Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner :(

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.08.2013, 23:04   #1
Sanjae60
 
GVU Trojaner :( - Standard

GVU Trojaner :(





Guten Abend an alle,

bin neu hier hab n dickes Problem, hab nen GVU trojaner eingefangen bzw, meine Freundin,

es kam eine meldung Java Update von Oracle, freundin ok gedrückt, Camera LED ging an, und fertig, Kriege ne Seite von GVU kohle zahlen, komme net zum dekstop

Windows 8 64x, Sony Vaio Laptop,


bitte bitte helft mir wir brauchen morgen dringend den Laptop

habe schon mit dem ersten schritt begonnen und habe die Log file aus FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013
Ran by SYSTEM on 10-08-2013 23:54:34
Running from D:\
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-10-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-11-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-11-05] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-10-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [299648 2012-07-24] (McAfee, Inc.)
HKU\Alexandra\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\Alexandra\...\Run: [icq] - C:\Users\Alexandra\AppData\Roaming\ICQM\icq.exe [27598184 2013-05-27] (ICQ)
HKU\Alexandra\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\ALEXAN~1\AppData\Local\Temp\adjfgwrwyvkyxqqhq.exe [59392 2013-08-10] (Valve) <===== ATTENTION
HKU\Alexandra\...\Winlogon: [Shell] cmd.exe [404992 2012-07-26] (Microsoft Corporation) <==== ATTENTION 
HKU\Alexandra\...\Command Processor: "C:\Users\ALEXAN~1\AppData\Local\Temp\adjfgwrwyvkyxqqhq.exe" <===== ATTENTION!
Startup: C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * 

==================== Services (Whitelisted) =================

S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
S2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [2776256 2013-07-17] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-17] (Sony Corporation)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
S2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-01-31] (Stardock Software, Inc)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1265824 2012-10-23] (Sony Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros)

==================== Drivers (Whitelisted) ====================

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-05] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-11-05] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-05-26] (DT Soft Ltd)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-23] (Synaptics Incorporated)
S3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-10 21:40 - 2013-08-10 21:40 - 01084800 _____ C:\ProgramData\2433f433
2013-08-10 21:40 - 2013-08-10 21:40 - 01084787 _____ C:\Users\Alexandra\AppData\Roaming\2433f433
2013-08-10 21:40 - 2013-08-10 21:40 - 01084731 _____ C:\Users\Alexandra\AppData\Local\2433f433
2013-07-20 10:30 - 2013-07-20 10:30 - 00329792 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-16 23:06 - 2013-06-01 12:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-07-16 23:06 - 2013-06-01 10:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2013-07-16 23:06 - 2013-05-20 01:08 - 00386642 _____ C:\Windows\System32\ApnDatabase.xml
2013-07-16 23:05 - 2013-06-16 23:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-07-16 23:05 - 2013-06-01 12:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2013-07-16 23:05 - 2013-06-01 12:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys
2013-07-16 23:05 - 2013-06-01 12:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-07-16 23:05 - 2013-06-01 12:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2013-07-16 23:05 - 2013-06-01 12:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS
2013-07-16 23:05 - 2013-06-01 12:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-07-16 23:05 - 2013-06-01 12:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-07-16 23:05 - 2013-06-01 11:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-07-16 23:05 - 2013-06-01 10:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-16 23:05 - 2013-06-01 10:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-07-16 23:05 - 2013-06-01 10:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-07-16 23:05 - 2013-06-01 10:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-07-16 23:05 - 2013-06-01 10:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-07-16 23:05 - 2013-06-01 10:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-07-16 23:05 - 2013-06-01 10:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\vds.exe
2013-07-16 23:05 - 2013-06-01 10:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-16 23:05 - 2013-06-01 10:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-07-16 23:05 - 2013-06-01 10:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\System32\vdsutil.dll
2013-07-16 23:05 - 2013-06-01 10:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\MbaeParserTask.exe
2013-07-16 23:05 - 2013-06-01 10:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\System32\samsrv.dll
2013-07-16 23:05 - 2013-06-01 10:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\System32\samlib.dll
2013-07-16 23:05 - 2013-06-01 10:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2013-07-16 23:05 - 2013-06-01 10:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll
2013-07-16 23:05 - 2013-06-01 10:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\System32\mscms.dll
2013-07-16 23:05 - 2013-06-01 10:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-07-16 23:05 - 2013-06-01 10:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\System32\DeviceSetupManager.dll
2013-07-16 23:05 - 2013-06-01 04:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BthAvrcpTg.sys
2013-07-16 23:05 - 2013-05-24 23:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-07-16 23:05 - 2013-05-24 23:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-07-16 23:05 - 2013-05-24 23:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-07-16 23:05 - 2013-05-24 23:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-07-11 20:10 - 2013-06-12 00:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-11 20:10 - 2013-06-01 10:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 20:10 - 2013-06-01 10:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 20:10 - 2013-05-31 00:14 - 04036096 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 20:10 - 2013-05-04 07:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 20:10 - 2013-05-04 05:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 20:10 - 2013-04-11 23:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 20:10 - 2013-04-11 23:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-11 20:09 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 20:09 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 20:09 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 20:09 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 20:09 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 20:09 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 20:09 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 20:09 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 20:09 - 2013-06-12 00:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-11 20:09 - 2013-06-12 00:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-11 20:09 - 2013-06-12 00:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-11 20:09 - 2013-06-12 00:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 20:09 - 2013-06-12 00:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-11 20:09 - 2013-06-12 00:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-11 20:09 - 2013-06-12 00:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-11 20:09 - 2013-06-12 00:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

