Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.09.2013, 14:12   #1
Josef 1972
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Guten Tag. Ich habe einen Laptop mit Windows Vista. Ich habe einen GVU-Trojaner. Starten im abgesicherten Modus nicht möglich. Bildschirm gesperrt. Können Sie mir helfen?
Gruß Josef 1972

Alt 01.09.2013, 16:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hallo und

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 01.09.2013, 19:59   #3
Josef 1972
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-09-2013
Ran by SYSTEM on MINWINPC on 01-09-2013 20:51:50
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [3784704 2006-11-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [WarReg_PopUp] - C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [453120 2006-11-16] (HiTRUST)
HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\LManager.exe [659456 2006-12-20] (Dritek System Inc.)
HKLM\...\Run: [ToADiMon.exe] - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [282624 2006-10-13] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [90191 2006-11-17] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [7753728 2006-11-17] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2006-11-17] (NVIDIA Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [BindDirectlyToPropertySetStorage] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\sonja\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\sonja\...\Run: [Emoly] - C:\Users\sonja\AppData\Roaming\Uhbu\taki.exe [ 2010-09-18] (HitSonic Solutions)
HKU\sonja\...\Run: [Nabutol] - C:\Users\sonja\AppData\Roaming\Afed\tukor.exe [ 2010-12-01] (HitSonic Solutions)
HKU\sonja\...\Run: [IExplorer Util] - C:\Users\sonja\AppData\Roaming\ie_util.exe [ 2013-08-31] (HitSonic Solutions)
HKU\sonja\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\sonja\AppData\Local\Temp\ramgbusatumvkewij.exe [ 2013-09-01] (Valve Corporation) <===== ATTENTION
HKU\sonja\...\Command Processor: "C:\Users\sonja\AppData\Local\Temp\ramgbusatumvkewij.exe" <===== ATTENTION!

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
S2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2006-11-30] (Acer Inc.)
S2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [118784 2006-11-20] (Acer Inc.)
S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [45056 2006-11-16] (Acer Inc.)
S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2006-11-12] ()
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] ()
S2 MZCCntrl; C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe [61440 2006-10-04] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-20] ()
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361728 2009-07-20] (TuneUp Software GmbH)
S2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [131072 2006-12-01] (acer)
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-30] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-30] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-30] (Avira Operations GmbH & Co. KG)
S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
S2 int15; C:\Windows\system32\drivers\int15.sys [69632 2006-11-12] ()
S3 MACNDIS5; C:\PROGRA~1\COMMON~1\MARMIK~1\MACNDIS5.SYS [17280 2006-10-03] (Marmiko IT-Solutions GmbH)
S0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [10624 2006-11-10] (HiTRUST)
S0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [7936 2006-11-10] (HiTRUST)
S0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [53760 2006-11-08] (HiTRUST)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-06] (Avira GmbH)
S0 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [13952 2006-08-28] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-01 02:21 - 2013-09-01 02:21 - 00163079 _____ C:\Users\sonja\AppData\Local\2433f433
2013-09-01 02:21 - 2013-09-01 02:21 - 00163047 _____ C:\Users\sonja\AppData\Roaming\2433f433
2013-09-01 02:21 - 2013-09-01 02:21 - 00163041 _____ C:\ProgramData\2433f433
2013-08-31 02:17 - 2013-08-31 02:17 - 00112640 _____ (HitSonic Solutions) C:\Users\sonja\AppData\Roaming\ie_util.exe
2013-08-31 02:16 - 2013-09-01 03:44 - 00000000 ____D C:\Users\sonja\AppData\Roaming\Xeews
2013-08-31 02:16 - 2013-09-01 03:44 - 00000000 ____D C:\Users\sonja\AppData\Roaming\Eqcur
2013-08-31 02:16 - 2013-08-31 02:16 - 00000000 ____D C:\Users\sonja\AppData\Roaming\Yzkiv
2013-08-31 02:16 - 2013-08-31 02:16 - 00000000 ____D C:\Users\sonja\AppData\Roaming\Uhbu
2013-08-31 02:16 - 2013-08-31 02:16 - 00000000 ____D C:\Users\sonja\AppData\Roaming\Aqufm
2013-08-31 02:16 - 2013-08-31 02:16 - 00000000 ____D C:\Users\sonja\AppData\Roaming\Afed
2013-08-29 00:00 - 2013-08-01 20:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-16 05:18 - 2013-08-16 05:20 - 00000000 ____D C:\Windows\System32\MRT
2013-08-16 05:01 - 2013-07-24 18:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-16 05:01 - 2013-07-24 18:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-16 05:01 - 2013-07-24 18:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-16 05:01 - 2013-07-24 18:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-16 05:01 - 2013-07-24 18:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-16 05:01 - 2013-07-24 18:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-08-16 05:01 - 2013-07-24 18:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-08-16 05:01 - 2013-07-24 18:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-16 05:01 - 2013-07-24 18:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-16 05:01 - 2013-07-24 18:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-16 05:01 - 2013-07-24 18:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-16 05:01 - 2013-07-24 18:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-08-16 05:01 - 2013-07-24 18:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-08-16 05:01 - 2013-07-24 18:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-16 05:01 - 2013-07-24 18:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-16 05:01 - 2013-07-24 18:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-08-15 03:06 - 2013-07-17 11:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-15 03:06 - 2013-07-10 01:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-15 03:06 - 2013-07-09 04:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-15 03:06 - 2013-07-07 20:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-08-15 03:06 - 2013-07-07 20:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-15 03:06 - 2013-07-07 20:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-15 03:06 - 2013-07-07 20:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-15 03:06 - 2013-07-07 20:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-15 03:06 - 2013-07-07 20:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-15 03:06 - 2013-07-04 20:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-15 03:06 - 2013-06-15 05:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll
2013-08-15 03:06 - 2013-06-15 03:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-01 20:51 - 2013-09-01 20:51 - 00000000 ____D C:\FRST
2013-09-01 05:26 - 2006-11-02 04:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 05:26 - 2006-11-02 04:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 05:25 - 2007-02-03 15:14 - 01156298 _____ C:\Windows\WindowsUpdate.log
2013-09-01 04:03 - 2006-11-02 02:33 - 01472290 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-01 03:45 - 2007-02-03 08:32 - 00013025 _____ C:\Users\sonja\AppData\Roaming\nvModes.001
2013-09-01 03:44 - 2013-08-31 02:16 - 00000000 ____D C:\Users\sonja\AppData\Roaming\Xeews
2013-09-01 03:44 - 2013-08-31 02:16 - 00000000 ____D C:\Users\sonja\AppData\Roaming\Eqcur
2013-09-01 02:21 - 2013-09-01 02:21 - 00163079 _____ C:\Users\sonja\AppData\Local\2433f433
2013-09-01 02:21 - 2013-09-01 02:21 - 00163047 _____ C:\Users\sonja\AppData\Roaming\2433f433
2013-09-01 02:21 - 2013-09-01 02:21 - 00163041 _____ C:\ProgramData\2433f433
2013-08-31 02:17 - 2013-08-31 02:17 - 00112640 _____ (HitSonic Solutions) C:\Users\sonja\AppData\Roaming\ie_util.exe
2013-08-31 02:16 - 2013-08-31 02:16 - 00000000 ____D C:\Users\sonja\AppData\Roaming\Yzkiv
2013-08-31 02:16 - 2013-08-31 02:16 - 00000000 ____D C:\Users\sonja\AppData\Roaming\Uhbu
2013-08-31 02:16 - 2013-08-31 02:16 - 00000000 ____D C:\Users\sonja\AppData\Roaming\Aqufm
2013-08-31 02:16 - 2013-08-31 02:16 - 00000000 ____D C:\Users\sonja\AppData\Roaming\Afed
2013-08-31 02:01 - 2007-02-03 08:32 - 00013025 _____ C:\Users\sonja\AppData\Roaming\nvModes.dat
2013-08-25 00:26 - 2007-02-11 04:47 - 00002637 _____ C:\Users\sonja\Desktop\Microsoft Office Word.lnk
2013-08-18 04:20 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-16 10:53 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-08-16 05:36 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-08-16 05:20 - 2013-08-16 05:18 - 00000000 ____D C:\Windows\System32\MRT
2013-08-16 05:18 - 2006-11-02 02:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe

