GVU Trojaner - windows 8

schrauber · 31.08.2013, 13:22

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

anchos · 01.09.2013, 00:51

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2013 04
Ran by Anchos (administrator) on CHELLY on 01-09-2013 01:02:11
Running from E:\
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Blizzard Entertainment, Inc.) C:\Program Files (x86)\StarCraft II\Versions\Base26490\SC2.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.177\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.38\deploy\LolClient.exe
() C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.240\deploy\League of Legends.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-10-30] ()
HKCU\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [x]
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1811880 2013-08-28] (Valve Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [Dargon] - C:\Dargon\DargonD.exe [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [RoccatKova+] - C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
Startup: C:\Users\Anchos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.203.0.cab
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

==================== Services (Whitelisted) =================

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-28] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
S3 BrSerIf; C:\Windows\system32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-11-13] (DT Soft Ltd)
R3 KovaPlusFltr; C:\Windows\system32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S1 frszqiil; \??\C:\Windows\system32\drivers\frszqiil.sys [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-31 23:29 - 2013-08-31 23:29 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-31 23:28 - 2013-08-31 23:28 - 02347384 _____ (ESET) C:\Users\Anchos\Desktop\esetsmartinstaller_enu.exe
2013-08-31 10:03 - 2013-08-31 11:16 - 00064367 _____ C:\Windows\WindowsUpdate.log
2013-08-30 23:34 - 2013-08-30 23:34 - 00000685 _____ C:\Users\Anchos\Desktop\JRT.txt
2013-08-30 23:32 - 2013-08-30 23:32 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 23:31 - 2013-08-30 23:31 - 01023533 _____ (Thisisu) C:\Users\Anchos\Desktop\JRT.exe
2013-08-30 23:26 - 2013-08-30 23:27 - 00000000 ____D C:\AdwCleaner
2013-08-30 23:25 - 2013-08-30 23:25 - 00994642 _____ C:\Users\Anchos\Desktop\adwcleaner.exe
2013-08-30 10:44 - 2013-08-30 10:44 - 00002025 _____ C:\Users\Anchos\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-08-30 10:44 - 2013-08-30 10:44 - 00001954 _____ C:\Users\Anchos\Desktop\Avira DE-Cleaner.lnk
2013-08-29 18:37 - 2013-08-29 18:37 - 00000000 ____D C:\Program Files (x86)\ROCCAT
2013-08-23 13:30 - 2013-08-25 09:14 - 00000000 ____D C:\SC2Replay Archive
2013-08-18 00:12 - 2013-08-18 00:13 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 11:11 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 11:11 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 11:11 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-14 11:11 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-14 11:11 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 11:11 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 11:11 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 11:11 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 11:11 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 11:11 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 11:11 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 11:11 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 11:11 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 11:11 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 11:11 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 11:11 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 11:11 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 11:11 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 11:11 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-14 11:11 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 11:11 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 11:11 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 11:11 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 11:11 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 11:11 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 11:11 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 11:11 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 11:11 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 11:11 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 11:11 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 11:11 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-14 11:11 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 11:11 - 2013-07-02 03:21 - 00057504 _____ (Microsoft Corporation) C:\Windows\system32\config\MpAsDesc.dll.mui
2013-08-14 11:11 - 2013-07-02 03:21 - 00040608 _____ (Microsoft Corporation) C:\Windows\system32\config\MpEvMsg.dll.mui
2013-08-14 11:11 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-14 11:11 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-14 11:11 - 2013-07-02 00:08 - 00105120 _____ (Microsoft Corporation) C:\Windows\system32\config\MsMpRes.dll.mui
2013-08-14 11:11 - 2013-07-02 00:08 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll.mui
2013-08-14 11:11 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 11:11 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 11:07 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 11:07 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 11:07 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 11:07 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-14 11:07 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-14 11:07 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 11:07 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 11:07 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-14 11:07 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-03 09:16 - 2013-08-03 09:16 - 00000000 ____D C:\Users\Anchos\Documents\NFS SHIFT
2013-08-03 09:12 - 2013-08-03 09:12 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2013-08-03 09:12 - 2013-08-03 09:12 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies

==================== One Month Modified Files and Folders =======

2013-09-01 01:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-01 00:59 - 2012-10-30 19:42 - 00000000 ____D C:\Users\Anchos\AppData\Local\PMB Files
2013-09-01 00:59 - 2012-10-30 19:42 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-01 00:52 - 2012-11-14 21:58 - 00000000 ____D C:\Users\Anchos\AppData\Roaming\Skype
2013-08-31 23:30 - 2013-08-31 23:30 - 00891115 _____ C:\Users\Anchos\Desktop\SecurityCheck.exe
2013-08-31 23:29 - 2013-08-31 23:29 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-31 23:28 - 2013-08-31 23:28 - 02347384 _____ (ESET) C:\Users\Anchos\Desktop\esetsmartinstaller_enu.exe
2013-08-31 23:19 - 2012-10-26 17:19 - 00000868 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-08-31 15:05 - 2012-10-26 17:19 - 00000870 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-08-31 11:16 - 2013-08-31 10:03 - 00064367 _____ C:\Windows\WindowsUpdate.log
2013-08-31 10:03 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-30 23:34 - 2013-08-30 23:34 - 00000685 _____ C:\Users\Anchos\Desktop\JRT.txt
2013-08-30 23:32 - 2013-08-30 23:32 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 23:31 - 2013-08-30 23:31 - 01023533 _____ (Thisisu) C:\Users\Anchos\Desktop\JRT.exe
2013-08-30 23:28 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-30 23:27 - 2013-08-30 23:26 - 00000000 ____D C:\AdwCleaner
2013-08-30 23:27 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-08-30 23:25 - 2013-08-30 23:25 - 00994642 _____ C:\Users\Anchos\Desktop\adwcleaner.exe
2013-08-30 23:23 - 2012-07-26 12:27 - 00751892 _____ C:\Windows\system32\perfh007.dat
2013-08-30 23:23 - 2012-07-26 12:27 - 00155620 _____ C:\Windows\system32\perfc007.dat
2013-08-30 23:23 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-30 12:00 - 2012-10-30 18:54 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3704050743-3055777684-322982769-1001
2013-08-30 10:49 - 2012-11-13 20:21 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-30 10:44 - 2013-08-30 10:44 - 00002025 _____ C:\Users\Anchos\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-08-30 10:44 - 2013-08-30 10:44 - 00001954 _____ C:\Users\Anchos\Desktop\Avira DE-Cleaner.lnk
2013-08-30 10:43 - 2012-10-30 19:44 - 00000000 ____D C:\Users\Anchos\Desktop\Picture
2013-08-29 18:37 - 2013-08-29 18:37 - 00000000 ____D C:\Program Files (x86)\ROCCAT
2013-08-29 18:37 - 2012-10-26 17:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-27 19:57 - 2012-12-28 21:38 - 00000000 ____D C:\Users\Anchos\Documents\StarCraft II
2013-08-25 09:14 - 2013-08-23 13:30 - 00000000 ____D C:\SC2Replay Archive
2013-08-20 08:13 - 2012-12-28 21:38 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-08-20 00:23 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-08-18 14:06 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-18 14:05 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-18 00:13 - 2013-08-18 00:12 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 00:12 - 2012-12-13 18:51 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-03 09:23 - 2012-10-30 18:48 - 00000000 ____D C:\Users\Anchos\AppData\Local\VirtualStore
2013-08-03 09:16 - 2013-08-03 09:16 - 00000000 ____D C:\Users\Anchos\Documents\NFS SHIFT
2013-08-03 09:12 - 2013-08-03 09:12 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2013-08-03 09:12 - 2013-08-03 09:12 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies

Files to move or delete:
====================
C:\Users\Anchos\AppData\Local\Temp\Quarantine.exe
C:\Users\Anchos\AppData\Local\Temp\RarSFX0\SecurityCheck\Objlist.exe
C:\Users\Anchos\AppData\Local\Temp\RarSFX0\SecurityCheck\runprocesses.exe
C:\Users\Anchos\AppData\Local\Temp\RarSFX0\SecurityCheck\uninstalllist.exe
C:\Users\Anchos\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\cmdinfo.exe
C:\Users\Anchos\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exe
C:\Users\Anchos\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exe
C:\Users\Anchos\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\swreg.exe
C:\Users\Anchos\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Anchos\AppData\Local\Temp\decleaner\avnetworkloader.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\avnetworkLoaderGUI.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\avwebloader.exe
C:\Users\Anchos\AppData\Local\Temp\decleaner\DE-Cleaner-Install.exe
C:\Users\Anchos\AppData\Local\Temp\decleaner\msvcr90.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\rcimage.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\rcNwLoad_de.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\scewxmlw.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\update.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\aebb.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\aecore.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\aeemu.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\aeexp.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\aegen.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\aehelp.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\aeheur.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\aeoffice.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\aepack.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\aerdl.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\aesbx.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\aescn.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\aescript.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\aevdf.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\avevtlog.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\avevtrc.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\avipc.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\Avira-DE-Cleaner-starten.exe
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\avpref.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\avreg.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\avrep.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\avscan.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\avscan.exe
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\avscplr.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\avwinll.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\ccavscanex.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\ccavscanexrc.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\ccwkrlib.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\cfglib.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\decleaner.exe
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\extdlgfw.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\luke.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\mfc90u.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\msvcp90.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\msvcr90.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\rcimage.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\rctext.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\scewxmlw.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\sqlite3.dll
C:\Users\Anchos\AppData\Local\Temp\decleaner\decleaner\setup\unacev2.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\de-DE => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-08-31 10:50

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1304a59c03bbcb449bcd5b3d265c9e6a
# engine=14968
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-31 10:59:48
# local_time=2013-09-01 12:59:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776573 100 94 50994 5273463 0 0
# scanned=210164
# found=0
# cleaned=0
# scan_time=4973

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.72  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 9  
 Java version out of Date! 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MsMpEng.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

jo hab alles.

GVU Trojaner - windows 8

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner - windows 8

GVU Trojaner - windows 8

GVU Trojaner - windows 8

Ähnliche Themen: GVU Trojaner - windows 8