==================== One Month Modified Files and Folders =======

2013-08-10 22:47 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-10 22:35 - 2013-02-20 22:44 - 00000000 ____D C:\ProgramData\MOCP
2013-08-10 22:34 - 2013-02-20 21:38 - 00753134 _____ C:\Windows\System32\perfh007.dat
2013-08-10 22:34 - 2013-02-20 21:38 - 00155826 _____ C:\Windows\System32\perfc007.dat
2013-08-10 22:34 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-10 22:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\sru
2013-08-10 21:49 - 2013-05-24 15:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-10 21:46 - 2013-02-20 22:05 - 01978209 _____ C:\Windows\WindowsUpdate.log
2013-08-10 21:40 - 2013-08-10 21:40 - 01084800 _____ C:\ProgramData\2433f433
2013-08-10 21:40 - 2013-08-10 21:40 - 01084787 _____ C:\Users\Alexandra\AppData\Roaming\2433f433
2013-08-10 21:40 - 2013-08-10 21:40 - 01084731 _____ C:\Users\Alexandra\AppData\Local\2433f433
2013-08-10 20:54 - 2013-03-09 12:46 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1686883395-3062666736-549955339-1001
2013-08-10 20:53 - 2013-05-26 16:57 - 00003112 _____ C:\Windows\System32\Tasks\RDReminder
2013-08-10 20:52 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-05 20:56 - 2013-04-21 20:02 - 00000000 ____D C:\Users\Alexandra\Neuer Ordner
2013-08-04 21:55 - 2013-03-23 09:16 - 00300032 ___SH C:\Users\Alexandra\Desktop\Thumbs.db
2013-07-27 11:26 - 2013-03-09 12:36 - 00000000 ____D C:\users\Alexandra
2013-07-23 23:10 - 2013-04-06 21:57 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-23 23:10 - 2012-08-03 03:22 - 00012896 _____ C:\Windows\PFRO.log
2013-07-21 01:52 - 2013-03-18 22:14 - 00000000 ____D C:\Users\Alexandra\AppData\Local\Adobe
2013-07-21 01:50 - 2013-05-24 15:16 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-20 16:57 - 2013-05-26 16:57 - 00000310 _____ C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
2013-07-20 10:30 - 2013-07-20 10:30 - 00329792 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-20 10:29 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\System32\config\BBI
2013-07-15 23:13 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\System32\oobe
2013-07-14 11:30 - 2012-07-26 08:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 21:47 - 2013-03-10 14:28 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

Files to move or delete:
====================
C:\Users\ALEXAN~1\AppData\Local\Temp\adjfgwrwyvkyxqqhq.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-24 11:10:03
Restore point made on: 2013-08-04 20:18:07
Restore point made on: 2013-08-10 21:48:31