Files to move or delete:
====================
C:\Users\sonja\AppData\Local\Temp\ramgbusatumvkewij.exe
C:\Users\sonja\AppData\Local\Temp\ramgbusatumvkewij.dll
C:\Users\sonja\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\sonja\AppData\Local\Temp\tmp657f13ab\878975675.exe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 1790.06 MB
Available physical RAM: 1550.82 MB
Total Pagefile: 1732 MB
Available Pagefile: 1605.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.97 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:70.62 GB) (Free:38.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (ACERDATA) (Fixed) (Total:70.61 GB) (Free:70.51 GB) NTFS
Drive f: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
Drive x: (PQSERVICE) (Fixed) (Total:7.8 GB) (Free:2.02 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: CF1FCF1F)
Partition 1: (Not Active) - (Size=8 GB) - (Type=12)
Partition 2: (Active) - (Size=71 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=71 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 489 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=489 MB) - (Type=06)


LastRegBack: 2013-09-01 04:05

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 02.09.2013, 10:06   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\sonja\...\Run: [Emoly] - C:\Users\sonja\AppData\Roaming\Uhbu\taki.exe [ 2010-09-18] (HitSonic Solutions)
HKU\sonja\...\Run: [Nabutol] - C:\Users\sonja\AppData\Roaming\Afed\tukor.exe [ 2010-12-01] (HitSonic Solutions)
HKU\sonja\...\Run: [IExplorer Util] - C:\Users\sonja\AppData\Roaming\ie_util.exe [ 2013-08-31] (HitSonic Solutions)
HKU\sonja\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\sonja\AppData\Local\Temp\ramgbusatumvkewij.exe [ 2013-09-01] (Valve Corporation) <===== ATTENTION
HKU\sonja\...\Command Processor: "C:\Users\sonja\AppData\Local\Temp\ramgbusatumvkewij.exe" <===== ATTENTION!
C:\Users\sonja\AppData\Roaming\ie_util.exe
C:\Users\sonja\AppData\Local\Temp\ramgbusatumvkewij.exe
C:\Users\sonja\AppData\Local\Temp\ramgbusatumvkewij.dll
C:\Users\sonja\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\sonja\AppData\Local\Temp\tmp657f13ab
C:\Users\sonja\AppData\Roaming\Yzkiv
C:\Users\sonja\AppData\Roaming\Uhbu
C:\Users\sonja\AppData\Roaming\Aqufm
C:\Users\sonja\AppData\Roaming\Afed
C:\Users\sonja\AppData\Roaming\Xeews
C:\Users\sonja\AppData\Roaming\Eqcur
C:\Users\sonja\AppData\Local\2433f433
C:\Users\sonja\AppData\Roaming\2433f433
C:\ProgramData\2433f433
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.09.2013, 16:32   #5
Josef 1972
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-09-2013
Ran by SYSTEM at 2013-09-02 17:30:01 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\sonja\...\Run: [Emoly] - C:\Users\sonja\AppData\Roaming\Uhbu\taki.exe [ 2010-09-18] (HitSonic Solutions)
HKU\sonja\...\Run: [Nabutol] - C:\Users\sonja\AppData\Roaming\Afed\tukor.exe [ 2010-12-01] (HitSonic Solutions)
HKU\sonja\...\Run: [IExplorer Util] - C:\Users\sonja\AppData\Roaming\ie_util.exe [ 2013-08-31] (HitSonic Solutions)
HKU\sonja\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\sonja\AppData\Local\Temp\ramgbusatumvkewij.exe [ 2013-09-01] (Valve Corporation) <===== ATTENTION
HKU\sonja\...\Command Processor: "C:\Users\sonja\AppData\Local\Temp\ramgbusatumvkewij.exe" <===== ATTENTION!
C:\Users\sonja\AppData\Roaming\ie_util.exe
C:\Users\sonja\AppData\Local\Temp\ramgbusatumvkewij.exe
C:\Users\sonja\AppData\Local\Temp\ramgbusatumvkewij.dll
C:\Users\sonja\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\sonja\AppData\Local\Temp\tmp657f13ab
C:\Users\sonja\AppData\Roaming\Yzkiv
C:\Users\sonja\AppData\Roaming\Uhbu
C:\Users\sonja\AppData\Roaming\Aqufm
C:\Users\sonja\AppData\Roaming\Afed
C:\Users\sonja\AppData\Roaming\Xeews
C:\Users\sonja\AppData\Roaming\Eqcur
C:\Users\sonja\AppData\Local\2433f433
C:\Users\sonja\AppData\Roaming\2433f433
C:\ProgramData\2433f433

*****************

HKU\sonja\Software\Microsoft\Windows\CurrentVersion\Run\\Emoly => Value deleted successfully.
HKU\sonja\Software\Microsoft\Windows\CurrentVersion\Run\\Nabutol => Value deleted successfully.
HKU\sonja\Software\Microsoft\Windows\CurrentVersion\Run\\IExplorer Util => Value deleted successfully.
HKU\sonja\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\sonja\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\sonja\AppData\Roaming\ie_util.exe => Moved successfully.
C:\Users\sonja\AppData\Local\Temp\ramgbusatumvkewij.exe => Moved successfully.
C:\Users\sonja\AppData\Local\Temp\ramgbusatumvkewij.dll => Moved successfully.
C:\Users\sonja\AppData\Local\Temp\RtkBtMnt.exe => Moved successfully.
C:\Users\sonja\AppData\Local\Temp\tmp657f13ab => Moved successfully.
C:\Users\sonja\AppData\Roaming\Yzkiv => Moved successfully.
C:\Users\sonja\AppData\Roaming\Uhbu => Moved successfully.
C:\Users\sonja\AppData\Roaming\Aqufm => Moved successfully.
C:\Users\sonja\AppData\Roaming\Afed => Moved successfully.
C:\Users\sonja\AppData\Roaming\Xeews => Moved successfully.
C:\Users\sonja\AppData\Roaming\Eqcur => Moved successfully.
C:\Users\sonja\AppData\Local\2433f433 => Moved successfully.
C:\Users\sonja\AppData\Roaming\2433f433 => Moved successfully.
C:\ProgramData\2433f433 => Moved successfully.

==== End of Fixlog ====
         


Alt 02.09.2013, 20:52   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Startet Windows wieder normal? Sag ja
__________________
--> GVU-Trojaner eingefangen

Alt 02.09.2013, 21:37   #7
Josef 1972
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Ich sage "ja"

Alt 02.09.2013, 21:51   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Gut, Dann bitte ein neues Log mit FRST machen im normalen Modus:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.09.2013, 06:41   #9
Josef 1972
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-09-2013
Ran by sonja (administrator) on SONJA-PC on 03-09-2013 07:35:03
Running from F:\
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Acer\Mobility Center\MobilityService.exe
(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Acer Inc.) C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
(Acer Inc.) C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
(Acer Inc.) C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
(Realtek Semiconductor Corp.) C:\Users\sonja\AppData\Local\Temp\RtkBtMnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [3784704 2006-11-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [WarReg_PopUp] - C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [453120 2006-11-17] (HiTRUST)
HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\LManager.exe [659456 2006-12-21] (Dritek System Inc.)
HKLM\...\Run: [ToADiMon.exe] - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [282624 2006-10-13] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [90191 2006-11-18] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [7753728 2006-11-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2006-11-18] (NVIDIA Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [BindDirectlyToPropertySetStorage] 0
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=16B22EB1-2E9B-4077-819C-3C5F0CF7E838&apn_sauid=08477D03-B515-4DA8-9C25-BEE35599ED8C
SearchScopes: HKCU - {C2582797-CC8E-464C-898A-AA1A482CAA5B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll (HiTRUST)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2006-11-30] (Acer Inc.)
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [118784 2006-11-20] (Acer Inc.)
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [45056 2006-11-16] (Acer Inc.)
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2006-11-13] ()
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] ()
R2 MZCCntrl; C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe [61440 2006-10-04] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-20] ()
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361728 2009-07-20] (TuneUp Software GmbH)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [131072 2006-12-01] (acer)
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-30] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2006-11-13] ()
S3 MACNDIS5; C:\PROGRA~1\COMMON~1\MARMIK~1\MACNDIS5.SYS [17280 2006-10-04] (Marmiko IT-Solutions GmbH)
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [10624 2006-11-10] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [7936 2006-11-10] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [53760 2006-11-08] (HiTRUST)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-06] (Avira GmbH)
R0 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [13952 2006-08-29] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 10:00 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 15:18 - 2013-08-16 15:20 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 15:01 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 15:01 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 15:01 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 15:01 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 15:01 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 15:01 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-16 15:01 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-16 15:01 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 15:01 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 15:01 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 15:01 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 15:01 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-16 15:01 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-16 15:01 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 15:01 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 15:01 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-15 13:06 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 13:06 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 13:06 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 13:06 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-15 13:06 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 13:06 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 13:06 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 13:06 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 13:06 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 13:06 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 13:06 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-15 13:06 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-03 07:34 - 2007-02-04 01:14 - 01162768 _____ C:\Windows\WindowsUpdate.log
2013-09-03 07:34 - 2006-11-02 14:52 - 00066122 _____ C:\Windows\setupact.log
2013-09-03 07:31 - 2009-07-20 20:25 - 00000500 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2013-09-03 07:31 - 2007-02-03 18:32 - 00013025 _____ C:\Users\sonja\AppData\Roaming\nvModes.dat
2013-09-03 07:31 - 2007-02-03 18:32 - 00013025 _____ C:\Users\sonja\AppData\Roaming\nvModes.001
2013-09-03 07:31 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-03 07:31 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-03 07:30 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 06:51 - 2013-09-02 06:51 - 00000000 ____D C:\FRST
2013-09-01 15:26 - 2006-11-02 15:01 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-01 14:03 - 2006-11-02 12:33 - 01472290 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-25 10:26 - 2007-02-11 14:47 - 00002637 _____ C:\Users\sonja\Desktop\Microsoft Office Word.lnk
2013-08-18 14:20 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-16 20:53 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-16 15:36 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-16 15:20 - 2013-08-16 15:18 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 15:18 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Files to move or delete:
====================
C:\Users\sonja\AppData\Local\Temp\RtkBtMnt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-03 07:36

