GVU Trojaner löschen ohne abgesicherten Modus

jakki666 · 11.08.2014, 17:47

bitte um dringende Hilfe GUV Trojaner abgesicherter modus funktioniert nicht

LOG:FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by SYSTEM on MININT-VGG3PI5 on 11-08-2014 18:35:42
Running from I:\
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Internet Speed Tracker Home Page Guard 64 bit] => C:\Program Files (x86)\InternetSpeedTracker_9t\bar\1.bin\AppIntegrator64.exe [485960 2014-07-02] ( )
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2011-09-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [155648 2013-08-07] (Apple Computer, Inc.)
HKLM-x32\...\Run: [InboxToolbar] => C:\Program Files (x86)\Inbox Toolbar\Inbox.exe [1380312 2013-12-01] (Inbox.com, Inc.)
HKLM-x32\...\Run: [24x7HELP] => C:\Program Files (x86)\24x7Help\App24x7Help.exe [1887824 2013-11-05] (Crawler, LLC)
HKLM-x32\...\Run: [PCPowerSpeed] => C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe [384608 2013-10-31] (Crawler.com)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [1772608 2014-04-24] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: [Internet Speed Tracker EPM Support] => C:\Program Files (x86)\InternetSpeedTracker_9t\bar\1.bin\9tmedint.exe [12872 2014-07-02] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [Internet Speed Tracker Search Scope Monitor] => C:\Program Files (x86)\InternetSpeedTracker_9t\bar\1.bin\9tSrchMn.exe [55368 2014-07-02] (Mindspark)
HKLM-x32\...\Run: [InternetSpeedTracker_9t Browser Plugin Loader] => C:\Program Files (x86)\InternetSpeedTracker_9t\bar\1.bin\9tbrmon.exe [61512 2014-07-02] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [InternetSpeedTracker_9t Browser Plugin Loader 64] => C:\Program Files (x86)\InternetSpeedTracker_9t\bar\1.bin\9tbrmon64.exe [71752 2014-07-02] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\runonceex: [] => [X]
HKU\Default\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Hannerl1971\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-12] (Google Inc.)
HKU\Hannerl1971\...\Run: [HW_OPENEYE_OUC_] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Hannerl1971\...\Run: [RebateInformer] => C:\Program Files (x86)\RebateInformer\RebateInf.exe [2493312 2014-05-22] (Valion Group)
HKU\Hannerl1971\...\Run: [1Xfimpxz] => C:\ProgramData\1Xfimpxz.exe Ä = < < ¬ p-=
HKU\Hannerl1971\...\Run: [AppGraffiti] => C:\Program Files (x86)\AppGraffiti\AppGraffiti.exe [1220544 2014-07-08] (Omega Partners Ltd)
HKU\UpdatusUser\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
Startup: C:\Users\Hannerl1971\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\C03A1C.cpp ()

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [342608 2013-03-17] (PCRx.com, LLC)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-09] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-09] (BonanzaDeals)
S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-04-03] (WildTangent, Inc.)