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 3975.27 MB
Available physical RAM: 3300.26 MB
Total Pagefile: 3975.27 MB
Available Pagefile: 3316.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:428.88 GB) (Free:364.18 GB) NTFS
Drive d: () (Removable) (Total:7.47 GB) (Free:7.4 GB) NTFS (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B09BC0E6)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=7 GB) - (Type=07 NTFS)


LastRegBack: 2013-08-10 21:45

==================== End Of Log ============================
         
--- --- ---

Geändert von Sanjae60 (10.08.2013 um 23:23 Uhr)

Alt 11.08.2013, 07:54   #2
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner :( - Standard

GVU Trojaner :(



hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\Alexandra\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\ALEXAN~1\AppData\Local\Temp\adjfgwrwyvkyxqqhq.exe [59392 2013-08-10] (Valve) <===== ATTENTION
HKU\Alexandra\...\Winlogon: [Shell] cmd.exe [404992 2012-07-26] (Microsoft Corporation) <==== ATTENTION 
HKU\Alexandra\...\Command Processor: "C:\Users\ALEXAN~1\AppData\Local\Temp\adjfgwrwyvkyxqqhq.exe" <===== ATTENTION!
2013-08-10 21:40 - 2013-08-10 21:40 - 01084800 _____ C:\ProgramData\2433f433
2013-08-10 21:40 - 2013-08-10 21:40 - 01084787 _____ C:\Users\Alexandra\AppData\Roaming\2433f433
2013-08-10 21:40 - 2013-08-10 21:40 - 01084731 _____ C:\Users\Alexandra\AppData\Local\2433f433
C:\Users\ALEXAN~1\AppData\Local\Temp\adjfgwrwyvkyxqqhq.exe
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten
__________________

__________________

Alt 11.08.2013, 11:04   #3
Sanjae60
 
GVU Trojaner :( - Standard

GVU Trojaner :(



hier ist die gewünschte log datei

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-08-2013
Ran by SYSTEM at 2013-08-11 11:36:09 Run:1
Running from D:\
Boot Mode: Recovery
==============================================

HKU\Alexandra\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Alexandra\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Alexandra\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Alexandra\AppData\Roaming\2433f433 => Moved successfully.
C:\Users\Alexandra\AppData\Local\2433f433 => Moved successfully.
C:\Users\ALEXAN~1\AppData\Local\Temp\adjfgwrwyvkyxqqhq.exe => Moved successfully.

==== End of Fixlog ====
         

Laptop ist jetzt normal hoch gefahren!

habe sofort paar schritte weiter gemacht,

Log Datei von ADWCleaner
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 11/08/2013 um 11:45:27 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : Alexandra - VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alexandra\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Ordner Gelöscht : C:\Users\Alexandra\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Opera v12.16.1860.0

Datei : C:\Users\Alexandra\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [868 octets] - [11/08/2013 11:45:27]

########## EOF - C:\AdwCleaner[S1].txt - [927 octets] ##########
         



Log Datei von JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.2 (08.11.2013:1)
OS: Windows 8 x64
Ran by Alexandra on 11.08.2013 at 11:50:29,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Program Files (x86)\dll-files.com fixer"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.08.2013 at 11:53:38,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         