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-09-2013
Ran by sonja at 2013-09-03 07:36:17
Running from F:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Acer Arcade Deluxe (Version: 1.0.3605)
Acer eDataSecurity Management (Version: 2.5.3023)
Acer eLock Management (Version: 2.5.3003)
Acer Empowering Technology (Version: 2.5.3002)
Acer eNet Management (Version: 2.6.3001)
Acer ePower Management (Version: 2.5.3005)
Acer ePresentation Management (Version: 2.5.3001)
Acer eSettings Management (Version: 2.5.3000)
Acer GridVista (Version: 2.59.1123)
Acer Mobility Center Plug-In (Version: 1.0.3003)
Acer ScreenSaver (Version: 1.00.0000)
Acer Tour (Version: 1.1.3001)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Avira Free Antivirus (Version: 13.0.0.3885)
Camera RAW Plug-In for EPSON Creativity Suite (Version: 2.1.0.0)
CDBurnerXP (Version: 4.5.2.4214)
CX4300_5500_DX4400 Handbuch
EPSON Attach To Email (Version: 1.01.0000)
EPSON Copy Utility 3 (Version: 3.2.0.0)
EPSON Easy Photo Print (Version: 1.4.2.0)
EPSON File Manager (Version: 1.3.0.0)
EPSON Scan
EPSON Scan Assistant (Version: 1.10.00)
EPSON-Drucker-Software
HDAUDIO Soft Data Fax Modem with SmartCP
Java 7 Update 13 (Version: 7.0.130)
Java Auto Updater (Version: 2.1.9.0)
Launch Manager
LightScribe  1.4.124.1 (Version: 1.4.124.1)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Picture It! Foto Premium 9 (Version: 9.0.0.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Müller Foto (Version: 4.8.4)
NTI Backup NOW! 4.7 (Version: 4)
NTI CD & DVD-Maker (Version: 7)
NVIDIA Drivers
PowerProducer
Realtek High Definition Audio Driver (Version: 6.0.1.5322)
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer (Version: 1.00.0000)
Samsung Samples Installer (Version: 1.00.0000)
Synaptics Pointing Device Driver (Version: 9.0.3.0)
SYNDICA
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 1.23.0000)
TIPCI (Version: 1.23.0000)
T-Online 6.0
T-Online WLAN-Access Finder
TuneUp Utilities 2008 (Version: 7.0.8009)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
 

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {206585C8-5A19-4CBC-958D-EE068047463B} - System32\Tasks\Microsoft\Windows\RestartManager\{EA69571B-C7FD-4fc6-B7C0-97FE7107F253} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {264764E2-170D-431F-83C4-151371AD80D1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {57FCD153-BA38-4124-BABD-A48A8FC07EA1} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {6261CF3E-7AB7-4DD6-AB8D-FAE8C72AE2EE} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-21] (TuneUp Software GmbH)
Task: {871A9418-8974-4EEE-BA6F-C8C9A140E313} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {87DEF2B2-AFC2-44C5-96C8-9E0978D64000} - System32\Tasks\User_Feed_Synchronization-{D708547A-24A0-444D-99DC-3CDCC07D9A01} => C:\Windows\system32\msfeedssync.exe [2013-02-06] (Microsoft Corporation)
Task: {96CA374B-9B78-4D0B-83AE-C19C06E8D6DF} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\pla.dll [2008-01-19] (Microsoft Corporation)
Task: {DD7DC375-CCD8-4157-B32F-909A781C51CD} - System32\Tasks\Microsoft\Windows\RestartManager\{6F8DBF55-B052-4996-AF99-4F19A7C517B6} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

