Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.09.2013, 12:45   #1
grizly354
 
Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. - Standard

Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.



Hallo,

ich habe hier auf einem Netbook einen BKA bzw. GVU-Trojaner. Da der Abgesichertenmodus noch ging, habe ich ein paar Scans gemacht (OLT, GMER, FRST). Da war Trend Micro Internet Security drauf, also wieso hat sich da der Trojaner eingenistet ?

Kriegt man das Ding irgendwie runter?

Code:
ATTFilter
OTL logfile created on: 12.09.2013 12:41:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ani\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1015,24 Mb Total Physical Memory | 509,05 Mb Available Physical Memory | 50,14% Memory free
1,99 Gb Paging File | 1,47 Gb Available in Paging File | 73,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 71,97 Gb Free Space | 71,97% Space Free | Partition Type: NTFS
Drive D: | 122,87 Gb Total Space | 122,65 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 6,67 Gb Free Space | 89,11% Space Free | Partition Type: NTFS
 
Computer Name: ANI-PC | User Name: ani | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.18 22:49:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ani\Desktop\OTL.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.05 11:52:29 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a97f4e39d47dc3d5098150a8b14a9662\Microsoft.VisualBasic.ni.dll
MOD - [2013.02.27 22:02:59 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013.01.15 13:41:24 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\2b54822a40e9b08479a79cce0e196af1\System.EnterpriseServices.ni.dll
MOD - [2013.01.15 13:41:18 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\00038bb019bb7e4470d3962b58b1926f\System.Transactions.ni.dll
MOD - [2013.01.15 13:41:12 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\d0dd051976a66e08325379754531421c\System.Data.ni.dll
MOD - [2013.01.15 13:34:46 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013.01.15 13:32:58 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013.01.15 13:32:42 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013.01.15 13:32:38 | 007,974,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013.01.15 13:31:56 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2009.09.15 20:45:59 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2009.09.15 20:45:59 | 000,029,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll
MOD - [2009.08.25 09:47:24 | 000,140,560 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\EcaremeDLL.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.06.10 23:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\PROGRA~2\thidwhnakbhftduwajt.bfg -- (Winmgmt)
SRV - [2013.06.30 21:11:04 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2010.01.19 01:31:32 | 001,678,272 | ---- | M] (Discordia Limited) [Auto | Stopped] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2009.08.22 11:01:00 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009.08.22 11:01:00 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009.08.22 11:00:00 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009.08.22 10:28:00 | 000,715,368 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009.08.18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009.12.08 20:19:22 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.10.05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.08.22 11:38:00 | 001,223,832 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2009.08.22 11:38:00 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009.08.22 11:38:00 | 000,225,808 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009.08.22 11:38:00 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009.08.22 11:38:00 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009.08.22 11:38:00 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009.08.22 11:38:00 | 000,059,920 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009.08.22 11:38:00 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009.08.22 11:38:00 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009.07.30 14:57:40 | 000,107,008 | ---- | M] (BandRich Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\br3gmdm.sys -- (br3gmdm)
DRV - [2009.07.27 09:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.07.20 11:29:00 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=MAAU&ocid=bb7hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://asus.de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 F8 08 50 81 39 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1696E378-D1E9-42B9-9AED-24A1EF1BFF79}: "URL" = hxxp://www.bing.com/search?FORM=ASUBDF&PC=MAAU&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = hxxp://www.searchqu.com/web?src=ieb&q={SearchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2011.01.20 12:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ani\AppData\Roaming\mozilla\Extensions
[2011.01.20 12:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.14 14:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\ani\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Discordia Limited)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCAD2730-FD19-40C3-883D-E91CADD4F7D1}: DhcpNameServer = 212.23.115.148 212.23.115.132
O20 - AppInit_DLLs: (c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll) - c:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (c:\progra~1\bearsh~1\mediabar\datamngr\iebho.dll) - c:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.03.24 09:06:41 | 000,000,053 | ---- | M] () - F:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{3b5d73e6-479a-11e2-9d4c-0025d3a3c011}\Shell - "" = AutoRun
O33 - MountPoints2\{3b5d73e6-479a-11e2-9d4c-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{67441d6a-6a85-11df-bd92-0025d3a3c011}\Shell - "" = AutoRun
O33 - MountPoints2\{67441d6a-6a85-11df-bd92-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{67441d8f-6a85-11df-bd92-0025d3a3c011}\Shell - "" = AutoRun
O33 - MountPoints2\{67441d8f-6a85-11df-bd92-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8acdd4ef-eed6-11e0-8a24-0025d3a3c011}\Shell - "" = AutoRun
O33 - MountPoints2\{8acdd4ef-eed6-11e0-8a24-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{931790c7-8679-11df-b4ec-0025d3a3c011}\Shell - "" = AutoRun
O33 - MountPoints2\{931790c7-8679-11df-b4ec-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{931790d9-8679-11df-b4ec-0025d3a3c011}\Shell - "" = AutoRun
O33 - MountPoints2\{931790d9-8679-11df-b4ec-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{931790e3-8679-11df-b4ec-0025d3a3c011}\Shell - "" = AutoRun
O33 - MountPoints2\{931790e3-8679-11df-b4ec-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{931790e6-8679-11df-b4ec-0025d3a3c011}\Shell - "" = AutoRun
O33 - MountPoints2\{931790e6-8679-11df-b4ec-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a2e8b479-f645-11df-b20b-0025d3a3c011}\Shell - "" = AutoRun
O33 - MountPoints2\{a2e8b479-f645-11df-b20b-0025d3a3c011}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a4c600f1-f7b1-11df-9d2d-90e6baf33f7d}\Shell - "" = AutoRun
O33 - MountPoints2\{a4c600f1-f7b1-11df-9d2d-90e6baf33f7d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2a81b65-eeba-11e0-a6d2-0025d3a3c011}\Shell - "" = AutoRun
O33 - MountPoints2\{b2a81b65-eeba-11e0-a6d2-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c561bf37-ef26-11e0-8a3b-90e6baf33f7d}\Shell - "" = AutoRun
O33 - MountPoints2\{c561bf37-ef26-11e0-8a3b-90e6baf33f7d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.09.12 12:41:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ani\Desktop\OTL.exe
[2013.09.12 12:41:11 | 000,000,000 | ---D | C] -- C:\Users\ani\Desktop\_ANTIVIR
[2013.08.16 13:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\5372
[2013.08.16 13:16:42 | 000,000,000 | R--D | C] -- C:\Users\ani\Documents\Scanned Documents
[2013.08.16 13:16:42 | 000,000,000 | ---D | C] -- C:\Users\ani\Documents\Fax
[2009.09.15 20:37:01 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC486.dll
[1 C:\Users\ani\Documents\*.tmp files -> C:\Users\ani\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.09.12 12:40:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.09.12 12:39:53 | 798,416,896 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.12 12:37:31 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.08.16 17:30:56 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.08.16 17:30:56 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.08.16 17:26:30 | 000,001,414 | ---- | M] () -- C:\Users\ani\Desktop\Registry kostenlos entrümpeln!.lnk
[2013.08.16 17:24:37 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.08.16 15:51:27 | 000,006,576 | ---- | M] () -- C:\bootsqm.dat
[1 C:\Users\ani\Documents\*.tmp files -> C:\Users\ani\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.08.16 15:51:27 | 000,006,576 | ---- | C] () -- C:\bootsqm.dat
[2013.08.16 15:19:26 | 000,001,097 | ---- | C] () -- C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tjawudtfhbkanhwdiht.lnk
[2012.10.12 17:21:31 | 000,017,136 | ---- | C] () -- C:\windows\System32\sasnative32.exe
[2010.01.22 21:42:53 | 000,000,110 | ---- | C] () -- C:\Users\ani\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 12.09.2013 12:41:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ani\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1015,24 Mb Total Physical Memory | 509,05 Mb Available Physical Memory | 50,14% Memory free
1,99 Gb Paging File | 1,47 Gb Available in Paging File | 73,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 71,97 Gb Free Space | 71,97% Space Free | Partition Type: NTFS
Drive D: | 122,87 Gb Total Space | 122,65 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 6,67 Gb Free Space | 89,11% Space Free | Partition Type: NTFS
 