und Frische Log Datei von FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013
Ran by Alexandra (administrator) on 11-08-2013 11:55:10
Running from F:\
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ICQ) C:\Users\Alexandra\AppData\Roaming\ICQM\icq.exe
(McAfee, Inc.) C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-10-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-11-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-11-05] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-10-23] (Synaptics Incorporated)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [icq] - C:\Users\Alexandra\AppData\Roaming\ICQM\icq.exe [27598184 2013-05-27] (ICQ)
MountPoints2: {f1106f43-c15f-11e2-be81-a41731eb8e58} - "E:\setup.exe" 
MountPoints2: {f46376c7-e63c-11e2-be8c-a41731eb8e58} - "F:\HTC_Sync_Manager_PC.exe" 
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [299648 2012-07-24] (McAfee, Inc.)
Startup: C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Parental Controls.lnk
ShortcutTarget: McAfee Parental Controls.lnk -> C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe (McAfee, Inc.)
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0E604339-40DB-46A5-89C8-24D6370DA947} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms}
SearchScopes: HKCU - {B5673314-3D8E-4546-A764-5108AE1483B9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
R2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [2776256 2013-07-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-18] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-01-31] (Stardock Software, Inc)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1265824 2012-10-23] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-05] (Qualcomm Atheros)
R3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-11-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-05-26] (DT Soft Ltd)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-23] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-11 11:50 - 2013-08-11 11:50 - 00000000 ____D C:\Windows\ERUNT
2013-08-11 11:49 - 2013-08-11 11:49 - 00000995 _____ C:\Users\Alexandra\Desktop\AdwCleaner[S1].txt
2013-08-11 11:45 - 2013-08-11 11:45 - 00000995 _____ C:\AdwCleaner[S1].txt
2013-08-11 11:45 - 2013-08-11 11:44 - 00958573 _____ (Oleg N. Scherbakov) C:\Users\Alexandra\Desktop\JRT.exe
2013-08-11 11:45 - 2013-08-11 11:43 - 00666633 _____ C:\Users\Alexandra\Desktop\adwcleaner.exe
2013-08-11 00:54 - 2013-08-11 00:54 - 00000000 ____D C:\FRST
2013-07-20 11:30 - 2013-07-20 11:30 - 00329792 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 00:06 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-17 00:06 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-07-17 00:06 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml
2013-07-17 00:05 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-17 00:05 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-07-17 00:05 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-07-17 00:05 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-07-17 00:05 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-07-17 00:05 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-07-17 00:05 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-17 00:05 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-07-17 00:05 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-07-17 00:05 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-17 00:05 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-07-17 00:05 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-07-17 00:05 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-07-17 00:05 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-07-17 00:05 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-07-17 00:05 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-07-17 00:05 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-17 00:05 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-17 00:05 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-07-17 00:05 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-07-17 00:05 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-07-17 00:05 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-07-17 00:05 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-07-17 00:05 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-07-17 00:05 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-07-17 00:05 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-07-17 00:05 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-07-17 00:05 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-07-17 00:05 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-07-17 00:05 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-07-17 00:05 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-07-17 00:05 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

==================== One Month Modified Files and Folders =======

2013-08-11 11:53 - 2013-08-11 11:53 - 00000691 _____ C:\Users\Alexandra\Desktop\JRT.txt
2013-08-11 11:53 - 2013-02-20 22:38 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-08-11 11:53 - 2013-02-20 22:38 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-08-11 11:53 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-11 11:50 - 2013-08-11 11:50 - 00000000 ____D C:\Windows\ERUNT
2013-08-11 11:49 - 2013-08-11 11:49 - 00000995 _____ C:\Users\Alexandra\Desktop\AdwCleaner[S1].txt
2013-08-11 11:49 - 2013-05-26 17:57 - 00003112 _____ C:\Windows\System32\Tasks\RDReminder
2013-08-11 11:49 - 2013-05-24 16:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-11 11:47 - 2013-02-20 23:44 - 00000000 ____D C:\ProgramData\MOCP
2013-08-11 11:47 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-11 11:46 - 2013-02-20 23:05 - 01998083 _____ C:\Windows\WindowsUpdate.log
2013-08-11 11:46 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-08-11 11:45 - 2013-08-11 11:45 - 00000995 _____ C:\AdwCleaner[S1].txt
2013-08-11 11:45 - 2012-07-26 09:21 - 00034212 _____ C:\Windows\setupact.log
2013-08-11 11:44 - 2013-08-11 11:45 - 00958573 _____ (Oleg N. Scherbakov) C:\Users\Alexandra\Desktop\JRT.exe
2013-08-11 11:43 - 2013-08-11 11:45 - 00666633 _____ C:\Users\Alexandra\Desktop\adwcleaner.exe
2013-08-11 11:42 - 2013-03-09 13:46 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1686883395-3062666736-549955339-1001
2013-08-11 00:54 - 2013-08-11 00:54 - 00000000 ____D C:\FRST
2013-08-10 23:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-10 21:52 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-05 21:56 - 2013-04-21 21:02 - 00000000 ____D C:\Users\Alexandra\Neuer Ordner
2013-08-04 22:55 - 2013-03-23 10:16 - 00300032 ___SH C:\Users\Alexandra\Desktop\Thumbs.db
2013-07-27 12:26 - 2013-03-09 13:36 - 00000000 ____D C:\Users\Alexandra
2013-07-24 00:10 - 2013-04-06 22:57 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-24 00:10 - 2012-08-03 04:22 - 00012896 _____ C:\Windows\PFRO.log
2013-07-21 02:52 - 2013-03-18 23:14 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Adobe
2013-07-21 02:50 - 2013-05-24 16:16 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-20 17:57 - 2013-05-26 17:57 - 00000310 _____ C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
2013-07-20 11:30 - 2013-07-20 11:30 - 00329792 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-16 00:13 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-07-14 12:30 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-10 22:45