==================== Loaded Modules (whitelisted) =============

2013-02-05 14:08 - 2009-04-11 00:28 - 02012160 _____ (Microsoft Corporation) C:\Windows\system32\milcore.dll
2007-01-06 02:22 - 2006-11-18 06:07 - 03055616 _____ (NVidia Corporation) C:\Windows\system32\nvd3dum.dll
2006-11-16 14:19 - 2006-11-16 14:19 - 00037376 _____ () C:\Windows\system32\MsnChatHook.dll
2006-11-16 20:10 - 2006-11-16 20:10 - 00286720 _____ (HiTRUST) C:\Windows\system32\sysenv.dll
2006-11-16 14:18 - 2006-11-16 14:18 - 00063488 _____ () C:\Windows\system32\ShowErrMsg.dll
2013-02-05 14:07 - 2009-04-11 00:28 - 00099328 _____ (Microsoft Corporation) C:\PROGRA~1\WI4EB4~1\wmpband.dll
2006-11-02 10:34 - 2006-11-02 11:46 - 00869376 _____ (Microsoft Corporation) C:\Windows\system32\WINBRAND.dll
2013-02-05 15:22 - 2010-05-04 21:13 - 00231424 _____ (Microsoft Corporation) C:\Windows\System32\msshsq.dll
2013-02-05 10:45 - 2008-01-19 00:33 - 00397312 _____ (Microsoft Corporation) C:\Windows\system32\audioeng.dll
2013-02-05 10:45 - 2008-01-19 00:34 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2008-08-10 07:06 - 2008-01-19 09:35 - 02243072 _____ (Microsoft Corporation) C:\Windows\System32\NLSData0007.dll
2013-02-05 14:08 - 2009-04-11 00:28 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\wscntfy.dll
2007-02-03 18:37 - 2006-09-04 11:41 - 00028672 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll
2013-02-05 15:46 - 2011-03-10 19:03 - 01136640 _____ (Microsoft Corporation) C:\Windows\system32\MFC42.DLL
2013-02-05 14:09 - 2009-04-11 00:28 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2013-02-05 14:08 - 2009-04-11 00:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\WDSCORE.dll
2006-11-16 14:18 - 2006-11-16 14:18 - 00151552 _____ (HiTRUST) C:\Windows\system32\eDStoolbar.dll
2006-11-16 14:20 - 2006-11-16 14:20 - 00299008 _____ (HiTRUST) C:\Windows\system32\ActiveToolBand.dll
2006-12-02 09:31 - 2006-11-07 03:34 - 01766912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2013-02-05 10:44 - 2008-01-19 00:37 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2006-12-02 09:24 - 2006-10-23 20:55 - 00163840 _____ (Synaptics, Inc.) C:\Windows\system32\SynCOM.dll
2006-12-02 09:24 - 2006-10-23 20:55 - 00143360 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll
2006-11-16 14:19 - 2006-11-16 14:19 - 00109568 _____ (HiTRUST) C:\Windows\system32\ADMIN_CLASS_LIB.dll
2006-11-16 23:41 - 2006-11-16 23:41 - 00237568 _____ (HiTRSUT) C:\Windows\system32\keyManager.dll
2006-09-29 17:13 - 2006-09-29 17:13 - 00401408 _____ (HiTRUST) C:\Windows\system32\CryptoAPI.dll
2006-11-16 14:18 - 2006-11-16 14:18 - 00120832 _____ (HiTRUST) C:\Windows\system32\PSDUtil.dll
2007-02-03 18:30 - 2007-02-03 18:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\MFC80DEU.DLL
2007-01-06 02:23 - 2006-08-11 23:55 - 00098378 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\ComFnUtl.dll
2007-01-06 02:23 - 2001-11-27 19:37 - 00061440 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\SzUPFUtl.dll
2007-01-06 02:23 - 2006-03-10 04:34 - 00147530 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\OSDUtl.dll
2007-01-06 02:23 - 2000-07-22 17:01 - 00049152 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\RgnMaker.dll
2007-01-06 02:23 - 2002-09-04 11:02 - 00040960 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\CDRomUtl.dll
2007-01-06 02:23 - 2000-10-27 12:32 - 00061440 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\MixerUtl.dll
2007-01-06 02:23 - 2000-08-29 13:13 - 00053248 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\Wnd2File.dll
2007-01-06 02:23 - 2000-07-28 09:57 - 00049152 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\SzPtcUtl.dll
2007-01-06 02:23 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2007-01-06 02:23 - 2005-10-08 04:01 - 00077824 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\LgKCUtl.Dll
2007-01-06 02:23 - 2006-03-16 01:54 - 00057344 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\DialCnt.Dll
2007-01-06 02:23 - 2006-12-07 02:26 - 00151552 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\VistaVol.DLL
2007-01-06 02:23 - 2006-12-09 00:36 - 00221184 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\MMDUtl.DLL
2007-01-06 02:22 - 2006-11-18 06:07 - 00299008 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2007-03-31 17:23 - 2006-10-30 09:55 - 00106496 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ADialHlp.dll
2007-03-31 17:23 - 2006-10-12 21:55 - 00057344 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ADialHRC.dll
2007-03-31 17:23 - 2006-10-03 20:05 - 00057344 _____ (Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MMSOSINQ.dll
2007-03-31 17:23 - 2006-10-31 12:35 - 00167936 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MSYSTINQ.dll
2007-03-31 17:23 - 2006-10-11 20:50 - 00077824 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MLIB32.dll
2007-03-31 17:23 - 2006-10-12 21:55 - 00049152 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ADParmIF.dll
2007-03-31 17:23 - 2006-10-13 14:27 - 00299008 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMRC.dll
2011-02-20 00:03 - 2011-02-20 00:03 - 04422992 _____ (Microsoft Corporation) C:\Windows\system32\mfc100u.dll
2011-02-19 01:40 - 2011-02-19 01:40 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll
2011-02-20 00:03 - 2011-02-20 00:03 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll
2011-02-20 00:03 - 2011-02-20 00:03 - 00064336 _____ (Microsoft Corporation) C:\Windows\system32\MFC100DEU.DLL
2013-02-06 10:11 - 2013-06-27 12:01 - 00739384 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
2013-02-06 10:11 - 2013-06-27 12:00 - 00054840 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cfglib.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00349752 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccguard.dll
2013-02-06 10:10 - 2013-05-07 13:35 - 00030432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdrc.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdw.dll
2013-02-06 10:11 - 2013-06-27 12:01 - 00378424 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\grdcore.dll
2013-02-06 10:11 - 2013-06-27 12:01 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\gpipc.dll
2013-02-06 10:10 - 2013-06-27 12:00 - 00059448 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avipc.dll
2013-02-06 10:11 - 2013-06-27 12:01 - 00418872 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccwgrd.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00790584 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgen.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00049208 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgenrc.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00219192 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdate.dll
2013-02-06 10:10 - 2013-02-06 10:08 - 00029472 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdrc.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00082488 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclic.dll
2013-02-06 10:10 - 2013-02-12 14:36 - 00011632 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclicrc.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00207928 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsg.dll
2013-02-06 10:10 - 2013-02-12 14:36 - 00010608 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsgrc.dll
2013-02-06 10:11 - 2013-02-06 10:07 - 04780832 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
2013-02-06 10:10 - 2013-02-12 14:36 - 00016240 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmainrc.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00212536 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll
2006-11-02 14:35 - 2006-11-02 14:35 - 00116736 _____ (Microsoft Corporation) C:\Windows\eHome\ehProxy.dll
2013-02-05 15:44 - 2011-03-03 17:40 - 00542720 _____ (Microsoft Corporation) C:\Windows\AppPatch\AcLayers.DLL
2007-01-06 02:22 - 2006-11-18 06:07 - 00090191 _____ (NVIDIA Corporation) C:\Windows\System32\NVSVC.DLL
2007-02-03 18:36 - 2006-11-20 22:04 - 00077824 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\eNMIPCmm.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00135168 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\Network.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00011776 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\NetworkCardMgr.dll
2013-02-05 14:08 - 2009-03-29 22:42 - 00479232 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcm80.dll
2013-07-11 12:38 - 2013-04-23 01:00 - 05920408 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
2013-07-11 21:39 - 2013-07-11 21:39 - 11497984 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
2013-02-05 15:47 - 2012-10-05 12:58 - 00364656 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
2013-02-05 14:09 - 2009-03-29 22:42 - 00572248 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00043520 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\ICmdDispatcher.dll
2013-08-16 15:41 - 2013-08-16 15:41 - 07977984 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
2013-08-16 15:43 - 2013-08-16 15:43 - 01593344 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
2013-08-16 15:44 - 2013-08-16 15:44 - 12434432 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f575e4c534a93294c72fea670ca73492\System.Windows.Forms.ni.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00114688 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\PfMgr.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00074752 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\Wlan.dll
2013-02-05 14:07 - 2009-04-11 00:28 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll
2013-02-05 14:12 - 2009-03-29 22:42 - 00315392 _____ (Microsoft Corporation) C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
2007-02-03 18:36 - 2006-11-12 22:41 - 01323008 _____ (Acer inc.) C:\Acer\Empowering Technology\ENET\Acer.Empowering.Windows.Forms.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00039424 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\MultiLang.dll
2013-08-16 15:48 - 2013-08-16 15:48 - 05462016 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
2013-08-17 13:40 - 2013-08-17 13:40 - 00771584 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00034816 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\eNetServiceInterface.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00088064 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\ProfileSwitch.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00081408 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\Diagnosis.dll
2007-02-03 18:37 - 2006-11-06 17:55 - 00033792 _____ (acer) C:\Acer\Empowering Technology\EPOWER\WMIInterface.dll
2007-02-03 18:37 - 2006-08-08 12:11 - 00073216 _____ () C:\Acer\Empowering Technology\EPOWER\Wlan.dll
2007-01-06 02:22 - 2006-11-18 06:07 - 07753728 _____ (NVIDIA Corporation) C:\Windows\system32\NvCpl.dll
2006-11-02 10:40 - 2006-11-02 11:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\tschannel.dll
2006-12-11 10:48 - 2006-08-04 10:43 - 00270336 _____ (The Apache Software Foundation) C:\Acer\Empowering Technology\log4net.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00040960 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00053248 _____ (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Shared.UI.dll
2006-12-11 10:48 - 2006-11-22 15:44 - 01323008 _____ (Acer inc.) C:\Acer\Empowering Technology\Acer.Empowering.Windows.Forms.dll
2013-08-17 13:40 - 2013-08-17 13:40 - 00978944 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b8e424ef545f262fd6cb9f35b97fc8b9\System.Configuration.ni.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00045056 _____ (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Presenter.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 01671168 _____ (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.LaunchBarView.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00032768 _____ (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Shared.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00045056 _____ (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Host.dll
2013-08-17 13:42 - 2013-08-17 13:42 - 00998400 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00020480 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00020480 _____ (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Interface.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00081920 _____ (Acer Inc.) C:\Acer\Empowering Technology\de\Acer.Empowering.Framework.LaunchBarView.resources.dll
2007-02-03 18:37 - 2006-11-30 18:49 - 01433600 _____ (Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_UI.dll
2007-02-03 18:37 - 2006-11-12 20:01 - 00503808 _____ (Acer Inc.) C:\Acer\Empowering Technology\ePower\de\ePower_UI.resources.dll
2007-02-03 18:36 - 2006-11-23 20:14 - 00245760 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
2006-11-16 14:20 - 2006-11-16 14:20 - 00172032 _____ () C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll
2007-02-03 18:39 - 2006-11-30 22:56 - 00696320 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll
2007-02-03 18:39 - 2006-11-30 20:39 - 00020480 _____ (Acer Inc.) C:\Acer\Empowering Technology\eLock.Serv.Interface.dll
2007-02-03 18:39 - 2006-11-30 20:39 - 00020480 _____ (Acer Inc.) C:\Acer\Empowering Technology\eLock\eLock.Client.dll
2007-02-03 18:39 - 2006-11-30 22:56 - 00036864 _____ () C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
2007-02-03 18:39 - 2006-11-20 22:34 - 01613824 _____ (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryUI.dll
2007-02-03 18:39 - 2006-11-16 17:34 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2007-02-03 18:40 - 2006-11-13 01:13 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
2013-08-17 13:41 - 2013-08-17 13:41 - 00212992 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5974034f0f53755b11bde4c9698261cb\System.ServiceProcess.ni.dll
2007-02-03 18:40 - 2006-11-13 01:12 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
2007-02-03 18:40 - 2006-11-13 01:12 - 00540672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
2007-02-03 18:40 - 2006-11-13 01:12 - 00126976 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00237568 _____ () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00039424 _____ (Acer Inc.) C:\Acer\Empowering Technology\eNet\MultiLang.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 01474560 _____ (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00077824 _____ (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMIPCmm.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00135168 _____ (Acer Inc.) C:\Acer\Empowering Technology\eNet\Network.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00011776 _____ (Acer Inc.) C:\Acer\Empowering Technology\eNet\NetworkCardMgr.dll
2013-08-17 13:41 - 2013-08-17 13:41 - 11820032 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
2007-02-03 18:39 - 2006-11-20 22:34 - 00106496 _____ (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\de\eRecoveryUI.resources.dll
2007-02-03 18:40 - 2006-11-13 01:13 - 00003584 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
2007-02-03 18:40 - 2006-11-13 01:13 - 00010752 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll
2013-02-05 10:44 - 2008-01-19 00:36 - 01298432 _____ (Microsoft Corporation) C:\Windows\System32\TMM.dll
2007-03-31 17:23 - 2006-10-16 07:49 - 00036864 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\AdHndCnt.dll
2007-03-31 17:23 - 2006-10-16 07:50 - 00090177 _____ (Deutsche Teleikom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\AAdHnd.DLL