Computer Name: ANI-PC | User Name: ani | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000B5B6A-415D-470D-B985-E4DBA7226A3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0D3D702E-E2A6-4053-8C95-B15A59E46A77}" = rport=445 | protocol=6 | dir=out | app=system | 
"{69F3B35F-02B4-45F6-8F49-1C7131DE3D77}" = lport=445 | protocol=6 | dir=in | app=system | 
"{78356BC9-0C46-4477-A94E-6E85554B3A4C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{78D0CE13-E2E0-4CCF-9FA2-5535EC520285}" = lport=137 | protocol=17 | dir=in | app=system | 
"{82BCCD95-4DA4-453A-A2B6-81B095010D33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{84402423-1A20-4FF3-A47F-56B75E6CEB29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{86DE8C28-E126-4101-AE54-DAB8267011B7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{907A55E2-E373-423F-8234-9D44001F184B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9340674A-CE7E-4F29-BAC9-B9B28A23888C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{934AAB52-021D-4D2B-B449-AD458F8936F4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{93A41E69-D577-460B-AD5A-E3A32D0CC4BF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A70D3848-9521-4012-BFAA-7396CCEE18B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BD8B456F-5511-4D63-9148-FE947B7CF050}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DD5B0FBA-0EFC-430F-8C1D-FFC41B5DB290}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F5493B7F-D98E-45E2-9514-D82103BB37B7}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B197A49-A73E-47E3-B309-ACFDB9B146DD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2BCD06A3-6885-48D5-B990-B13164FAD3A5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{5B2FEFFA-2D73-4257-B226-FF588250AE0E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{64313718-B1B4-4E86-AB5F-4249A2F1F363}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{7D55EBC5-DB96-428B-97F3-328E219FFEEC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{88DF8F50-648B-4BC4-A828-D00366BE1301}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{93F53564-F367-4360-AAA4-96DBD12F1615}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{A2B5788F-F77E-4F39-BC68-FA5E6FCA7A99}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EAD65076-89F6-4920-A732-1B6D8C810E95}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{EB6F5F1F-B052-46FC-8A70-6FE065AB63AB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F8055864-2F90-409B-97A6-61E3DEAECF3D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{13AC81CD-F6F0-4195-B89C-FA024D906EF4}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"TCP Query User{CB714EF5-5CC6-4B48-A373-12AC0DD1DAFE}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{BCE37923-4BAE-42D1-9A00-438DEF38A1CF}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{E58D8262-CC5B-4698-A858-2210536B4938}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6336C0CC-BA32-4949-9D3D-C86B76147CCA}" = 3G Connection Manager
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{715B225A-D37B-4967-BF83-C1A0FCBBE63D}" = Mobile PhoneTools
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAD8718D-950E-468D-BDE2-17D4D6F1EA6A}" = FontResizer
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS VIBE" = ASUS VIBE
"Asus WebStorage" = Asus WebStorage
"Bandoo" = Bandoo
"BearShare" = BearShare
"BearShare 2 MediaBar" = MediaBar
"Eee Docking_is1" = Eee Docking 2.6.0
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"RegClean Pro_is1" = RegClean Pro
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.01.2012 17:43:03 | Computer Name = ani-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 19.01.2012 17:44:38 | Computer Name = ani-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\3g
 connection manager\Drivers\Bandrich\x64\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.01.2012 10:30:58 | Computer Name = ani-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 21.01.2012 10:34:02 | Computer Name = ani-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\3g
 connection manager\Drivers\Bandrich\x64\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.01.2012 06:03:53 | Computer Name = ani-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 22.01.2012 06:07:07 | Computer Name = ani-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\3g
 connection manager\Drivers\Bandrich\x64\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.01.2012 17:59:01 | Computer Name = ani-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
 Zeitstempel: 0x4eb4a5ea  Name des fehlerhaften Moduls: Flash10c.ocx, Version: 10.0.32.18,
 Zeitstempel: 0x4a613d79  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001579a2  ID des fehlerhaften
 Prozesses: 0xde4  Startzeit der fehlerhaften Anwendung: 0x01ccd9a07183c8b3  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash10c.ocx  Berichtskennung:
 74f404ee-460d-11e1-8ae7-001e101f50a4
 
Error - 24.01.2012 05:46:58 | Computer Name = ani-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
 Zeitstempel: 0x4eb4a5ea  Name des fehlerhaften Moduls: Flash10c.ocx, Version: 10.0.32.18,
 Zeitstempel: 0x4a613d79  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001579a2  ID des fehlerhaften
 Prozesses: 0x1190  Startzeit der fehlerhaften Anwendung: 0x01ccda6602e94682  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash10c.ocx  Berichtskennung:
 5b42fb71-4670-11e1-8a16-001e101f7f74
 
Error - 24.01.2012 05:47:03 | Computer Name = ani-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
 Zeitstempel: 0x4eb4a5ea  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16624,
 Zeitstempel: 0x4c297c56  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00095b51  ID des fehlerhaften
 Prozesses: 0x1190  Startzeit der fehlerhaften Anwendung: 0x01ccda6602e94682  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\windows\system32\ole32.dll  Berichtskennung: 5e28edf3-4670-11e1-8a16-001e101f7f74
 
Error - 24.01.2012 17:30:31 | Computer Name = ani-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
 Zeitstempel: 0x4eb4a5ea  Name des fehlerhaften Moduls: Flash10c.ocx, Version: 10.0.32.18,
 Zeitstempel: 0x4a613d79  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001579a2  ID des fehlerhaften
 Prozesses: 0x1354  Startzeit der fehlerhaften Anwendung: 0x01ccda65dc61cb0d  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash10c.ocx  Berichtskennung:
 a3a3c2bf-46d2-11e1-8a16-001e101f7f74
 
Error - 24.01.2012 17:30:36 | Computer Name = ani-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
 Zeitstempel: 0x4eb4a5ea  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16624,
 Zeitstempel: 0x4c297c56  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00095b51  ID des fehlerhaften
 Prozesses: 0x1354  Startzeit der fehlerhaften Anwendung: 0x01ccda65dc61cb0d  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\windows\system32\ole32.dll  Berichtskennung: a6bc6cfa-46d2-11e1-8a16-001e101f7f74
 
[ OSession Events ]
Error - 23.01.2013 05:39:37 | Computer Name = ani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 61461
 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error - 23.01.2013 07:05:34 | Computer Name = ani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1217
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12.09.2013 06:40:38 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.09.2013 06:40:38 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.09.2013 06:40:38 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.09.2013 06:40:38 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.09.2013 06:42:05 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 12.09.2013 06:42:05 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%126
 
Error - 12.09.2013 06:44:11 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%126
 
Error - 12.09.2013 06:44:11 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 12.09.2013 06:55:49 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.09.2013 06:56:32 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-12 13:33:00
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0002 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ani\AppData\Local\Temp\uwldrpow.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13F9                                                        81E7E829 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           81EA3132 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys

Device          \FileSystem\fastfat \Fat                                                                         AB219130

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243df175e                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a3c011                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a3c011@2421ab1854d0         0x56 0xB7 0x2D 0x0D ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a3c011@00265d5b841a         0xA8 0xED 0xCC 0x99 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a3c011@b8f9345bba9b         0xEA 0xB0 0xBD 0x32 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a3c011@3017c80991f4         0x66 0xBB 0x26 0xDE ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243df175e (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a3c011 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a3c011@2421ab1854d0             0x56 0xB7 0x2D 0x0D ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a3c011@00265d5b841a             0xA8 0xED 0xCC 0x99 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a3c011@b8f9345bba9b             0xEA 0xB0 0xBD 0x32 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a3c011@3017c80991f4             0x66 0xBB 0x26 0xDE ...

