GVU / BKA Trojaner Win7, abgesicherter Modus m E-Aufforderung möglich

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-07-2013
Ran by Ali (administrator) on 09-07-2013 01:35:10
Running from E:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-03] (Dell Inc.)
HKLM\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\M-AudioTaskBarIcon.exe [798216 2009-09-03] (Avid Technology, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-05-21] (Softthinks)
HKLM-x32\...\Runonce: [GrpConv] grpconv -o [x]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\n. ATTENTION! ====> ZeroAccess
HKCU\...\Run: [Ysvumyuvk] C:\Users\Ali\AppData\Roaming\Ucvetu\esbe.exe [237056 2011-10-20] ()
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Ali\AppData\Roaming\skype.dat [98304 2011-11-17] () <==== ATTENTION 
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Ali\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\n. ATTENTION! ====> ZeroAccess?
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3760698348-1531322062-719399750-1000\$3b99f81f31d5dbab1bcf87d0107a285a\n. ATTENTION! ====> ZeroAccess?
MountPoints2: {08176d70-330c-11e0-a902-f04da292cc18} - E:\pushinst.exe
MountPoints2: {f20d691a-81bc-11e2-aa2a-f04da292cc18} - G:\pushinst.exe
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-06-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU SearchScopes: DefaultScope {777D7234-6F96-4C43-B3E9-81989EA52A52} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE474
SearchScopes: HKCU - {777D7234-6F96-4C43-B3E9-81989EA52A52} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE474
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Ali\AppData\Roaming\Mozilla\Firefox\Profiles\pj48my79.default
FF user.js: detected! => C:\Users\Ali\AppData\Roaming\Mozilla\Firefox\Profiles\pj48my79.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Ali\AppData\Roaming\Mozilla\Firefox\Profiles\pj48my79.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2010-02-03] (Dell Inc.)
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 BEHRINGER_PT_MIDI; C:\Windows\System32\drivers\bhrngr_m.sys [43584 2009-12-15] (Ploytec GmbH)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
S3 MADFUAUDIOPHILE; C:\Windows\System32\DRIVERS\MAudioAudiophile_DFU.sys [46088 2009-09-03] (M-Audio)
S3 MAUSBAUDIOPHILE; C:\Windows\System32\DRIVERS\MAudioAudiophile.sys [187912 2009-09-03] (Avid Technology, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-09 01:35 - 2013-07-09 01:35 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2013-07-09 01:35 - 2013-07-09 01:35 - 00000000 ____D C:\FRST
2013-07-09 01:35 - 2010-09-26 22:26 - 00787722 ____A C:\Windows\System32\perfh007.dat
2013-07-09 01:35 - 2010-09-26 22:26 - 00172832 ____A C:\Windows\System32\perfc007.dat
2013-07-09 01:35 - 2009-07-14 07:13 - 00005430 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-09 01:14 - 2013-05-17 04:01 - 00000004 ____A C:\Users\Ali\AppData\Roaming\skype.ini
2013-07-09 01:13 - 2011-01-19 23:22 - 00000000 ____D C:\Users\Ali\AppData\Local\SoftThinks
2013-07-09 01:13 - 2010-09-26 20:32 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-07-09 01:13 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 01:13 - 2009-07-14 06:51 - 00092920 ____A C:\Windows\setupact.log
2013-07-09 01:11 - 2012-07-20 01:20 - 00000000 ____D C:\Users\Ali\AppData\Roaming\BitTorrent
2013-07-09 01:11 - 2011-01-19 23:16 - 00009138 ____A C:\Windows\PFRO.log
2013-07-09 00:53 - 2013-05-13 02:54 - 00000000 ____D C:\Users\Ali\Desktop\Neuer Ordner
2013-07-09 00:13 - 2011-01-19 23:19 - 00000000 ____D C:\users\Ali
2013-07-08 23:28 - 2009-07-14 06:45 - 00013664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 23:28 - 2009-07-14 06:45 - 00013664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-27 21:05 - 2010-09-26 19:37 - 01125157 ____A C:\Windows\WindowsUpdate.log

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3760698348-1531322062-719399750-1000\$3b99f81f31d5dbab1bcf87d0107a285a

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a

ZeroAccess:
C:\Users\Ali\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Users\Ali\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
C:\Users\Ali\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L
C:\Users\Ali\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U
C:\Users\Ali\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000001.@
C:\Users\Ali\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@
C:\Users\Ali\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\800000cb.@

Files to move or delete:
====================
C:\Users\Ali\AppData\Roaming\skype.dat
C:\Users\Ali\AppData\Roaming\skype.ini
C:\ProgramData\0tbpw.pad

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-08 23:46

==================== End Of Log ============================