S2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 InternetSpeedTracker_9tService; C:\Program Files (x86)\InternetSpeedTracker_9t\bar\1.bin\9tbarsvc.exe [88648 2014-07-02] (COMPANYVERS_NAME)
S2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
S2 Winmgmt; C:\ProgramData\C1A30C.dot [330980 2014-08-05] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-03] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130918.001\IDSvia64.sys [520280 2013-08-13] (Symantec Corporation)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2012-05-08] (ITE )
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130918.001\ENG64.SYS [126040 2013-08-31] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130918.001\EX64.SYS [2099288 2013-08-31] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-10-16] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 18:35 - 2014-08-11 18:35 - 00000000 ____D () C:\FRST
2014-08-11 08:29 - 2014-08-11 08:29 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-1040-F.txt
2014-08-11 08:21 - 2014-08-11 08:26 - 00002548 _____ () C:\ProgramData\RUNDLL32.EXE-1000-F.txt
2014-08-11 08:18 - 2014-08-11 08:18 - 00000434 _____ () C:\ProgramData\RUNDLL32.EXE-3444-F.txt
2014-08-11 08:06 - 2014-08-11 08:12 - 00002461 _____ () C:\ProgramData\RUNDLL32.EXE-4120-F.txt
2014-08-11 08:04 - 2014-08-11 08:04 - 00003344 ____N () C:\bootsqm.dat
2014-08-11 07:54 - 2014-08-11 07:55 - 00000491 _____ () C:\ProgramData\RUNDLL32.EXE-4500-F.txt
2014-08-09 23:34 - 2014-08-09 23:34 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3860-F.txt
2014-08-06 00:38 - 2014-08-06 00:48 - 00001365 _____ () C:\ProgramData\RUNDLL32.EXE-1008-F.txt
2014-08-06 00:15 - 2014-08-06 00:16 - 00001138 _____ () C:\ProgramData\RUNDLL32.EXE-3092-F.txt
2014-08-06 00:14 - 2014-08-06 00:14 - 00000379 _____ () C:\ProgramData\RUNDLL32.EXE-4084-F.txt
2014-08-06 00:13 - 2014-08-06 00:14 - 00000758 _____ () C:\ProgramData\RUNDLL32.EXE-3600-F.txt
2014-08-06 00:09 - 2014-08-06 00:09 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-4024-F.txt
2014-08-05 23:59 - 2014-08-05 23:59 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4656-F.txt
2014-08-05 23:58 - 2014-08-05 23:58 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-1672-F.txt
2014-08-05 23:53 - 2014-08-05 23:56 - 00000391 _____ () C:\ProgramData\RUNDLL32.EXE-3620-F.txt
2014-08-05 23:51 - 2014-08-05 23:51 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-3112-F.txt
2014-08-05 23:48 - 2014-08-05 23:49 - 00000168 _____ () C:\ProgramData\RUNDLL32.EXE-4044-F.txt
2014-08-05 23:48 - 2014-08-05 23:48 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-1260-F.txt
2014-08-05 23:45 - 2014-08-05 23:45 - 00000380 _____ () C:\ProgramData\RUNDLL32.EXE-3516-F.txt
2014-08-05 23:43 - 2014-08-05 23:43 - 00000054 _____ () C:\ProgramData\RUNDLL32.EXE-3088-F.txt
2014-08-05 23:42 - 2014-08-05 23:42 - 00000000 _____ () C:\Users\Hannerl1971\AppData\Local\{BA081CFC-302E-4D32-8C4B-58BAE51156D0}
2014-08-05 23:40 - 2014-08-05 23:41 - 00000438 _____ () C:\ProgramData\RUNDLL32.EXE-3996-F.txt
2014-08-05 23:27 - 2014-08-05 23:37 - 00004949 _____ () C:\ProgramData\RUNDLL32.EXE-4236-F.txt
2014-08-05 23:25 - 2014-08-05 23:25 - 00000000 ____H () C:\Users\Hannerl1971\AppData\Local\BITC42C.tmp
2014-08-05 23:25 - 2014-08-05 23:25 - 00000000 _____ () C:\Users\Hannerl1971\AppData\Local\{719DB11B-54CE-42FA-BAB7-CD29B0E5CA36}
2014-08-05 23:23 - 2014-08-05 23:25 - 00001366 _____ () C:\ProgramData\RUNDLL32.EXE-4252-F.txt