==================== Alternate Data Streams (whitelisted) ==========


==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2013 07:36:40 AM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 07:36:35 AM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 07:36:30 AM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 07:36:25 AM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 07:36:20 AM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 07:36:15 AM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 07:36:10 AM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 07:36:05 AM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 07:36:00 AM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 07:35:55 AM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.


System errors:
=============
Error: (09/03/2013 07:30:44 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/03/2013 07:30:31 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 02.09.2013 um 22:36:24 unerwartet heruntergefahren.

Error: (09/02/2013 10:34:49 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/01/2013 01:59:16 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/01/2013 01:42:03 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/01/2013 00:32:43 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/01/2013 00:27:46 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/01/2013 00:23:32 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/01/2013 00:12:47 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/01/2013 00:08:27 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (09/03/2013 07:36:51 AM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 07:36:45 AM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 07:36:40 AM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 07:36:35 AM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 07:36:30 AM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 07:36:25 AM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 07:36:20 AM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 07:36:15 AM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 07:36:10 AM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 07:36:05 AM) (Source: MZCCntrl)(User: )
Description: 


CodeIntegrity Errors:
===================================
  Date: 2013-02-05 13:04:17.095
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-05 13:04:16.986
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-05 13:04:16.861
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-05 13:04:16.737
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-05 13:04:16.565
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 16:41:32.963
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 16:41:32.823
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 16:41:32.698
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 16:41:32.542
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 16:41:32.214
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 1789.95 MB
Available physical RAM: 1046.41 MB
Total Pagefile: 3838.43 MB
Available Pagefile: 2817.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.12 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:70.62 GB) (Free:38.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (ACERDATA) (Fixed) (Total:70.61 GB) (Free:70.51 GB) NTFS
Drive f: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: CF1FCF1F)
Partition 1: (Not Active) - (Size=8 GB) - (Type=12)
Partition 2: (Active) - (Size=71 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=71 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 489 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=489 MB) - (Type=06)

==================== End Of Log ============================
         

Alt 03.09.2013, 14:02   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.09.2013, 14:38   #11
Josef 1972
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Code:
ATTFilter
# AdwCleaner v3.002 - Bericht erstellt am 03/09/2013 um 15:13:41
# Updated 01/09/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : sonja - SONJA-PC
# Gestartet von : F:\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16502


*************************

AdwCleaner[R0].txt - [1533 octets] - [03/09/2013 15:12:38]
AdwCleaner[S0].txt - [1456 octets] - [03/09/2013 15:13:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1516 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by sonja on 03.09.2013 at 15:24:29,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.09.2013 at 15:27:41,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-09-2013
Ran by sonja (administrator) on SONJA-PC on 03-09-2013 15:35:26
Running from F:\
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Acer\Mobility Center\MobilityService.exe
(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Acer Inc.) C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
(Acer Inc.) C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
(Acer Inc.) C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor Corp.) C:\Users\sonja\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [3784704 2006-11-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [WarReg_PopUp] - C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [453120 2006-11-17] (HiTRUST)
HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\LManager.exe [659456 2006-12-21] (Dritek System Inc.)
HKLM\...\Run: [ToADiMon.exe] - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [282624 2006-10-13] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [90191 2006-11-18] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [7753728 2006-11-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2006-11-18] (NVIDIA Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [BindDirectlyToPropertySetStorage] 0
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {C2582797-CC8E-464C-898A-AA1A482CAA5B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll (HiTRUST)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2006-11-30] (Acer Inc.)
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [118784 2006-11-20] (Acer Inc.)
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [45056 2006-11-16] (Acer Inc.)
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2006-11-13] ()
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] ()
R2 MZCCntrl; C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe [61440 2006-10-04] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-20] ()
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361728 2009-07-20] (TuneUp Software GmbH)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [131072 2006-12-01] (acer)
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-30] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2006-11-13] ()
S3 MACNDIS5; C:\PROGRA~1\COMMON~1\MARMIK~1\MACNDIS5.SYS [17280 2006-10-04] (Marmiko IT-Solutions GmbH)
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [10624 2006-11-10] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [7936 2006-11-10] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [53760 2006-11-08] (HiTRUST)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-06] (Avira GmbH)
R0 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [13952 2006-08-29] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-03 15:11 - 2013-09-03 15:13 - 00000000 ____D C:\AdwCleaner
2013-09-02 06:51 - 2013-09-02 06:51 - 00000000 ____D C:\FRST
2013-08-29 10:00 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 15:18 - 2013-08-16 15:20 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 15:01 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 15:01 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 15:01 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 15:01 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 15:01 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 15:01 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-16 15:01 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-16 15:01 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 15:01 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 15:01 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 15:01 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 15:01 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-16 15:01 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-16 15:01 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 15:01 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 15:01 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-15 13:06 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 13:06 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 13:06 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 13:06 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-15 13:06 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 13:06 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 13:06 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 13:06 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 13:06 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 13:06 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 13:06 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-15 13:06 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-03 15:27 - 2006-11-02 12:33 - 01472290 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-03 15:24 - 2013-09-03 15:24 - 00000000 ____D C:\Windows\ERUNT
2013-09-03 15:18 - 2007-02-04 01:14 - 01175354 _____ C:\Windows\WindowsUpdate.log
2013-09-03 15:16 - 2007-02-03 18:32 - 00013025 _____ C:\Users\sonja\AppData\Roaming\nvModes.dat
2013-09-03 15:16 - 2007-02-03 18:32 - 00013025 _____ C:\Users\sonja\AppData\Roaming\nvModes.001
2013-09-03 15:16 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-03 15:16 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-03 15:15 - 2009-07-20 20:25 - 00000500 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2013-09-03 15:15 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 15:14 - 2006-11-02 15:01 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-03 15:13 - 2013-09-03 15:11 - 00000000 ____D C:\AdwCleaner
2013-09-03 07:34 - 2006-11-02 14:52 - 00066122 _____ C:\Windows\setupact.log
2013-09-02 06:51 - 2013-09-02 06:51 - 00000000 ____D C:\FRST
2013-08-25 10:26 - 2007-02-11 14:47 - 00002637 _____ C:\Users\sonja\Desktop\Microsoft Office Word.lnk
2013-08-18 14:20 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-16 20:53 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-16 15:36 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-16 15:20 - 2013-08-16 15:18 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 15:18 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Files to move or delete:
====================
C:\Users\sonja\AppData\Local\Temp\Quarantine.exe
C:\Users\sonja\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\sonja\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-03 15:21