---- EOF - GMER 2.1 ----
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-08-2013 (ATTENTION: ====> FRST version is 17 days old and could be outdated)
Ran by ani (administrator) on 12-09-2013 13:33:44
Running from C:\Users\ani\Desktop
Windows 7 Starter (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [750008 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotKeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [EeeStorageBackup] - C:\Program Files\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-25] (ECAREME)
HKLM\...\Run: [UfSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1024368 2009-08-22] (Trend Micro Inc.)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [DATAMNGR] - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE [1114552 2011-01-06] (MusicLab, LLC)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKCU\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [402608 2009-08-25] ()
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: {3b5d73e6-479a-11e2-9d4c-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {67441d6a-6a85-11df-bd92-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {67441d8f-6a85-11df-bd92-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {8acdd4ef-eed6-11e0-8a24-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790c7-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790d9-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790e3-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790e6-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {a2e8b479-f645-11df-b20b-0025d3a3c011} - F:\AutoRun.exe
MountPoints2: {a4c600f1-f7b1-11df-9d2d-90e6baf33f7d} - F:\AutoRun.exe
MountPoints2: {b2a81b65-eeba-11e0-a6d2-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {c561bf37-ef26-11e0-8a3b-90e6baf33f7d} - E:\AutoRun.exe
HKU\Default\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
HKU\Default User\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=MAAU&ocid=bb7hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://asus.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/
hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKCU - {1696E378-D1E9-42B9-9AED-24A1EF1BFF79} URL = hxxp://www.bing.com/search?FORM=ASUBDF&PC=MAAU&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = hxxp://www.searchqu.com/web?src=ieb&q={SearchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll ()
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: BandooIEPlugin Class - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Discordia Limited)
Toolbar: HKLM - MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll ()
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Users\ani\AppData\Roaming\Mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File

========================== Services (Whitelisted) =================

S2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] ()
S2 Bandoo Coordinator; C:\PROGRA~1\Bandoo\Bandoo.exe [1678272 2010-01-19] (Discordia Limited)
S2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [715368 2009-08-22] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345352 2009-08-22] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [497008 2009-08-22] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [689416 2009-08-22] (Trend Micro Inc.)
S2 Winmgmt; C:\PROGRA~2\thidwhnakbhftduwajt.bfg [x]

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59920 2009-08-22] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [158224 2009-08-22] (Trend Micro Inc.)
S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [50704 2009-08-22] (Trend Micro Inc.)
S3 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146448 2009-08-22] (Trend Micro Inc.)
S3 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [36368 2009-08-22] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-08-22] (Trend Micro Inc.)
S3 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [283152 2009-08-22] (Trend Micro Inc.)
S3 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [225808 2009-08-22] (Trend Micro Inc.)
S3 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1223832 2009-08-22] (Trend Micro Inc.)
U3 uwldrpow; \??\C:\Users\ani\AppData\Local\Temp\uwldrpow.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-12 13:33 - 2013-08-26 21:10 - 01070979 _____ (Farbar) C:\Users\ani\Desktop\FRST.exe
2013-09-12 12:58 - 2013-07-18 22:54 - 00377856 _____ C:\Users\ani\Desktop\gmer_2.1.19163.exe
2013-09-12 12:41 - 2013-09-12 12:59 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-09-12 12:41 - 2013-07-18 22:49 - 00602112 _____ (OldTimer Tools) C:\Users\ani\Desktop\OTL.exe
2013-08-16 15:51 - 2013-08-16 15:51 - 00006576 ____N C:\bootsqm.dat
2013-08-16 13:17 - 2013-08-16 13:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 13:16 - 2013-08-16 13:16 - 00000000 ____D C:\Users\ani\Documents\Fax

==================== One Month Modified Files and Folders =======

2013-09-12 13:33 - 2013-09-12 13:33 - 00000000 ____D C:\FRST
2013-09-12 13:06 - 2010-01-24 00:23 - 00000000 ____D C:\Users\ani\AppData\Local\BearShare
2013-09-12 13:06 - 2010-01-22 20:58 - 00000000 ____D C:\Users\ani\Tracing
2013-09-12 13:06 - 2009-09-15 20:13 - 00000000 ____D C:\windows\panther
2013-09-12 13:03 - 2011-11-20 11:43 - 00000000 ____D C:\windows\Minidump
2013-09-12 12:59 - 2013-09-12 12:41 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-09-12 12:37 - 2012-06-27 19:04 - 00001088 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-12 12:36 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-26 21:10 - 2013-09-12 13:33 - 01070979 _____ (Farbar) C:\Users\ani\Desktop\FRST.exe
2013-08-16 18:21 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\wfp
2013-08-16 18:21 - 2009-07-14 04:37 - 00000000 ____D C:\windows\registration
2013-08-16 17:30 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-16 17:30 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-16 17:26 - 2012-11-08 19:10 - 00001414 _____ C:\Users\ani\Desktop\Registry kostenlos entrümpeln!.lnk
2013-08-16 17:24 - 2012-06-27 19:04 - 00001092 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-16 17:23 - 2010-01-22 16:28 - 00000000 ____D C:\Users\ani
2013-08-16 15:51 - 2013-08-16 15:51 - 00006576 ____N C:\bootsqm.dat
2013-08-16 13:17 - 2013-08-16 13:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 13:16 - 2013-08-16 13:16 - 00000000 ____D C:\Users\ani\Documents\Fax

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-11-16 16:20

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-08-2013
Ran by ani at 2013-09-12 13:35:10
Running from C:\Users\ani\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
3G Connection Manager (Version: 2.00)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6)
Advanced System Protector (Version: 2.1.1000.9972)
ASUS VIBE (Version: 1.0.166)
Asus WebStorage (Version: 2.0.31.477)
ASUSUpdate for Eee PC
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.10)
Bandoo
BearShare (Version: 9.0.0.98413)
Bing Bar (Version: 7.1.391.0)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
E-Cam (Version: 2.0.1.7)
Eee Docking 2.6.0 (Version: 2.6.0)
EeeSplendid (Version: 5.1.2.0004)
FontResizer (Version: 1.01.0007)
Google Chrome (Version: 28.0.1500.95)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
Hotkey Service (Version: 1.11)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 14.0.8089.726)
MediaBar (Version: 2.5.0.98385)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mobile Partner (Version: 16.001.06.03.52)
Mobile PhoneTools (Version: 3.55)
MSVCRT (Version: 14.0.1468.721)
Ralink RT2860 Wireless LAN Card (Version: 1.2.0.1)
Realtek High Definition Audio Driver (Version: 6.0.1.5898)
RegClean Pro (Version: 6.21)
Super Hybrid Engine (Version: 2.09)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
Trend Micro Internet Security (Version: 17.50)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
 

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {179B024B-098E-44D8-80E0-7BFE061DF324} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {1865F8D6-928F-4AB4-8301-DB342545E01F} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files\RegClean Pro\RegCleanPro.exe [2012-09-21] (Systweak Inc)
Task: {6A2E9BCD-93DD-4F5A-AEC2-3729B7D67213} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-27] (Google Inc.)
Task: {6D2FFD4C-39D9-477C-A8B2-24864CF899A7} - System32\Tasks\User_Feed_Synchronization-{E05BD53F-55BE-4FD5-AB3E-AAF284007120} => C:\windows\system32\msfeedssync.exe [2012-02-20] (Microsoft Corporation)
Task: {88CFFC87-85BD-4B7F-B7C2-5C14A1BC2B40} - System32\Tasks\Advanced System Protector_startup => C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe [2012-09-24] (Systweak)
Task: {97230E64-397F-4971-B494-02D86A01FBA7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4007594265-3339371781-3975660076-1000
Task: {AE35E485-344D-4A17-851F-990A61509E26} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-27] (Google Inc.)
Task: {C24E52BC-FA34-49F1-9F1E-9EF4D983C6B0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-30] (Adobe Systems Incorporated)
Task: {DC25468F-731E-4F06-97C8-05537168A469} - System32\Tasks\RegClean Pro => C:\Program Files\RegClean Pro\RegCleanPro.exe [2012-09-21] (Systweak Inc)
Task: {F604F448-3400-4924-8018-4A768FC8A265} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files\RegClean Pro\RegCleanPro.exe [2012-09-21] (Systweak Inc)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files\RegClean Pro\RegCleanPro.exe
Task: C:\windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files\RegClean Pro\RegCleanPro.exe

==================== Faulty Device Manager Devices =============

Could not list Devices.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/12/2013 01:22:07 PM) (Source: PerfNet) (User: )
Description: 

Error: (09/12/2013 01:22:07 PM) (Source: PerfNet) (User: )
Description: 

