babylon toolbar on IE
Backup Manager Basic
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client
Counter-Strike 1.6
Dairy Dash
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dream Day First Home
Dropbox
eSobi v2
eType Toolbar
Facebook Video Calling 1.2.0.159
Farm Frenzy 2
Galapago
Google Chrome
Google Update Helper
Granny In Paradise
GTA2
Heroes of Hellas
Hotspot Shield 2.53
Identity Card
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware Version 1.61.0.1400
MediaShow Espresso
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Home and Business 2010
Microsoft Office Klick-und-Los 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker Suite
Norton Online Backup
Pando Media Booster
PDFCreator
PokerStars
PX Profile Update
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Shredder
Skype™ 4.1
SopCast 3.5.0
Spin & Win
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Welcome Center
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
Windows Media Player Firefox Plugin
.
==== End Of File ===========================

Vielen Dank im Voraus!