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-09-2013
Ran by sonja at 2013-09-03 15:35:52
Running from F:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Acer Arcade Deluxe (Version: 1.0.3605)
Acer eDataSecurity Management (Version: 2.5.3023)
Acer eLock Management (Version: 2.5.3003)
Acer Empowering Technology (Version: 2.5.3002)
Acer eNet Management (Version: 2.6.3001)
Acer ePower Management (Version: 2.5.3005)
Acer ePresentation Management (Version: 2.5.3001)
Acer eSettings Management (Version: 2.5.3000)
Acer GridVista (Version: 2.59.1123)
Acer Mobility Center Plug-In (Version: 1.0.3003)
Acer ScreenSaver (Version: 1.00.0000)
Acer Tour (Version: 1.1.3001)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Avira Free Antivirus (Version: 13.0.0.3885)
Camera RAW Plug-In for EPSON Creativity Suite (Version: 2.1.0.0)
CDBurnerXP (Version: 4.5.2.4214)
CX4300_5500_DX4400 Handbuch
EPSON Attach To Email (Version: 1.01.0000)
EPSON Copy Utility 3 (Version: 3.2.0.0)
EPSON Easy Photo Print (Version: 1.4.2.0)
EPSON File Manager (Version: 1.3.0.0)
EPSON Scan
EPSON Scan Assistant (Version: 1.10.00)
EPSON-Drucker-Software
HDAUDIO Soft Data Fax Modem with SmartCP
Java 7 Update 13 (Version: 7.0.130)
Java Auto Updater (Version: 2.1.9.0)
Launch Manager
LightScribe  1.4.124.1 (Version: 1.4.124.1)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Picture It! Foto Premium 9 (Version: 9.0.0.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Müller Foto (Version: 4.8.4)
NTI Backup NOW! 4.7 (Version: 4)
NTI CD & DVD-Maker (Version: 7)
NVIDIA Drivers
PowerProducer
Realtek High Definition Audio Driver (Version: 6.0.1.5322)
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer (Version: 1.00.0000)
Samsung Samples Installer (Version: 1.00.0000)
Synaptics Pointing Device Driver (Version: 9.0.3.0)
SYNDICA
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 1.23.0000)
TIPCI (Version: 1.23.0000)
T-Online 6.0
T-Online WLAN-Access Finder
TuneUp Utilities 2008 (Version: 7.0.8009)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
 

==================== Restore Points  =========================

03-09-2013 13:03:32 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {206585C8-5A19-4CBC-958D-EE068047463B} - System32\Tasks\Microsoft\Windows\RestartManager\{EA69571B-C7FD-4fc6-B7C0-97FE7107F253} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {264764E2-170D-431F-83C4-151371AD80D1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {57FCD153-BA38-4124-BABD-A48A8FC07EA1} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {6261CF3E-7AB7-4DD6-AB8D-FAE8C72AE2EE} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-21] (TuneUp Software GmbH)
Task: {871A9418-8974-4EEE-BA6F-C8C9A140E313} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {87DEF2B2-AFC2-44C5-96C8-9E0978D64000} - System32\Tasks\User_Feed_Synchronization-{D708547A-24A0-444D-99DC-3CDCC07D9A01} => C:\Windows\system32\msfeedssync.exe [2013-02-06] (Microsoft Corporation)
Task: {96CA374B-9B78-4D0B-83AE-C19C06E8D6DF} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\pla.dll [2008-01-19] (Microsoft Corporation)
Task: {DD7DC375-CCD8-4157-B32F-909A781C51CD} - System32\Tasks\Microsoft\Windows\RestartManager\{6F8DBF55-B052-4996-AF99-4F19A7C517B6} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