Error: (09/12/2013 00:53:02 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/12/2013 00:38:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SuperHybridEngine.exe, Version: 6.1.1.2009, Zeitstempel: 0x4aa62cec
Name des fehlerhaften Moduls: SuperHybridEngine.exe, Version: 6.1.1.2009, Zeitstempel: 0x4aa62cec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011f42
ID des fehlerhaften Prozesses: 0xb74
Startzeit der fehlerhaften Anwendung: 0xSuperHybridEngine.exe0
Pfad der fehlerhaften Anwendung: SuperHybridEngine.exe1
Pfad des fehlerhaften Moduls: SuperHybridEngine.exe2
Berichtskennung: SuperHybridEngine.exe3

Error: (09/12/2013 00:38:06 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0xb7c
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3

Error: (08/16/2013 05:45:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0xf84
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3

Error: (08/16/2013 05:44:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0x15f8
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3

Error: (08/16/2013 05:43:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0x1088
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3

Error: (08/16/2013 05:42:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0xa30
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3

Error: (08/16/2013 05:41:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0x157c
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3


System errors:
=============
Error: (09/12/2013 01:35:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (09/12/2013 01:35:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/12/2013 01:35:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/12/2013 01:35:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (09/12/2013 01:34:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/12/2013 01:34:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/12/2013 01:34:14 PM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (09/12/2013 01:33:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (09/12/2013 00:59:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/12/2013 00:56:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (02/02/2013 07:15:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 544051 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (01/23/2013 01:05:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1217 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (01/23/2013 11:39:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 61461 seconds with 720 seconds of active time.  This session ended with a crash.
         

Alt 12.09.2013, 13:08   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. - Standard

Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.



Hi,
da müssen wir von Aussen ran:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 12.09.2013, 13:36   #3
grizly354
 
Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. - Standard

Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.



habe ich gemacht.
Ich muss noch sagen, dass im Autostart eine Verknüpfung war die ich vor den Scans gelöscht habe.

Hier nochmal der Scan über "Computer reparieren"


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-08-2013 (ATTENTION: ====> FRST version is 17 days old and could be outdated)
Ran by SYSTEM on 12-09-2013 14:26:25
Running from F:\_ANTIVIR
Windows 7 Starter (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [750008 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotKeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [EeeStorageBackup] - C:\Program Files\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-25] (ECAREME)
HKLM\...\Run: [UfSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1024368 2009-08-22] (Trend Micro Inc.)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [DATAMNGR] - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE [1114552 2011-01-06] (MusicLab, LLC)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKU\ani\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
HKU\ani\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Default\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
HKU\Default User\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
Startup: C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] ()
S2 Bandoo Coordinator; C:\PROGRA~1\Bandoo\Bandoo.exe [1678272 2010-01-19] (Discordia Limited)
S2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [715368 2009-08-22] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345352 2009-08-22] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [497008 2009-08-22] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [689416 2009-08-22] (Trend Micro Inc.)
S2 Winmgmt; C:\PROGRA~2\thidwhnakbhftduwajt.bfg [x]

==================== Drivers (Whitelisted) ====================

S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59920 2009-08-22] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [158224 2009-08-22] (Trend Micro Inc.)
S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [50704 2009-08-22] (Trend Micro Inc.)
S3 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146448 2009-08-22] (Trend Micro Inc.)
S3 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [36368 2009-08-22] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-08-22] (Trend Micro Inc.)
S3 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [283152 2009-08-22] (Trend Micro Inc.)
S3 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [225808 2009-08-22] (Trend Micro Inc.)
S3 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1223832 2009-08-22] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-12 13:20 - 2013-09-12 13:20 - 00334608 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-12 13:20 - 2013-09-12 13:20 - 00000056 _____ C:\Windows\setupact.log
2013-09-12 13:20 - 2013-09-12 13:20 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 12:36 - 2013-09-12 12:36 - 00014128 _____ C:\Users\ani\Desktop\FRST.txt
2013-09-12 12:35 - 2013-09-12 12:36 - 00017114 _____ C:\Users\ani\Desktop\Addition.txt
2013-09-12 12:33 - 2013-09-12 12:33 - 00000000 ____D C:\FRST
2013-09-12 12:33 - 2013-08-26 20:10 - 01070979 _____ (Farbar) C:\Users\ani\Desktop\FRST.exe
2013-09-12 11:58 - 2013-07-18 21:54 - 00377856 _____ C:\Users\ani\Desktop\gmer_2.1.19163.exe
2013-09-12 11:41 - 2013-09-12 11:59 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-09-12 11:41 - 2013-07-18 21:49 - 00602112 _____ (OldTimer Tools) C:\Users\ani\Desktop\OTL.exe
2013-08-16 14:51 - 2013-08-16 14:51 - 00006576 ____N C:\bootsqm.dat
2013-08-16 12:17 - 2013-08-16 12:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 12:16 - 2013-08-16 12:16 - 00000000 ____D C:\Users\ani\Documents\Fax

==================== One Month Modified Files and Folders =======

2013-09-12 13:24 - 2013-09-12 13:23 - 00001176 _____ C:\Windows\WindowsUpdate.log
2013-09-12 13:24 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 13:24 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 13:20 - 2013-09-12 13:20 - 00334608 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-12 13:20 - 2013-09-12 13:20 - 00000056 _____ C:\Windows\setupact.log
2013-09-12 13:20 - 2013-09-12 13:20 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 12:36 - 2013-09-12 12:36 - 00014128 _____ C:\Users\ani\Desktop\FRST.txt
2013-09-12 12:36 - 2013-09-12 12:35 - 00017114 _____ C:\Users\ani\Desktop\Addition.txt
2013-09-12 12:33 - 2013-09-12 12:33 - 00000000 ____D C:\FRST
2013-09-12 12:06 - 2010-01-23 23:23 - 00000000 ____D C:\Users\ani\AppData\Local\BearShare
2013-09-12 12:06 - 2010-01-22 19:58 - 00000000 ____D C:\Users\ani\Tracing
2013-09-12 12:06 - 2009-09-15 19:13 - 00000000 ____D C:\Windows\panther
2013-09-12 12:03 - 2011-11-20 10:43 - 00000000 ____D C:\Windows\Minidump
2013-09-12 11:59 - 2013-09-12 11:41 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-08-26 20:10 - 2013-09-12 12:33 - 01070979 _____ (Farbar) C:\Users\ani\Desktop\FRST.exe
2013-08-16 17:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp
2013-08-16 17:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-08-16 16:26 - 2012-11-08 18:10 - 00001414 _____ C:\Users\ani\Desktop\Registry kostenlos entrümpeln!.lnk
2013-08-16 16:23 - 2010-01-22 15:28 - 00000000 ____D C:\users\ani
2013-08-16 14:51 - 2013-08-16 14:51 - 00006576 ____N C:\bootsqm.dat
2013-08-16 12:17 - 2013-08-16 12:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 12:16 - 2013-08-16 12:16 - 00000000 ____D C:\Users\ani\Documents\Fax

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-10 23:32:18
Restore point made on: 2013-08-16 12:00:41
Restore point made on: 2013-08-16 16:31:48

==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 1015.24 MB
Available physical RAM: 653.47 MB
Total Pagefile: 1015.24 MB
Available Pagefile: 649.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:75.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:122.87 GB) (Free:122.65 GB) NTFS
Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive f: (OTLPE) (Removable) (Total:7.48 GB) (Free:6.67 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: FA799A37)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=123 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=1B)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: E1A8E1A8)
Partition 1: (Active) - (Size=7 GB) - (Type=0E)


LastRegBack: 2012-11-16 15:20

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Geändert von grizly354 (12.09.2013 um 13:49 Uhr)

Alt 12.09.2013, 17:36   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. - Standard

Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.



Lösch bitte FRST und lad ne neue Version, deine ist uralt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.09.2013, 19:27   #5
grizly354
 
Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. - Standard

Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.



