Sperrbildschirm Ich denke GVU Virus

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013
Ran by Demme at 2013-10-25 14:46:19 Run:2
Running from C:\Users\Demme\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AppInit_DLLs-x32: c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll [ ] ()
R2 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [10752 2013-06-27] (Microsoft)
C:\ProgramData\Microsoft\Windows\Time
*****************

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
Time => Service deleted successfully.

"C:\ProgramData\Microsoft\Windows\Time" directory move:

C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\c5ba51c8822b2ebb730d18f8bab93d8a.elf => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\d4ce4f36e508153bf25ab6a8dcde7f0d.elf => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\library.zip => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\msvcp90.dll => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.core.multiarray.pyd => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.core.scalarmath.pyd => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.core.umath.pyd => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.core._dotblas.pyd => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pyd => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.lib._compiled_base.pyd => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pyd => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.random.mtrand.pyd => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\phatk.cl => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\pyopencl._cl.pyd => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\python27.dll => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\select.pyd => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\timeserver.exe => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\w9xpopen.exe => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\_ctypes.pyd => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\_hashlib.pyd => Moved successfully.
C:\ProgramData\Microsoft\Windows\Time\_socket.pyd => Moved successfully.
Could not move "C:\ProgramData\Microsoft\Windows\Time" directory. => Scheduled to move on reboot.


=========== Result of Scheduled Files to move ===========

C:\ProgramData\Microsoft\Windows\Time => Moved successfully.

==== End of Fixlog ====
         

 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.25.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Demme :: DEMME-PC [Administrator]

Schutz: Deaktiviert

25.10.2013 14:54:18
mbam-log-2013-10-25 (14-54-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 260270
Laufzeit: 4 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Demme\Downloads\movie1080p.mkv (1).zip (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Demme\Downloads\movie1080p.mkv (2).zip (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Demme\Downloads\movie1080p.mkv.zip (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0386f5c15a2b2644af9d02fdae8a495c
# engine=15634
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-25 05:23:45
# local_time=2013-10-25 07:23:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 1636437 145318410 0 0
# compatibility_mode=5893 16776574 66 85 9174088 134351675 0 0
# scanned=219232
# found=2
# cleaned=0
# scan_time=6315
sh=AA8D7C078F062CE8C6721446626E6F30838159CB ft=1 fh=3658881314ed89e4 vn="a variant of Win32/Kryptik.BNKV trojan" ac=I fn="C:\FRST\Quarantine\cache.dat"
sh=90A924FE887B5A9049D3CC9C7DA2083D71B966B6 ft=1 fh=a9159edf5903bf79 vn="a variant of MSIL/CoinMiner.CE trojan" ac=I fn="C:\FRST\Quarantine\WindowsTime.exe"