==================== Loaded Modules (whitelisted) =============

2013-02-05 14:08 - 2009-04-11 00:28 - 02012160 _____ (Microsoft Corporation) C:\Windows\system32\milcore.dll
2007-01-06 02:22 - 2006-11-18 06:07 - 03055616 _____ (NVidia Corporation) C:\Windows\system32\nvd3dum.dll
2006-11-16 14:19 - 2006-11-16 14:19 - 00037376 _____ () C:\Windows\system32\MsnChatHook.dll
2006-11-16 20:10 - 2006-11-16 20:10 - 00286720 _____ (HiTRUST) C:\Windows\system32\sysenv.dll
2006-11-16 14:18 - 2006-11-16 14:18 - 00063488 _____ () C:\Windows\system32\ShowErrMsg.dll
2013-02-05 10:45 - 2008-01-19 00:33 - 00397312 _____ (Microsoft Corporation) C:\Windows\system32\audioeng.dll
2006-12-02 09:24 - 2006-10-23 20:55 - 00163840 _____ (Synaptics, Inc.) C:\Windows\system32\SynCOM.dll
2006-12-02 09:24 - 2006-10-23 20:55 - 00143360 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll
2006-11-16 14:19 - 2006-11-16 14:19 - 00109568 _____ (HiTRUST) C:\Windows\system32\ADMIN_CLASS_LIB.dll
2006-11-16 23:41 - 2006-11-16 23:41 - 00237568 _____ (HiTRSUT) C:\Windows\system32\keyManager.dll
2006-09-29 17:13 - 2006-09-29 17:13 - 00401408 _____ (HiTRUST) C:\Windows\system32\CryptoAPI.dll
2006-11-16 14:18 - 2006-11-16 14:18 - 00120832 _____ (HiTRUST) C:\Windows\system32\PSDUtil.dll
2007-02-03 18:30 - 2007-02-03 18:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\MFC80DEU.DLL
2007-01-06 02:23 - 2006-08-11 23:55 - 00098378 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\ComFnUtl.dll
2007-01-06 02:23 - 2001-11-27 19:37 - 00061440 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\SzUPFUtl.dll
2007-01-06 02:23 - 2006-03-10 04:34 - 00147530 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\OSDUtl.dll
2007-01-06 02:23 - 2000-07-22 17:01 - 00049152 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\RgnMaker.dll
2007-01-06 02:23 - 2002-09-04 11:02 - 00040960 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\CDRomUtl.dll
2007-01-06 02:23 - 2000-10-27 12:32 - 00061440 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\MixerUtl.dll
2007-01-06 02:23 - 2000-08-29 13:13 - 00053248 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\Wnd2File.dll
2007-01-06 02:23 - 2000-07-28 09:57 - 00049152 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\SzPtcUtl.dll
2007-01-06 02:23 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2007-01-06 02:23 - 2005-10-08 04:01 - 00077824 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\LgKCUtl.Dll
2007-01-06 02:23 - 2006-03-16 01:54 - 00057344 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\DialCnt.Dll
2007-01-06 02:23 - 2006-12-07 02:26 - 00151552 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\VistaVol.DLL
2007-01-06 02:23 - 2006-12-09 00:36 - 00221184 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\MMDUtl.DLL
2007-01-06 02:22 - 2006-11-18 06:07 - 00299008 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2007-03-31 17:23 - 2006-10-30 09:55 - 00106496 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ADialHlp.dll
2007-03-31 17:23 - 2006-10-12 21:55 - 00057344 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ADialHRC.dll
2007-03-31 17:23 - 2006-10-03 20:05 - 00057344 _____ (Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MMSOSINQ.dll
2007-03-31 17:23 - 2006-10-31 12:35 - 00167936 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MSYSTINQ.dll
2007-03-31 17:23 - 2006-10-11 20:50 - 00077824 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MLIB32.dll
2007-03-31 17:23 - 2006-10-12 21:55 - 00049152 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ADParmIF.dll
2007-03-31 17:23 - 2006-10-13 14:27 - 00299008 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMRC.dll
2007-03-31 17:23 - 2006-10-16 07:49 - 00036864 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\AdHndCnt.dll
2007-03-31 17:23 - 2006-10-16 07:50 - 00090177 _____ (Deutsche Teleikom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\AAdHnd.DLL
2011-02-20 00:03 - 2011-02-20 00:03 - 04422992 _____ (Microsoft Corporation) C:\Windows\system32\mfc100u.dll
2011-02-19 01:40 - 2011-02-19 01:40 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll
2011-02-20 00:03 - 2011-02-20 00:03 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll
2011-02-20 00:03 - 2011-02-20 00:03 - 00064336 _____ (Microsoft Corporation) C:\Windows\system32\MFC100DEU.DLL
2013-02-06 10:11 - 2013-06-27 12:01 - 00739384 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
2013-02-06 10:11 - 2013-06-27 12:00 - 00054840 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cfglib.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00349752 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccguard.dll
2013-02-06 10:10 - 2013-05-07 13:35 - 00030432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdrc.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdw.dll
2013-02-06 10:11 - 2013-06-27 12:01 - 00378424 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\grdcore.dll
2013-02-06 10:11 - 2013-06-27 12:01 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\gpipc.dll
2013-02-06 10:10 - 2013-06-27 12:00 - 00059448 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avipc.dll
2013-02-06 10:11 - 2013-06-27 12:01 - 00418872 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccwgrd.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00790584 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgen.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00049208 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgenrc.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00219192 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdate.dll
2013-02-06 10:10 - 2013-02-06 10:08 - 00029472 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdrc.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00082488 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclic.dll
2013-02-06 10:10 - 2013-02-12 14:36 - 00011632 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclicrc.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00207928 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsg.dll
2013-02-06 10:10 - 2013-02-12 14:36 - 00010608 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsgrc.dll
2013-02-06 10:11 - 2013-02-06 10:07 - 04780832 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
2013-02-06 10:10 - 2013-02-12 14:36 - 00016240 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmainrc.dll
2013-02-06 10:10 - 2013-06-27 12:01 - 00212536 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll
2006-11-02 14:35 - 2006-11-02 14:35 - 00116736 _____ (Microsoft Corporation) C:\Windows\eHome\ehProxy.dll
2006-11-02 10:40 - 2006-11-02 11:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\tschannel.dll
2013-02-05 10:44 - 2008-01-19 00:36 - 01298432 _____ (Microsoft Corporation) C:\Windows\System32\TMM.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00077824 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\eNMIPCmm.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00135168 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\Network.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00011776 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\NetworkCardMgr.dll
2013-02-05 14:08 - 2009-03-29 22:42 - 00479232 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcm80.dll
2013-02-05 15:44 - 2011-03-03 17:40 - 00542720 _____ (Microsoft Corporation) C:\Windows\AppPatch\AcLayers.DLL
2013-07-11 12:38 - 2013-04-23 01:00 - 05920408 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
2013-07-11 21:39 - 2013-07-11 21:39 - 11497984 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
2013-02-05 15:47 - 2012-10-05 12:58 - 00364656 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
2013-02-05 14:09 - 2009-03-29 22:42 - 00572248 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00043520 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\ICmdDispatcher.dll
2013-08-16 15:41 - 2013-08-16 15:41 - 07977984 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
2013-08-16 15:43 - 2013-08-16 15:43 - 01593344 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
2013-08-16 15:44 - 2013-08-16 15:44 - 12434432 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f575e4c534a93294c72fea670ca73492\System.Windows.Forms.ni.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00114688 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\PfMgr.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00074752 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\Wlan.dll
2013-02-05 14:07 - 2009-04-11 00:28 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll
2013-02-05 14:12 - 2009-03-29 22:42 - 00315392 _____ (Microsoft Corporation) C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
2007-02-03 18:36 - 2006-11-12 22:41 - 01323008 _____ (Acer inc.) C:\Acer\Empowering Technology\ENET\Acer.Empowering.Windows.Forms.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00039424 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\MultiLang.dll
2013-08-16 15:48 - 2013-08-16 15:48 - 05462016 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
2013-08-17 13:40 - 2013-08-17 13:40 - 00771584 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00034816 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\eNetServiceInterface.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00088064 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\ProfileSwitch.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00081408 _____ (Acer Inc.) C:\Acer\Empowering Technology\ENET\Diagnosis.dll
2007-02-03 18:37 - 2006-11-06 17:55 - 00033792 _____ (acer) C:\Acer\Empowering Technology\EPOWER\WMIInterface.dll
2007-02-03 18:37 - 2006-08-08 12:11 - 00073216 _____ () C:\Acer\Empowering Technology\EPOWER\Wlan.dll
2007-01-06 02:22 - 2006-11-18 06:07 - 07753728 _____ (NVIDIA Corporation) C:\Windows\system32\NvCpl.dll
2007-02-03 18:37 - 2006-09-04 11:41 - 00028672 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll
2013-02-05 15:46 - 2011-03-10 19:03 - 01136640 _____ (Microsoft Corporation) C:\Windows\system32\MFC42.DLL
2006-12-11 10:48 - 2006-08-04 10:43 - 00270336 _____ (The Apache Software Foundation) C:\Acer\Empowering Technology\log4net.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00040960 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00053248 _____ (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Shared.UI.dll
2006-12-11 10:48 - 2006-11-22 15:44 - 01323008 _____ (Acer inc.) C:\Acer\Empowering Technology\Acer.Empowering.Windows.Forms.dll
2013-08-17 13:40 - 2013-08-17 13:40 - 00978944 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b8e424ef545f262fd6cb9f35b97fc8b9\System.Configuration.ni.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00045056 _____ (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Presenter.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 01671168 _____ (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.LaunchBarView.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00032768 _____ (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Shared.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00045056 _____ (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Host.dll
2013-08-17 13:42 - 2013-08-17 13:42 - 00998400 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00020480 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00020480 _____ (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Interface.dll
2006-12-11 10:48 - 2006-11-23 16:24 - 00081920 _____ (Acer Inc.) C:\Acer\Empowering Technology\de\Acer.Empowering.Framework.LaunchBarView.resources.dll
2007-02-03 18:37 - 2006-11-30 18:49 - 01433600 _____ (Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_UI.dll
2007-02-03 18:37 - 2006-11-12 20:01 - 00503808 _____ (Acer Inc.) C:\Acer\Empowering Technology\ePower\de\ePower_UI.resources.dll
2007-02-03 18:36 - 2006-11-23 20:14 - 00245760 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
2006-11-16 14:20 - 2006-11-16 14:20 - 00172032 _____ () C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll
2007-02-03 18:39 - 2006-11-30 22:56 - 00696320 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll
2007-02-03 18:39 - 2006-11-30 20:39 - 00020480 _____ (Acer Inc.) C:\Acer\Empowering Technology\eLock.Serv.Interface.dll
2007-02-03 18:39 - 2006-11-30 20:39 - 00020480 _____ (Acer Inc.) C:\Acer\Empowering Technology\eLock\eLock.Client.dll
2007-02-03 18:39 - 2006-11-30 22:56 - 00036864 _____ () C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
2007-02-03 18:39 - 2006-11-20 22:34 - 01613824 _____ (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryUI.dll
2007-02-03 18:39 - 2006-11-16 17:34 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2007-02-03 18:40 - 2006-11-13 01:13 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
2013-08-17 13:41 - 2013-08-17 13:41 - 00212992 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5974034f0f53755b11bde4c9698261cb\System.ServiceProcess.ni.dll
2007-02-03 18:40 - 2006-11-13 01:12 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
2007-02-03 18:40 - 2006-11-13 01:12 - 00540672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
2007-02-03 18:40 - 2006-11-13 01:12 - 00126976 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00237568 _____ () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00039424 _____ (Acer Inc.) C:\Acer\Empowering Technology\eNet\MultiLang.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 01474560 _____ (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00077824 _____ (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMIPCmm.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00135168 _____ (Acer Inc.) C:\Acer\Empowering Technology\eNet\Network.dll
2007-02-03 18:36 - 2006-11-20 22:04 - 00011776 _____ (Acer Inc.) C:\Acer\Empowering Technology\eNet\NetworkCardMgr.dll
2013-08-17 13:41 - 2013-08-17 13:41 - 11820032 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
2007-02-03 18:39 - 2006-11-20 22:34 - 00106496 _____ (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\de\eRecoveryUI.resources.dll
2007-02-03 18:40 - 2006-11-13 01:13 - 00003584 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
2007-02-03 18:40 - 2006-11-13 01:13 - 00010752 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll
2013-02-05 14:07 - 2009-04-11 00:28 - 00099328 _____ (Microsoft Corporation) C:\PROGRA~1\WI4EB4~1\wmpband.dll
2006-11-02 10:34 - 2006-11-02 11:46 - 00869376 _____ (Microsoft Corporation) C:\Windows\system32\WINBRAND.dll
2013-02-05 15:22 - 2010-05-04 21:13 - 00231424 _____ (Microsoft Corporation) C:\Windows\System32\msshsq.dll
2008-08-10 07:06 - 2008-01-19 09:35 - 02243072 _____ (Microsoft Corporation) C:\Windows\System32\NLSData0007.dll
2013-02-05 10:45 - 2008-01-19 00:34 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2013-02-05 14:08 - 2009-04-11 00:28 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\wscntfy.dll
2007-03-31 17:25 - 2005-10-26 16:25 - 00131072 _____ (fun communications GmbH) C:\Program Files\T-Online\T-Online_Software_6\Banking\HbDokMan.dll
2008-07-18 15:05 - 2008-07-18 15:05 - 00027656 _____ (TuneUp Software GmbH) C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
2013-02-06 10:11 - 2013-06-27 12:01 - 00154680 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\shlext.dll
2010-04-24 20:17 - 2006-04-13 19:44 - 00069632 ____N (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll
2006-11-16 14:18 - 2006-11-16 14:18 - 00331776 _____ (HiTRUST) C:\Windows\system32\eDSshellExt.dll
2013-02-05 14:09 - 2009-04-11 00:28 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2013-02-05 14:08 - 2009-04-11 00:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\WDSCORE.dll
2006-11-16 14:18 - 2006-11-16 14:18 - 00151552 _____ (HiTRUST) C:\Windows\system32\eDStoolbar.dll
2006-11-16 14:20 - 2006-11-16 14:20 - 00299008 _____ (HiTRUST) C:\Windows\system32\ActiveToolBand.dll