==================== End Of Log ============================
         
--- --- ---

--- --- ---






Und die Addition Log von FRST


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2013
Ran by Alexandra at 2013-08-11 11:55:51
Running from F:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
µTorrent (x32 Version: 3.3.0.29677)
ACID Music Studio 9.0 (x32 Version: 9.0.35)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03)  MUI (x32 Version: 11.0.03)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Aloha TriPeaks (x32 Version: 2.2.0.98)
Ashampoo Burning Studio 2013 v.11.0.5 (x32 Version: 11.0.5)
Bejeweled 3 (x32 Version: 2.2.0.98)
Build-a-lot: On Vacation (x32 Version: 2.2.0.110)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2126)
CyberLink PowerDVD (x32 Version: 9.0.5728.52)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Dll-Files Fixer (x32 Version: 1.0)
DVD Architect Studio 5.0 (x32 Version: 5.0.161)
FATE (x32 Version: 2.2.0.97)
FDUx86 (x32 Version: 1.0.0)
Football Manager 2013 v13.3.3 / RePack by irvins (x32)
Heroes of Hellas 3: Athens (x32 Version: 3.0.2.32)
ICQ 8.0 (build 6017) (HKCU Version: 8.0.6017.0)
Intel AppUp(R) center (x32 Version: 3.8.0.41505.25)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2849)
Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
KUx86 (x32 Version: 1.0.0)
Luxor HD (x32 Version: 2.2.0.110)
Mahjongg Artifacts (x32 Version: 2.2.0.110)
McAfee Parental Controls (x32 Version: 2.1.418.3)
Microsoft Office (x32 Version: 15.0.4420.1017)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Studio Platinum 12.0 (64-bit) (Version: 12.0.530)
MSVCRT Redists (Version: 1.0)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Opera 12.16 (x32 Version: 12.16.1860)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
PlayMemories Home (x32 Version: 6.3.02.07270)
Polar Bowler (x32 Version: 2.2.0.97)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.214)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6695)
Realtek PCIE Card Reader (x32 Version: 6.1.8400.28121)
Restore (x32 Version: 1.0.0)
rt8 (Version: 1.11)
Shared C Run-time for x64 (Version: 10.0.0)
Sound Forge Audio Studio 10.0 (x32 Version: 10.0.178)
SSLx64 (Version: 1.0.0)
SSLx86 (x32 Version: 1.0.0)
Synaptics Pointing Device Driver (Version: 16.2.16.2)
Update Installer for WildTangent Games App (x32)
Vacation Quest™ - Australia (x32 Version: 3.0.2.32)
VAIO - Xperia Link (x32 Version: 1.1.0.11020)
VAIO Care (Version: 8.1.0.10120)
VAIO Control Center (x32 Version: 6.1.0.10300)
VAIO Data Restore Tool (x32 Version: 1.10.0.07270)
VAIO Easy Connect (x32 Version: 1.3.0.09290)
VAIO Gate (x32 Version: 3.0.0.08140)
VAIO Gate Default (x32 Version: 3.1.0.10240)
VAIO Gesture Control (x32 Version: 2.1.0.10220)
VAIO Image Optimizer (x32 Version: 3.0.00.08170)
VAIO Improvement (x32 Version: 2.1.0.10220)
VAIO Media Server Settings (Version: 1.0.1.10170)
VAIO Movie Creator (x32 Version: 4.0.00.10170)
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170)
VAIO Update (x32 Version: 6.0.2.10230)
VAIO*CPU-Lüfterdiagnose (x32 Version: 1.1.0.09200)
VAIO-Handbuch (x32 Version: 3.0.0.08100)
VAIO-Hardwarediagnose-Plugin für VAIO Care (x32 Version: 4.7.0.11070)
VAIO-Support für Übertragungen (x32 Version: 1.9.0.11060)
VCCx64 (Version: 1.0.0)
VCCx86 (x32 Version: 1.0.0)
VGClientX64 (Version: 1.0.0)
VHD (x32 Version: 1.0.0)
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32)
VIx64 (Version: 1.0.0)
VIx86 (x32 Version: 1.0.0)
VMLx86 (x32 Version: 1.0.0)
VPMx64 (Version: 1.0.0)
VSSTx64 (Version: 1.0.0)
VSSTx86 (x32 Version: 1.0.0)
VU5x64 (Version: 1.0.0)
VU5x86 (x32 Version: 1.0.0)
VUx64 (Version: 1.0.0)
VUx86 (x32 Version: 1.0.0)
VWSTx86 (x32 Version: 1.0.0)
WildTangent Games App (x32 Version: 4.0.9.7)
WildTangent-Spiele (x32 Version: 1.0.4.0)
XperiaLinkx86 (x32 Version: 1.0.0)
Youda Jewel Shop (x32 Version: 3.0.2.32)