2014-08-05 23:16 - 2014-08-05 23:19 - 00000456 _____ () C:\ProgramData\RUNDLL32.EXE-4304-F.txt
2014-08-05 23:12 - 2014-08-05 23:13 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-4388-F.txt
2014-08-05 23:05 - 2014-08-05 23:08 - 00001991 _____ () C:\ProgramData\RUNDLL32.EXE-4536-F.txt
2014-08-05 22:59 - 2014-08-05 22:59 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-4556-F.txt
2014-08-05 09:41 - 2014-08-05 21:32 - 00020288 _____ () C:\ProgramData\RUNDLL32.EXE-3224-F.txt
2014-08-05 09:31 - 2014-08-05 09:31 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-5928-F.txt
2014-08-05 09:24 - 2014-08-05 09:26 - 00001629 _____ () C:\ProgramData\RUNDLL32.EXE-1712-F.txt
2014-08-05 09:18 - 2014-08-05 09:18 - 00000433 _____ () C:\ProgramData\RUNDLL32.EXE-4632-F.txt
2014-08-05 06:47 - 2014-08-05 06:47 - 00000000 _____ () C:\Users\Hannerl1971\AppData\Local\{ED399E0B-E4C0-432A-BD5C-7EF2038D2A0B}
2014-08-05 06:43 - 2014-08-05 06:44 - 00802370 _____ () C:\ProgramData\RUNDLL32.EXE-9808-F.txt
2014-08-05 06:42 - 2014-08-05 06:42 - 00330980 ____T (Microsoft Corporation) C:\ProgramData\C1A30C.dot
2014-08-05 06:40 - 2014-08-05 06:40 - 00131999 _____ () C:\ProgramData\C03A1C.cpp
2014-07-31 00:20 - 2014-07-31 00:20 - 00000000 ____D () C:\Users\Hannerl1971\restore
2014-07-31 00:17 - 2014-07-31 00:17 - 00001183 _____ () C:\Users\Public\Desktop\Hartlauer Fotoviewer.lnk
2014-07-31 00:17 - 2014-07-31 00:17 - 00001183 _____ () C:\Users\Public\Desktop\Hartlauer Foto World.lnk
2014-07-31 00:13 - 2014-07-31 00:13 - 00000000 ____D () C:\Program Files\Hartlauer Foto World
2014-07-30 23:50 - 2014-07-31 08:56 - 00000000 ____D () C:\ProgramData\tmp
2014-07-30 23:50 - 2014-07-30 23:53 - 00000000 ____D () C:\ProgramData\hps
2014-07-30 23:50 - 2014-07-30 23:50 - 00000000 ____D () C:\Users\Hannerl1971\AppData\Roaming\hps-install
2014-07-30 23:48 - 2014-07-31 00:16 - 00000000 ____D () C:\Program Files (x86)\Hartlauer Foto World

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 18:35 - 2014-08-11 18:35 - 00000000 ____D () C:\FRST
2014-08-11 08:30 - 2013-10-16 00:22 - 00327680 _____ () C:\Windows\System32\Ikeext.etl
2014-08-11 08:29 - 2014-08-11 08:29 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-1040-F.txt
2014-08-11 08:29 - 2013-11-09 22:16 - 00000414 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2014-08-11 08:29 - 2013-11-09 22:12 - 00000932 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2014-08-11 08:29 - 2013-08-07 07:33 - 00069632 ____R () C:\Users\Public\Documents\ESBK.mb
2014-08-11 08:29 - 2013-08-07 07:33 - 00068608 ____R () C:\Users\Public\Documents\ESBK.mbb
2014-08-11 08:29 - 2012-12-03 10:00 - 00000296 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-08-11 08:29 - 2012-12-02 03:02 - 00000000 ____D () C:\Program Files (x86)\PC Tools Registry Mechanic
2014-08-11 08:29 - 2011-11-12 08:59 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-11 08:29 - 2011-01-04 09:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-11 08:29 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-11 08:29 - 2009-07-13 20:51 - 00143947 _____ () C:\Windows\setupact.log
2014-08-11 08:27 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-11 08:27 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-11 08:26 - 2014-08-11 08:21 - 00002548 _____ () C:\ProgramData\RUNDLL32.EXE-1000-F.txt
2014-08-11 08:26 - 2013-03-08 06:10 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{205C5650-EFFE-4763-A3D1-AFF999EB23A3}