==================== Alternate Data Streams (whitelisted) ==========


==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2013 03:36:18 PM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 03:36:13 PM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 03:36:08 PM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 03:36:03 PM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 03:35:57 PM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 03:35:52 PM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 03:35:47 PM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 03:35:42 PM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 03:35:37 PM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.

Error: (09/03/2013 03:35:32 PM) (Source: MZCCntrl) (User: )
Description: The zero config could not be stopped on initial start.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (09/03/2013 03:36:18 PM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 03:36:13 PM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 03:36:08 PM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 03:36:03 PM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 03:35:57 PM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 03:35:52 PM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 03:35:47 PM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 03:35:42 PM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 03:35:37 PM) (Source: MZCCntrl)(User: )
Description: 

Error: (09/03/2013 03:35:32 PM) (Source: MZCCntrl)(User: )
Description: 


CodeIntegrity Errors:
===================================
  Date: 2013-02-05 13:04:17.095
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-05 13:04:16.986
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-05 13:04:16.861
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-05 13:04:16.737
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-05 13:04:16.565
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 16:41:32.963
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 16:41:32.823
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 16:41:32.698
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 16:41:32.542
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 16:41:32.214
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 1789.95 MB
Available physical RAM: 1079.3 MB
Total Pagefile: 3836.43 MB
Available Pagefile: 2848.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.1 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:70.62 GB) (Free:38.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (ACERDATA) (Fixed) (Total:70.61 GB) (Free:70.51 GB) NTFS
Drive f: () (Removable) (Total:0.48 GB) (Free:0.47 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: CF1FCF1F)
Partition 1: (Not Active) - (Size=8 GB) - (Type=12)
Partition 2: (Active) - (Size=71 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=71 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 489 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=489 MB) - (Type=06)

==================== End Of Log ============================
         

Alt 03.09.2013, 14:42   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.09.2013, 18:41   #13
Josef 1972
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7dc59e36fd25654b9c529f4039b3fe8c
# engine=14998
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-03 05:35:09
# local_time=2013-09-03 07:35:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 207391 18095250 199972 0
# compatibility_mode=5892 16776574 66 100 18165303 215762437 0 0
# scanned=161363
# found=8
# cleaned=0
# scan_time=4657
sh=08EE6FF7BA19088DB4E4D173DD62F891DADDC232 ft=1 fh=d41fb6590177d75b vn="probably a variant of Win32/Agent.LDTTZIY trojan" ac=I fn="C:\FRST\Quarantine\ie_util.exe"
sh=B0AA0B3EB477127E63CD565BD833EDD399C966B4 ft=1 fh=13def1f56c4b1bb1 vn="Win32/Moure.C trojan" ac=I fn="C:\FRST\Quarantine\ramgbusatumvkewij.dll"
sh=5C5A657B3B52E6A866D283373184304CF4A8E447 ft=1 fh=13def1f55f39a8e3 vn="Win32/Moure.C trojan" ac=I fn="C:\FRST\Quarantine\ramgbusatumvkewij.exe"
sh=8C29550431EF2B0ABE0D7E84CA042A55DF992CDA ft=1 fh=042f8208978e84f7 vn="a variant of Win32/Kryptik.BJNQ trojan" ac=I fn="C:\FRST\Quarantine\Afed\tukor.exe"
sh=08EE6FF7BA19088DB4E4D173DD62F891DADDC232 ft=1 fh=d41fb6590177d75b vn="probably a variant of Win32/Agent.LDTTZIY trojan" ac=I fn="C:\FRST\Quarantine\tmp657f13ab\878975675.exe"
sh=65E070DA15DFC0F5E751CF4C5764BC198F3663F3 ft=1 fh=042f820889e5593b vn="Win32/Spy.Zbot.AAO trojan" ac=I fn="C:\FRST\Quarantine\Uhbu\taki.exe"
sh=5D233F96176445222DD9B899A218EE88E0BE725B ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PLJ trojan" ac=I fn="C:\Users\sonja\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\658cae3f-4ba1c0f1"
sh=5D233F96176445222DD9B899A218EE88E0BE725B ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PLJ trojan" ac=I fn="C:\Users\sonja\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\658cae3f-6895f639"
         

Alt 03.09.2013, 21:19   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Das sind nur Funde in der Q und im Cacheordner von Java. Was ist mit Malwarebytes?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.09.2013, 14:41   #15
Josef 1972
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.04.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
sonja :: SONJA-PC [Administrator]

04.09.2013 07:30:54
mbam-log-2013-09-04 (07-30-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208571
Laufzeit: 8 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Antwort

Themen zu GVU-Trojaner eingefangen
abgesicherte, abgesicherten, abgesicherten modus, arten, bildschirm, eingefangen, gefangen, gen, guten, gvu-trojaner, laptop, modus, starte, starten, windows



Ähnliche Themen: GVU-Trojaner eingefangen


  1. Trojaner eingefangen?
    Log-Analyse und Auswertung - 17.10.2015 (13)
  2. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (10)
  3. GVU Trojaner eingefangen...
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (43)
  4. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  5. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (6)
  6. GVU Trojaner eingefangen!
    Log-Analyse und Auswertung - 17.10.2012 (2)
  7. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (17)
  8. Gvu Trojaner 2.07 Eingefangen
    Log-Analyse und Auswertung - 21.08.2012 (6)
  9. GVU Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (11)
  10. GVU-Trojaner 2.07 eingefangen
    Log-Analyse und Auswertung - 25.07.2012 (11)
  11. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (19)
  12. 50€ Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (21)
  13. Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (1)
  14. Trojaner eingefangen....
    Log-Analyse und Auswertung - 27.04.2011 (1)
  15. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (2)
  16. Trojaner eingefangen?
    Log-Analyse und Auswertung - 03.03.2009 (0)
  17. Trojaner VX2 eingefangen
    Log-Analyse und Auswertung - 03.05.2005 (8)

Zum Thema GVU-Trojaner eingefangen - Guten Tag. Ich habe einen Laptop mit Windows Vista. Ich habe einen GVU-Trojaner. Starten im abgesicherten Modus nicht möglich. Bildschirm gesperrt. Können Sie mir helfen? Gruß Josef 1972 - GVU-Trojaner eingefangen...
Archiv
Du betrachtest: GVU-Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.