Zitat:
FRST version is 17 days old and could be outdated
uralt?

ok ich lade eine neue und mache es nochmal.
Der GVU Trojaner ist weg, ich kann auch in den normalen Modus rein.
Es kann sein dass noch trojanerreste da sind. WindowsSicherheitsCenter geht z.B. nicht.
Melde mich in 15 min wegen dem Scan.

hier der scan mit der neuen FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 02
Ran by SYSTEM on MININT-DCM17IU on 12-09-2013 20:23:58
Running from C:\FRST
Windows 7 Starter (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [750008 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotKeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [EeeStorageBackup] - C:\Program Files\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-25] (ECAREME)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [136600 2013-07-23] (Trend Micro Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\ani\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
HKU\ani\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Default\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
HKU\Default User\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
Startup: C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] ()
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [x]
S2 Winmgmt; C:\PROGRA~2\thidwhnakbhftduwajt.bfg [x]

==================== Drivers (Whitelisted) ====================

S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [102904 2013-07-18] (Trend Micro Inc.)
S0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [288840 2013-07-18] (Trend Micro Inc.)
S0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85280 2013-06-13] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [83352 2013-07-18] (Trend Micro Inc.)
S3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [282272 2013-05-22] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.)
S2 TMAgent; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-12 18:02 - 2013-09-12 18:06 - 167164267 _____ C:\Users\ani\Downloads\Windows6.1-KB947821-v28-x86.msu
2013-09-12 18:01 - 2013-09-12 18:02 - 02002416 _____ (Trend Micro Inc.) C:\Users\ani\Downloads\HousecallLauncher.exe
2013-09-12 16:48 - 2013-09-12 16:48 - 00000000 ____D C:\Windows\System32\MRT
2013-09-12 16:12 - 2013-09-12 16:25 - 563934504 _____ (Microsoft Corporation) C:\Users\ani\Downloads\windows6.1-KB976932-x86.exe
2013-09-12 15:45 - 2013-09-12 15:45 - 00000000 ____D C:\ProgramData\Oracle
2013-09-12 15:45 - 2013-09-12 15:45 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-12 15:44 - 2013-09-12 15:42 - 00868264 _____ (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-09-12 15:44 - 2013-09-12 15:42 - 00264616 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-09-12 15:43 - 2013-09-12 15:42 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-09-12 15:43 - 2013-09-12 15:42 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-09-12 15:43 - 2013-09-12 15:42 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-09-12 15:41 - 2013-09-12 15:41 - 00000000 ____D C:\Program Files\Java
2013-09-12 15:34 - 2013-09-12 15:34 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-12 15:30 - 2013-09-12 15:30 - 00001949 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-12 15:25 - 2013-09-12 15:26 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-12 15:00 - 2013-09-12 19:09 - 00000000 ____D C:\Users\ani\AppData\Roaming\U3
2013-09-12 14:58 - 2013-09-12 14:58 - 00000000 ___HD C:\TMRescueDisk
2013-09-12 14:54 - 2013-07-18 05:25 - 00288840 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2013-09-12 14:54 - 2013-07-18 05:25 - 00102904 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys
2013-09-12 14:54 - 2013-07-18 05:25 - 00083352 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys
2013-09-12 14:54 - 2013-07-01 14:08 - 00040736 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\TMEBC32.sys
2013-09-12 14:54 - 2013-06-13 07:35 - 00085280 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmeevw.sys
2013-09-12 14:54 - 2013-05-22 16:37 - 00282272 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmnciesc.sys
2013-09-12 14:54 - 2012-05-02 20:27 - 00092304 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys
2013-09-12 14:50 - 2013-09-12 14:50 - 00000059 _____ C:\Windows\System32\SupportTool.exe.bat
2013-09-12 14:48 - 2013-09-12 14:48 - 00000000 ____D C:\Program Files\Trend Micro
2013-09-12 14:45 - 2013-09-12 14:45 - 00000036 _____ C:\Users\ani\AppData\Local\housecall.guid.cache
2013-09-12 14:42 - 2013-09-12 17:07 - 00007098 _____ C:\Windows\PFRO.log
2013-09-12 14:14 - 2013-09-12 14:15 - 06631816 _____ (Trend Micro Inc.) C:\Users\ani\Downloads\TTi_7.0_MR_Downloader.exe
2013-09-12 14:02 - 2013-09-12 14:02 - 00079592 _____ C:\Users\ani\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-12 13:23 - 2013-09-12 19:22 - 00190331 _____ C:\Windows\WindowsUpdate.log
2013-09-12 13:20 - 2013-09-12 17:33 - 00001189 _____ C:\Windows\setupact.log
2013-09-12 13:20 - 2013-09-12 13:20 - 00334608 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-12 13:20 - 2013-09-12 13:20 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 12:33 - 2013-09-12 19:21 - 00000000 ____D C:\FRST
2013-09-12 11:41 - 2013-09-12 11:59 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-08-16 12:17 - 2013-08-16 12:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 12:16 - 2013-08-16 12:16 - 00000000 ____D C:\Users\ani\Documents\Fax

==================== One Month Modified Files and Folders =======

2013-09-12 19:22 - 2013-09-12 13:23 - 00190331 _____ C:\Windows\WindowsUpdate.log
2013-09-12 19:21 - 2013-09-12 12:33 - 00000000 ____D C:\FRST
2013-09-12 19:09 - 2013-09-12 15:00 - 00000000 ____D C:\Users\ani\AppData\Roaming\U3
2013-09-12 18:48 - 2013-09-12 18:48 - 00000000 ____D C:\Windows\CheckSur
2013-09-12 18:06 - 2013-09-12 18:02 - 167164267 _____ C:\Users\ani\Downloads\Windows6.1-KB947821-v28-x86.msu
2013-09-12 18:02 - 2013-09-12 18:01 - 02002416 _____ (Trend Micro Inc.) C:\Users\ani\Downloads\HousecallLauncher.exe
2013-09-12 17:57 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 17:57 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 17:34 - 2010-01-22 19:58 - 00000000 ____D C:\Users\ani\Tracing
2013-09-12 17:33 - 2013-09-12 13:20 - 00001189 _____ C:\Windows\setupact.log
2013-09-12 17:07 - 2013-09-12 14:42 - 00007098 _____ C:\Windows\PFRO.log
2013-09-12 16:56 - 2013-09-12 16:48 - 00000000 ____D C:\Windows\System32\MRT
2013-09-12 16:25 - 2013-09-12 16:12 - 563934504 _____ (Microsoft Corporation) C:\Users\ani\Downloads\windows6.1-KB976932-x86.exe
2013-09-12 16:10 - 2009-09-15 19:46 - 00000000 ____D C:\ProgramData\Trend Micro
2013-09-12 15:45 - 2013-09-12 15:45 - 00000000 ____D C:\ProgramData\Oracle
2013-09-12 15:45 - 2013-09-12 15:45 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-12 15:42 - 2013-09-12 15:44 - 00868264 _____ (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-09-12 15:42 - 2013-09-12 15:44 - 00264616 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-09-12 15:42 - 2013-09-12 15:43 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-09-12 15:42 - 2013-09-12 15:43 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-09-12 15:42 - 2013-09-12 15:43 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-09-12 15:42 - 2012-06-18 15:41 - 00790440 _____ (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-09-12 15:41 - 2013-09-12 15:41 - 00000000 ____D C:\Program Files\Java
2013-09-12 15:41 - 2010-10-06 16:37 - 00000000 ____D C:\Users\ani\AppData\Roaming\Mozilla
2013-09-12 15:34 - 2013-09-12 15:34 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-12 15:33 - 2010-10-06 16:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-12 15:33 - 2010-01-22 15:28 - 00000000 ____D C:\Users\ani\AppData\Local\Adobe
2013-09-12 15:30 - 2013-09-12 15:30 - 00001949 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-12 15:26 - 2013-09-12 15:25 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-12 15:25 - 2009-09-15 19:38 - 00000000 ____D C:\ProgramData\Adobe
2013-09-12 15:25 - 2009-09-15 19:37 - 00000000 ____D C:\Program Files\Adobe
2013-09-12 15:20 - 2012-07-09 17:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-09-12 15:20 - 2012-07-09 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-09-12 14:58 - 2013-09-12 14:58 - 00000000 ___HD C:\TMRescueDisk
2013-09-12 14:50 - 2013-09-12 14:50 - 00000059 _____ C:\Windows\System32\SupportTool.exe.bat
2013-09-12 14:48 - 2013-09-12 14:48 - 00000000 ____D C:\Program Files\Trend Micro
2013-09-12 14:45 - 2013-09-12 14:45 - 00000036 _____ C:\Users\ani\AppData\Local\housecall.guid.cache
2013-09-12 14:42 - 2012-06-27 18:03 - 00000000 ____D C:\Program Files\Google
2013-09-12 14:42 - 2010-01-24 17:22 - 00000000 ____D C:\Program Files\Bandoo
2013-09-12 14:36 - 2012-10-12 16:20 - 00000000 ____D C:\Users\ani\AppData\Roaming\Systweak
2013-09-12 14:32 - 2010-01-23 23:23 - 00000000 ____D C:\Program Files\BearShare Applications
2013-09-12 14:30 - 2012-06-27 18:03 - 00000000 ____D C:\Users\ani\AppData\Local\Google
2013-09-12 14:15 - 2013-09-12 14:14 - 06631816 _____ (Trend Micro Inc.) C:\Users\ani\Downloads\TTi_7.0_MR_Downloader.exe
2013-09-12 14:02 - 2013-09-12 14:02 - 00079592 _____ C:\Users\ani\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-12 13:20 - 2013-09-12 13:20 - 00334608 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-12 13:20 - 2013-09-12 13:20 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 12:06 - 2010-01-23 23:23 - 00000000 ____D C:\Users\ani\AppData\Local\BearShare
2013-09-12 12:06 - 2009-09-15 19:13 - 00000000 ____D C:\Windows\panther
2013-09-12 12:03 - 2011-11-20 10:43 - 00000000 ____D C:\Windows\Minidump
2013-09-12 11:59 - 2013-09-12 11:41 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-08-16 17:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp
2013-08-16 17:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-08-16 16:23 - 2010-01-22 15:28 - 00000000 ____D C:\users\ani
2013-08-16 12:17 - 2013-08-16 12:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 12:16 - 2013-08-16 12:16 - 00000000 ____D C:\Users\ani\Documents\Fax