==================== Restore Points  =========================

24-07-2013 10:09:48 Geplanter Prüfpunkt
04-08-2013 19:17:52 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {01E9ED02-3D6D-4E90-8FDD-8CF12F15EC22} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient No File
Task: {04A978B4-957A-4E23-AEBC-C3A65612292B} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-10-22] (Sony Corporation)
Task: {05DD47D1-C432-4E6E-8DF9-DDC35D3A5174} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {0661FB25-0450-4253-82AC-9129EB9B8157} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {0ED3F59C-EF91-4392-9F9F-54DB2BC12F50} - System32\Tasks\Sony Corporation\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-11-08] (Sony Corporation)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1B4F02E8-92F4-4E4A-BA8C-BC1342BC77EE} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com No File
Task: {1BD3EE44-0BD3-4F70-A19A-A75BB5054C9A} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {1CBC0F53-5EF7-448E-856C-62CB7C0BA144} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1686883395-3062666736-549955339-1001
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {1E036A74-3E5F-4ECF-9027-B8242B2FEF4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {24D6CD33-357A-4509-8DA7-70DB42AB36A2} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3B2A454B-5CE9-4C45-85E6-5A3D796EE28A} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {4352CF01-35CA-4FF6-8B2E-2B01BF9476CB} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-23] (Sony Corporation)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {4E22721D-6E00-428B-B6C2-86308F554EAA} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {4EEB093E-CE96-4E48-BF97-264B823B21D9} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com No File
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {591E452F-E3B0-4720-91D2-EAB214732A09} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {599081E8-C317-433A-970C-4023DB7612AB} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {59B48BBB-63FA-437D-B1AB-3EF4D30FFCD7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-10-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {7211CDA9-E13F-4BB2-944F-7FE91C9A31E3} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {7E81BD7E-CB24-4342-A770-7D5728E3F2F5} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com No File
Task: {7F86E985-F062-4CC8-841B-A5526C0BEF54} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-14] (Sony Corporation)
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9EB3CA72-1B09-43A3-8102-297B29997214} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {A231E21C-D1E0-453B-ABCD-45324B60156D} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {A5A00C5D-8F01-4CC9-A5B0-3F4D605C69B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-21] (Adobe Systems Incorporated)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {A8561F78-2844-4AC6-BD15-B197A10F5681} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {AB360AAE-8982-4C94-B48A-2DE7F8CF759A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AD365E86-C300-40D4-ACB4-F1BD6577FBA1} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-10-23] (Sony Corporation)
Task: {AE2806A3-727A-48E6-8AEA-494AACB020D0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {BAF03EFE-C81E-42EF-B9AA-E48C80E0702B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C340B21C-C22D-421A-B152-4314C6135798} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2012-10-31] (Sony Corporation)
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E3F09EDE-03D2-43CD-A926-87BF39B0FA57} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2012-11-01] (Sony Corporation)
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8071FAE-8182-444B-8143-9DFD6857ED4C} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2012-10-31] (Sony Corporation)
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-10-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {EC1FB769-7DA4-46F3-AE27-61A59ED47566} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/10/2013 10:35:14 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (08/09/2013 10:40:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: VAIO)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147467263. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/09/2013 10:40:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: VAIO)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147467263. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/09/2013 10:40:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: VAIO)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147467263. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/05/2013 04:00:34 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (07/29/2013 01:22:17 AM) (Source: SampleCollector) (User: )
Description: init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (07/27/2013 01:12:15 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (07/25/2013 01:53:29 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (07/23/2013 05:07:10 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (07/23/2013 04:12:39 PM) (Source: SampleCollector) (User: )
Description: init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.