Files to move or delete:
====================
C:\ProgramData\hpeC486.dll
C:\Users\ani\AppData\Local\Temp\nsyA0D1.tmp.exe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-10 23:32:18
Restore point made on: 2013-08-16 12:00:41
Restore point made on: 2013-08-16 16:31:48
Restore point made on: 2013-09-12 14:16:20
Restore point made on: 2013-09-12 14:30:48
Restore point made on: 2013-09-12 15:10:34
Restore point made on: 2013-09-12 15:38:24
Restore point made on: 2013-09-12 16:47:17
Restore point made on: 2013-09-12 18:48:17

==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 1015.24 MB
Available physical RAM: 654.58 MB
Total Pagefile: 1015.24 MB
Available Pagefile: 651.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:69.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:122.87 GB) (Free:122.65 GB) NTFS
Drive e: (OTLPE) (Removable) (Total:7.49 GB) (Free:6.76 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: FA799A37)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=123 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=1B)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=8 GB) - (Type=0B)


LastRegBack: 2012-11-16 15:20

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 13.09.2013, 08:39   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. - Standard

Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.



Zitat:
Der GVU Trojaner ist weg, ich kann auch in den normalen Modus rein.
Sag das doch

Dann bitte FRST vom Desktop aus scannen lassen.
__________________
--> Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.

Alt 13.09.2013, 20:42   #7
grizly354
 
Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. - Standard

Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013 02
Ran by ani (administrator) on ANI-PC on 13-09-2013 21:02:31
Running from C:\Users\ani\Desktop
Windows 7 Starter (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [750008 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotKeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [136600 2013-07-23] (Trend Micro Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [402608 2009-08-25] ()
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
MountPoints2: E - E:\LaunchU3.exe -a
MountPoints2: {3b5d73e6-479a-11e2-9d4c-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {67441d6a-6a85-11df-bd92-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {67441d8f-6a85-11df-bd92-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {8acdd4ef-eed6-11e0-8a24-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790c7-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790d9-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790e3-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790e6-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {a2e8b479-f645-11df-b20b-0025d3a3c011} - F:\AutoRun.exe
MountPoints2: {a4c600f1-f7b1-11df-9d2d-90e6baf33f7d} - F:\AutoRun.exe
MountPoints2: {b2a81b65-eeba-11e0-a6d2-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {c561bf37-ef26-11e0-8a3b-90e6baf33f7d} - E:\AutoRun.exe
HKU\Default\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
HKU\Default User\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
Startup: C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://asus.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD7F808508139CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKCU - DefaultScope {1696E378-D1E9-42B9-9AED-24A1EF1BFF79} URL = hxxp://www.bing.com/search?FORM=ASUBDF&PC=MAAU&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {1696E378-D1E9-42B9-9AED-24A1EF1BFF79} URL = hxxp://www.bing.com/search?FORM=ASUBDF&PC=MAAU&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = 
BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll No File
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll (Trend Micro Inc.)
BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\TmBpIe32.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll No File
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)

FireFox:
========
FF ProfilePath: C:\Users\ani\AppData\Roaming\Mozilla\Firefox\Profiles\xmjfs0dr.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\ani\AppData\Roaming\Mozilla\Firefox\Profiles\xmjfs0dr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\firefoxextension
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Users\ani\AppData\Roaming\Mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Extension: (TrendMicro BEP Extension) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee\8.0.0.1095_0
CHR Extension: (Adblock Plus) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Trend Micro NSC Chrome Extension) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dflinnddekagfkncpgojoppgnppfkbkj\6.8.0.1118_0
CHR Extension: (Trend Micro Toolbar) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\7.0.0.1151_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\chrome_tmbep.crx
CHR HKLM\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - C:\Program Files\Trend Micro\AMSP\module\20004\ChromeExt\chromeextension\TmNSCChromeExt.crx
CHR HKLM\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\chromeextension.crx

========================== Services (Whitelisted) =================

R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] ()
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [x]
S2 Winmgmt; C:\PROGRA~2\thidwhnakbhftduwajt.bfg [x]

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [102904 2013-07-18] (Trend Micro Inc.)
S0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [288840 2013-07-18] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85280 2013-06-13] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [83352 2013-07-18] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [282272 2013-05-22] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.)
U2 TMAgent; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-13 21:02 - 2013-09-13 21:01 - 01082677 _____ (Farbar) C:\Users\ani\Desktop\FRST.exe
2013-09-13 18:18 - 2013-09-13 18:18 - 00000000 ____D C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2013-09-13 10:28 - 2013-07-18 06:25 - 00288840 ____N (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2013-09-13 00:12 - 2013-09-13 00:12 - 00001031 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-13 00:12 - 2013-09-13 00:12 - 00000000 ____D C:\Users\ani\AppData\Roaming\Malwarebytes
2013-09-13 00:12 - 2013-09-13 00:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-13 00:12 - 2013-09-13 00:12 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-13 00:12 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-09-12 22:14 - 2013-09-12 22:15 - 00000000 ____D C:\0daf7beb421a4831978034ec5e42
2013-09-12 19:48 - 2013-09-12 19:48 - 00000000 ____D C:\windows\CheckSur
2013-09-12 19:02 - 2013-09-12 19:06 - 167164267 _____ C:\Users\ani\Downloads\Windows6.1-KB947821-v28-x86.msu
2013-09-12 17:48 - 2013-09-13 09:25 - 00000000 ____D C:\windows\system32\MRT
2013-09-12 17:12 - 2013-09-12 17:25 - 563934504 _____ (Microsoft Corporation) C:\Users\ani\Downloads\windows6.1-KB976932-x86.exe
2013-09-12 16:45 - 2013-09-12 16:45 - 00000000 ____D C:\ProgramData\Oracle
2013-09-12 16:45 - 2013-09-12 16:45 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-12 16:44 - 2013-09-12 16:42 - 00868264 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2013-09-12 16:44 - 2013-09-12 16:42 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-09-12 16:43 - 2013-09-12 16:42 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-09-12 16:43 - 2013-09-12 16:42 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-09-12 16:43 - 2013-09-12 16:42 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-09-12 16:41 - 2013-09-12 16:41 - 00000000 ____D C:\Program Files\Java
2013-09-12 16:34 - 2013-09-12 16:34 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-12 16:30 - 2013-09-12 16:30 - 00001949 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-12 16:25 - 2013-09-12 16:26 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-12 16:03 - 2013-09-12 16:03 - 00000000 ____D C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
2013-09-12 16:00 - 2013-09-12 20:09 - 00000000 ____D C:\Users\ani\AppData\Roaming\U3
2013-09-12 15:58 - 2013-09-12 15:58 - 00000000 ___HD C:\TMRescueDisk
2013-09-12 15:54 - 2013-07-18 06:25 - 00102904 ____N (Trend Micro Inc.) C:\windows\system32\Drivers\tmactmon.sys
2013-09-12 15:54 - 2013-07-18 06:25 - 00083352 ____N (Trend Micro Inc.) C:\windows\system32\Drivers\tmevtmgr.sys
2013-09-12 15:54 - 2013-07-01 15:08 - 00040736 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\TMEBC32.sys
2013-09-12 15:54 - 2013-06-13 08:35 - 00085280 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmeevw.sys
2013-09-12 15:54 - 2013-05-22 17:37 - 00282272 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmnciesc.sys
2013-09-12 15:54 - 2012-05-02 21:27 - 00092304 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmtdi.sys
2013-09-12 15:50 - 2013-09-12 15:50 - 00000059 _____ C:\windows\system32\SupportTool.exe.bat
2013-09-12 15:48 - 2013-09-12 15:48 - 00000000 ____D C:\Program Files\Trend Micro
2013-09-12 15:45 - 2013-09-13 14:13 - 00000036 _____ C:\Users\ani\AppData\Local\housecall.guid.cache
2013-09-12 15:42 - 2013-09-13 09:29 - 00007714 _____ C:\windows\PFRO.log
2013-09-12 15:14 - 2013-09-12 15:15 - 06631816 _____ (Trend Micro Inc.) C:\Users\ani\Downloads\TTi_7.0_MR_Downloader.exe
2013-09-12 15:02 - 2013-09-12 15:02 - 00079592 _____ C:\Users\ani\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-12 14:23 - 2013-09-13 21:03 - 00527568 _____ C:\windows\WindowsUpdate.log
2013-09-12 14:20 - 2013-09-13 21:01 - 00003856 _____ C:\windows\setupact.log
2013-09-12 14:20 - 2013-09-12 14:20 - 00334608 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-12 14:20 - 2013-09-12 14:20 - 00000000 _____ C:\windows\setuperr.log
2013-09-12 13:33 - 2013-09-12 21:25 - 00000000 ____D C:\FRST
2013-09-12 12:41 - 2013-09-13 08:50 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-08-16 13:17 - 2013-08-16 13:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 13:16 - 2013-08-16 13:16 - 00000000 ____D C:\Users\ani\Documents\Fax