System errors:
=============
Error: (08/11/2013 11:37:04 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎11.‎08.‎2013 um 11:34:07 unerwartet heruntergefahren.

Error: (08/11/2013 00:29:05 AM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{66024C41-A4CE-465A-BE9C-CC1A6EA83252}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/10/2013 11:29:39 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎10.‎08.‎2013 um 23:18:16 unerwartet heruntergefahren.

Error: (08/10/2013 11:17:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Content Filter" ist vom Dienst "McAfee Firewall Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/10/2013 11:17:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Firewall Core Service" ist vom Dienst "McAfee Validation Trust Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/10/2013 11:17:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/10/2013 11:17:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/10/2013 11:17:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/10/2013 11:17:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%31

Error: (08/10/2013 11:17:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Validation Trust Protection Service" ist vom Dienst "McAfee Inc. mfehidk" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%31


Microsoft Office Sessions:
=========================
Error: (08/10/2013 10:35:14 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (08/09/2013 10:40:31 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: VAIO)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147467263

Error: (08/09/2013 10:40:31 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: VAIO)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147467263

Error: (08/09/2013 10:40:31 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: VAIO)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147467263

Error: (08/05/2013 04:00:34 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (07/29/2013 01:22:17 AM) (Source: SampleCollector)(User: )
Description: init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (07/27/2013 01:12:15 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (07/25/2013 01:53:29 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (07/23/2013 05:07:10 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (07/23/2013 04:12:39 PM) (Source: SampleCollector)(User: )
Description: init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.


==================== Memory info =========================== 

Percentage of memory in use: 33%
Total physical RAM: 3975.27 MB
Available physical RAM: 2638.88 MB
Total Pagefile: 4743.27 MB
Available Pagefile: 3343.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:428.88 GB) (Free:364.49 GB) NTFS
Drive e: (FM2013) (CDROM) (Total:5.91 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:7.47 GB) (Free:7.4 GB) NTFS (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B09BC0E6)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 11.08.2013, 16:19   #4
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner :( - Standard

GVU Trojaner :(




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.08.2013, 16:29   #5
Sanjae60
 
GVU Trojaner :( - Standard

GVU Trojaner :(



habe eset schon durchgeführt aber schon alles gelöscht und 1 infizierte datei entfernt, sorry

hier log von securitycheck

Code:
ATTFilter
Results of screen317's Security Check version 0.99.72  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 9  
 Java version out of Date! 
 Adobe Flash Player 	11.8.800.94  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MsMpEng.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         



hier die FRST log

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013
Ran by Alexandra (administrator) on 11-08-2013 17:28:08
Running from F:\
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.EXE
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files\Sony\VAIO Care\listener.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-10-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-11-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-11-05] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-10-23] (Synaptics Incorporated)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
MountPoints2: {f1106f43-c15f-11e2-be81-a41731eb8e58} - "E:\setup.exe" 
MountPoints2: {f46376c7-e63c-11e2-be8c-a41731eb8e58} - "F:\HTC_Sync_Manager_PC.exe" 
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
Startup: C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0E604339-40DB-46A5-89C8-24D6370DA947} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms}
SearchScopes: HKCU - {B5673314-3D8E-4546-A764-5108AE1483B9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-18] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-01-31] (Stardock Software, Inc)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1265824 2012-10-23] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros)
S4 McOobeSv2; "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x]