==================== One Month Modified Files and Folders =======

2013-09-13 21:03 - 2013-09-12 14:23 - 00527568 _____ C:\windows\WindowsUpdate.log
2013-09-13 21:01 - 2013-09-13 21:02 - 01082677 _____ (Farbar) C:\Users\ani\Desktop\FRST.exe
2013-09-13 21:01 - 2013-09-12 14:20 - 00003856 _____ C:\windows\setupact.log
2013-09-13 20:59 - 2012-06-27 19:04 - 00001088 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-13 20:59 - 2010-01-22 20:58 - 00000000 ____D C:\Users\ani\Tracing
2013-09-13 20:59 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-13 18:24 - 2012-06-27 19:04 - 00001092 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-13 18:18 - 2013-09-13 18:18 - 00000000 ____D C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2013-09-13 18:17 - 2012-07-09 18:22 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-13 17:15 - 2012-07-09 18:22 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-09-13 17:15 - 2012-07-09 18:22 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-13 14:30 - 2009-09-15 20:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 14:13 - 2013-09-12 15:45 - 00000036 _____ C:\Users\ani\AppData\Local\housecall.guid.cache
2013-09-13 10:26 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-13 10:26 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-13 09:29 - 2013-09-12 15:42 - 00007714 _____ C:\windows\PFRO.log
2013-09-13 09:25 - 2013-09-12 17:48 - 00000000 ____D C:\windows\system32\MRT
2013-09-13 08:50 - 2013-09-12 12:41 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-09-13 01:04 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-09-13 00:29 - 2010-01-22 22:18 - 00000000 ____D C:\windows\softwaredistribution.bak
2013-09-13 00:12 - 2013-09-13 00:12 - 00001031 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-13 00:12 - 2013-09-13 00:12 - 00000000 ____D C:\Users\ani\AppData\Roaming\Malwarebytes
2013-09-13 00:12 - 2013-09-13 00:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-13 00:12 - 2013-09-13 00:12 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-12 22:15 - 2013-09-12 22:14 - 00000000 ____D C:\0daf7beb421a4831978034ec5e42
2013-09-12 21:25 - 2013-09-12 13:33 - 00000000 ____D C:\FRST
2013-09-12 20:09 - 2013-09-12 16:00 - 00000000 ____D C:\Users\ani\AppData\Roaming\U3
2013-09-12 19:48 - 2013-09-12 19:48 - 00000000 ____D C:\windows\CheckSur
2013-09-12 19:06 - 2013-09-12 19:02 - 167164267 _____ C:\Users\ani\Downloads\Windows6.1-KB947821-v28-x86.msu
2013-09-12 17:25 - 2013-09-12 17:12 - 563934504 _____ (Microsoft Corporation) C:\Users\ani\Downloads\windows6.1-KB976932-x86.exe
2013-09-12 17:10 - 2009-09-15 20:46 - 00000000 ____D C:\ProgramData\Trend Micro
2013-09-12 16:45 - 2013-09-12 16:45 - 00000000 ____D C:\ProgramData\Oracle
2013-09-12 16:45 - 2013-09-12 16:45 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-12 16:42 - 2013-09-12 16:44 - 00868264 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2013-09-12 16:42 - 2013-09-12 16:44 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-09-12 16:42 - 2013-09-12 16:43 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-09-12 16:42 - 2013-09-12 16:43 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-09-12 16:42 - 2013-09-12 16:43 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-09-12 16:42 - 2012-06-18 16:41 - 00790440 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-09-12 16:41 - 2013-09-12 16:41 - 00000000 ____D C:\Program Files\Java
2013-09-12 16:41 - 2010-10-06 17:37 - 00000000 ____D C:\Users\ani\AppData\Roaming\Mozilla
2013-09-12 16:34 - 2013-09-12 16:34 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-12 16:33 - 2010-10-06 17:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-12 16:33 - 2010-01-22 16:28 - 00000000 ____D C:\Users\ani\AppData\Local\Adobe
2013-09-12 16:30 - 2013-09-12 16:30 - 00001949 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-12 16:26 - 2013-09-12 16:25 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-12 16:25 - 2009-09-15 20:38 - 00000000 ____D C:\ProgramData\Adobe
2013-09-12 16:25 - 2009-09-15 20:37 - 00000000 ____D C:\Program Files\Adobe
2013-09-12 16:03 - 2013-09-12 16:03 - 00000000 ____D C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
2013-09-12 15:58 - 2013-09-12 15:58 - 00000000 ___HD C:\TMRescueDisk
2013-09-12 15:50 - 2013-09-12 15:50 - 00000059 _____ C:\windows\system32\SupportTool.exe.bat
2013-09-12 15:48 - 2013-09-12 15:48 - 00000000 ____D C:\Program Files\Trend Micro
2013-09-12 15:42 - 2012-06-27 19:03 - 00000000 ____D C:\Program Files\Google
2013-09-12 15:36 - 2012-10-12 17:20 - 00000000 ____D C:\Users\ani\AppData\Roaming\Systweak
2013-09-12 15:32 - 2010-01-24 00:23 - 00000000 ____D C:\Program Files\BearShare Applications
2013-09-12 15:30 - 2012-06-27 19:03 - 00000000 ____D C:\Users\ani\AppData\Local\Google
2013-09-12 15:15 - 2013-09-12 15:14 - 06631816 _____ (Trend Micro Inc.) C:\Users\ani\Downloads\TTi_7.0_MR_Downloader.exe
2013-09-12 15:02 - 2013-09-12 15:02 - 00079592 _____ C:\Users\ani\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-12 14:20 - 2013-09-12 14:20 - 00334608 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-12 14:20 - 2013-09-12 14:20 - 00000000 _____ C:\windows\setuperr.log
2013-09-12 13:06 - 2010-01-24 00:23 - 00000000 ____D C:\Users\ani\AppData\Local\BearShare
2013-09-12 13:06 - 2009-09-15 20:13 - 00000000 ____D C:\windows\panther
2013-09-12 13:03 - 2011-11-20 11:43 - 00000000 ____D C:\windows\Minidump
2013-09-01 16:57 - 2010-03-16 11:53 - 76725432 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-16 18:21 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\wfp
2013-08-16 18:21 - 2009-07-14 04:37 - 00000000 ____D C:\windows\registration
2013-08-16 17:23 - 2010-01-22 16:28 - 00000000 ____D C:\Users\ani
2013-08-16 13:17 - 2013-08-16 13:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 13:16 - 2013-08-16 13:16 - 00000000 ____D C:\Users\ani\Documents\Fax