==================== Drivers (Whitelisted) ====================

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-05] (Qualcomm Atheros)
R3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-11-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-05-26] (DT Soft Ltd)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-23] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-11 11:45 - 2013-08-11 11:45 - 00000995 _____ C:\AdwCleaner[S1].txt
2013-08-11 00:54 - 2013-08-11 00:54 - 00000000 ____D C:\FRST
2013-07-20 11:30 - 2013-07-20 11:30 - 00329792 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 00:06 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-17 00:06 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-07-17 00:06 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml
2013-07-17 00:05 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-17 00:05 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-07-17 00:05 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-07-17 00:05 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-07-17 00:05 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-07-17 00:05 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-07-17 00:05 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-17 00:05 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-07-17 00:05 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-07-17 00:05 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-17 00:05 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-07-17 00:05 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-07-17 00:05 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-07-17 00:05 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-07-17 00:05 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-07-17 00:05 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-07-17 00:05 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-17 00:05 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-17 00:05 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-07-17 00:05 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-07-17 00:05 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-07-17 00:05 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-07-17 00:05 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-07-17 00:05 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-07-17 00:05 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-07-17 00:05 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-07-17 00:05 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-07-17 00:05 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-07-17 00:05 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-07-17 00:05 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-07-17 00:05 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-07-17 00:05 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

==================== One Month Modified Files and Folders =======

2013-08-11 17:24 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-11 17:23 - 2013-02-20 22:38 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-08-11 17:23 - 2013-02-20 22:38 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-08-11 17:23 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-11 14:49 - 2013-05-24 16:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-11 14:06 - 2013-03-09 13:46 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1686883395-3062666736-549955339-1001
2013-08-11 13:53 - 2012-08-03 04:22 - 00014706 _____ C:\Windows\PFRO.log
2013-08-11 13:53 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-11 13:52 - 2013-02-20 23:05 - 02008148 _____ C:\Windows\WindowsUpdate.log
2013-08-11 13:52 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-08-11 13:47 - 2013-05-26 17:25 - 00000000 ____D C:\Program Files (x86)\R.G.Games
2013-08-11 11:50 - 2013-08-11 11:50 - 00000000 ____D C:\Windows\ERUNT
2013-08-11 11:45 - 2013-08-11 11:45 - 00000995 _____ C:\AdwCleaner[S1].txt
2013-08-11 11:45 - 2012-07-26 09:21 - 00034212 _____ C:\Windows\setupact.log
2013-08-11 00:54 - 2013-08-11 00:54 - 00000000 ____D C:\FRST
2013-08-10 21:52 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-05 21:56 - 2013-04-21 21:02 - 00000000 ____D C:\Users\Alexandra\Neuer Ordner
2013-08-04 22:55 - 2013-03-23 10:16 - 00300032 ___SH C:\Users\Alexandra\Desktop\Thumbs.db
2013-07-27 12:26 - 2013-03-09 13:36 - 00000000 ____D C:\Users\Alexandra
2013-07-24 00:10 - 2013-04-06 22:57 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-21 02:52 - 2013-03-18 23:14 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Adobe
2013-07-21 02:50 - 2013-05-24 16:16 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-20 11:30 - 2013-07-20 11:30 - 00329792 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-16 00:13 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-07-14 12:30 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-11 12:00

==================== End Of Log ============================
         
--- --- ---


Alt 11.08.2013, 16:48   #6
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner :( - Standard

GVU Trojaner :(



Java updaten.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
--> GVU Trojaner :(

Alt 11.08.2013, 16:52   #7
Sanjae60
 
GVU Trojaner :( - Standard

GVU Trojaner :(



Vielen dank für deine hilfe! 10000 dank

Alt 12.08.2013, 07:32   #8
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner :( - Standard

GVU Trojaner :(



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu GVU Trojaner :(
adobe, adobe flash player, association, defender, desktop, dringend, explorer, farbar, farbar recovery scan tool, file, flash player, home, log, log file, microsoft, neu, problem, realtek, registry, scan, services.exe, software, svchost.exe, system, temp, trojaner, winlogon.exe, wlan



Zum Thema GVU Trojaner :( - Guten Abend an alle, bin neu hier hab n dickes Problem, hab nen GVU trojaner eingefangen bzw, meine Freundin, es kam eine meldung Java Update von Oracle, freundin ok gedrückt, - GVU Trojaner :(...
Archiv
Du betrachtest: GVU Trojaner :( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.