Files to move or delete:
====================
C:\ProgramData\hpeC486.dll


Some content of TEMP:
====================
C:\Users\ani\AppData\Local\Temp\nsyA0D1.tmp.exe
C:\Users\ani\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-13 00:54

==================== End Of Log ============================
         
--- --- ---


Zitat:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-09-2013 02
Ran by ani at 2013-09-13 21:06:43
Running from C:\Users\ani\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
3G Connection Manager (Version: 2.00)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04)
ASUS VIBE (Version: 1.0.166)
Asus WebStorage (Version: 2.0.31.477)
ASUSUpdate for Eee PC
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.10)
BearShare (Version: 9.0.0.98413)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
E-Cam (Version: 2.0.1.7)
Eee Docking 2.6.0 (Version: 2.6.0)
EeeSplendid (Version: 5.1.2.0004)
FontResizer (Version: 1.01.0007)
Google Chrome (Version: 29.0.1547.66)
Google Update Helper (Version: 1.3.21.153)
Hotkey Service (Version: 1.11)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 14.0.8089.726)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mobile Partner (Version: 16.001.06.03.52)
Mobile PhoneTools (Version: 3.55)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
MSVCRT (Version: 14.0.1468.721)
Ralink RT2860 Wireless LAN Card (Version: 1.2.0.1)
Realtek High Definition Audio Driver (Version: 6.0.1.5898)
Super Hybrid Engine (Version: 2.09)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
Trend Micro Titanium (Version: 7.0)
Trend Micro Titanium Internet Security (Version: 7.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)

==================== Restore Points =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {179B024B-098E-44D8-80E0-7BFE061DF324} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {6A2E9BCD-93DD-4F5A-AEC2-3729B7D67213} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-27] (Google Inc.)
Task: {6D2FFD4C-39D9-477C-A8B2-24864CF899A7} - System32\Tasks\User_Feed_Synchronization-{E05BD53F-55BE-4FD5-AB3E-AAF284007120} => C:\windows\system32\msfeedssync.exe [2012-02-20] (Microsoft Corporation)
Task: {80978274-EF24-49E6-82FA-C98D1753395C} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2013-07-23] (Trend Micro Inc.)
Task: {97230E64-397F-4971-B494-02D86A01FBA7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4007594265-3339371781-3975660076-1000
Task: {AE35E485-344D-4A17-851F-990A61509E26} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-27] (Google Inc.)
Task: {C24E52BC-FA34-49F1-9F1E-9EF4D983C6B0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) ==========


==================== Faulty Device Manager Devices =============

Could not list Devices.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2013 09:08:21 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0xd60
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3

Error: (09/13/2013 09:06:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0x3e0
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3

Error: (09/13/2013 09:04:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0x8c0
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3

Error: (09/13/2013 09:02:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0x8d4
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3

Error: (09/13/2013 09:01:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0xf68
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3

Error: (09/13/2013 09:00:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SuperHybridEngine.exe, Version: 6.1.1.2009, Zeitstempel: 0x4aa62cec
Name des fehlerhaften Moduls: SuperHybridEngine.exe, Version: 6.1.1.2009, Zeitstempel: 0x4aa62cec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011f42
ID des fehlerhaften Prozesses: 0xa84
Startzeit der fehlerhaften Anwendung: 0xSuperHybridEngine.exe0
Pfad der fehlerhaften Anwendung: SuperHybridEngine.exe1
Pfad des fehlerhaften Moduls: SuperHybridEngine.exe2
Berichtskennung: SuperHybridEngine.exe3

Error: (09/13/2013 09:00:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0xa74
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3

Error: (09/13/2013 06:29:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0x2044
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3

Error: (09/13/2013 06:28:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0x1894
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3

Error: (09/13/2013 06:27:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0x1354
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3


System errors:
=============
Error: (09/13/2013 09:09:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/13/2013 09:09:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/13/2013 09:08:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/13/2013 09:08:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/13/2013 09:07:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/13/2013 09:07:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/13/2013 09:06:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/13/2013 09:06:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/13/2013 09:05:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/13/2013 09:05:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126


Microsoft Office Sessions:
=========================
Error: (02/02/2013 07:15:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 544051 seconds with 360 seconds of active time. This session ended with a crash.

Error: (01/23/2013 01:05:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1217 seconds with 240 seconds of active time. This session ended with a crash.

Error: (01/23/2013 11:39:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 61461 seconds with 720 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 64%
Total physical RAM: 1015.24 MB
Available physical RAM: 360.95 MB
Total Pagefile: 2039.24 MB
Available Pagefile: 1228.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:73.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:122.87 GB) (Free:122.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: FA799A37)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=123 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=1B)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

==================== End Of Log ============================
Der GVU Trojaner scheint weg zu sein, alles läuft jetzt ok. Habe mit Malware bytes und ESET gescannt, keine Viren.

Das Problem was jetzt noch ist ist folgendes:

1.) Der Microsoft Sicherheitscenter (Dienst) kann nicht gestartet werden.
2.) Bei der Installation von SP1 bricht er immer ab. (Stop-Fehlercode 0x80080005 CO_E_SERVER_EXEC_FAILURE

Alt 14.09.2013, 19:51   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. - Standard

Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.



hi,

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.
adobe, bandoo, bho, bingbar, browser, defender, error, excel, farbar, farbar recovery scan tool, fehler, firefox, flash player, format, homepage, iexplore.exe, install.exe, installation, internet, logfile, object, realtek, regclean, registry, richtlinie, rundll, security, services.exe, software, svchost.exe, systweak, udp, windows



Ähnliche Themen: Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.


  1. Interpol Trojaner auf Windows 7 64 bit Rechner, Abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 29.05.2014 (8)
  2. Windows XP: GVU Sperrbildschirm, kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 27.05.2014 (17)
  3. Windows 7 / Sperrbildschirm / Abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 17.03.2014 (5)
  4. Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich!
    Log-Analyse und Auswertung - 11.01.2014 (15)
  5. BKA-Trojaner Sperrbildschirm Windows Vista (32bit) kein abgesicherter Modus
    Log-Analyse und Auswertung - 07.01.2014 (14)
  6. Windows 7 weißer Sperrbildschirm/ Abgesicherter Modus funktioniert nicht / LogFile mit OTLPE erstellt
    Log-Analyse und Auswertung - 04.11.2013 (27)
  7. Windows 7 Trojaner Interpol Blockierter Pc Abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (5)
  8. GVU Trojaner mit Sperrbildschirm, Abgesicherter Modus funktioniert
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (17)
  9. Windows XP: GVU Trojaner, abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (3)
  10. Windows 7 Weißer Bildschirm... Abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 02.08.2013 (9)
  11. GVU Trojaner Windows Vista business- Abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 22.07.2013 (5)
  12. GVU Malware, Sperrbildschirm, Abgesicherter Modus streikt
    Plagegeister aller Art und deren Bekämpfung - 03.07.2013 (9)
  13. Polizeivirus, Sperrbildschirm, kein abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (9)
  14. Trojaner blockiert Windows Vista Rechner, abgesicherter Modus geht auch nicht
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (4)
  15. GVU Trojaner blockiert Windows Vista Rechner, abgesicherter Modus geht auch nicht
    Plagegeister aller Art und deren Bekämpfung - 30.01.2013 (1)
  16. Bundespolizeit Trojaner entfernen- Abgesicherter Modus und Boot von Windows Unlocker geht nicht
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (10)
  17. Windows braucht admin pw Abgesicherter modus geht nicht
    Alles rund um Windows - 31.05.2008 (7)

Zum Thema Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. - Hallo, ich habe hier auf einem Netbook einen BKA bzw. GVU-Trojaner. Da der Abgesichertenmodus noch ging, habe ich ein paar Scans gemacht (OLT, GMER, FRST). Da war Trend Micro Internet - Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht....
Archiv
Du betrachtest: Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.