2014-08-11 08:18 - 2014-08-11 08:18 - 00000434 _____ () C:\ProgramData\RUNDLL32.EXE-3444-F.txt
2014-08-11 08:12 - 2014-08-11 08:06 - 00002461 _____ () C:\ProgramData\RUNDLL32.EXE-4120-F.txt
2014-08-11 08:12 - 2011-01-04 09:53 - 01698515 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 08:11 - 2013-11-09 22:10 - 00000310 _____ () C:\Windows\Tasks\MetaCrawler.job
2014-08-11 08:07 - 2012-05-06 10:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-11 08:07 - 2011-11-12 08:59 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-11 08:04 - 2014-08-11 08:04 - 00003344 ____N () C:\bootsqm.dat
2014-08-11 07:55 - 2014-08-11 07:54 - 00000491 _____ () C:\ProgramData\RUNDLL32.EXE-4500-F.txt
2014-08-11 07:55 - 2013-10-26 10:30 - 00000000 ____D () C:\Program Files (x86)\RebateInformer
2014-08-11 07:54 - 2012-12-02 03:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-09 23:34 - 2014-08-09 23:34 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3860-F.txt
2014-08-09 23:33 - 2009-07-13 21:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-06 00:48 - 2014-08-06 00:38 - 00001365 _____ () C:\ProgramData\RUNDLL32.EXE-1008-F.txt
2014-08-06 00:16 - 2014-08-06 00:15 - 00001138 _____ () C:\ProgramData\RUNDLL32.EXE-3092-F.txt
2014-08-06 00:14 - 2014-08-06 00:14 - 00000379 _____ () C:\ProgramData\RUNDLL32.EXE-4084-F.txt
2014-08-06 00:14 - 2014-08-06 00:13 - 00000758 _____ () C:\ProgramData\RUNDLL32.EXE-3600-F.txt
2014-08-06 00:09 - 2014-08-06 00:09 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-4024-F.txt
2014-08-05 23:59 - 2014-08-05 23:59 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4656-F.txt
2014-08-05 23:58 - 2014-08-05 23:58 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-1672-F.txt
2014-08-05 23:56 - 2014-08-05 23:53 - 00000391 _____ () C:\ProgramData\RUNDLL32.EXE-3620-F.txt
2014-08-05 23:51 - 2014-08-05 23:51 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-3112-F.txt
2014-08-05 23:49 - 2014-08-05 23:48 - 00000168 _____ () C:\ProgramData\RUNDLL32.EXE-4044-F.txt
2014-08-05 23:48 - 2014-08-05 23:48 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-1260-F.txt
2014-08-05 23:45 - 2014-08-05 23:45 - 00000380 _____ () C:\ProgramData\RUNDLL32.EXE-3516-F.txt
2014-08-05 23:43 - 2014-08-05 23:43 - 00000054 _____ () C:\ProgramData\RUNDLL32.EXE-3088-F.txt
2014-08-05 23:42 - 2014-08-05 23:42 - 00000000 _____ () C:\Users\Hannerl1971\AppData\Local\{BA081CFC-302E-4D32-8C4B-58BAE51156D0}
2014-08-05 23:41 - 2014-08-05 23:40 - 00000438 _____ () C:\ProgramData\RUNDLL32.EXE-3996-F.txt
2014-08-05 23:37 - 2014-08-05 23:27 - 00004949 _____ () C:\ProgramData\RUNDLL32.EXE-4236-F.txt
2014-08-05 23:36 - 2011-08-15 00:18 - 00000000 ____D () C:\Users\Hannerl1971\AppData\Local\CrashDumps
2014-08-05 23:25 - 2014-08-05 23:25 - 00000000 ____H () C:\Users\Hannerl1971\AppData\Local\BITC42C.tmp
2014-08-05 23:25 - 2014-08-05 23:25 - 00000000 _____ () C:\Users\Hannerl1971\AppData\Local\{719DB11B-54CE-42FA-BAB7-CD29B0E5CA36}
2014-08-05 23:25 - 2014-08-05 23:23 - 00001366 _____ () C:\ProgramData\RUNDLL32.EXE-4252-F.txt
2014-08-05 23:19 - 2014-08-05 23:16 - 00000456 _____ () C:\ProgramData\RUNDLL32.EXE-4304-F.txt
2014-08-05 23:17 - 2013-11-09 22:12 - 00000936 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2014-08-05 23:13 - 2014-08-05 23:12 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-4388-F.txt
2014-08-05 23:08 - 2014-08-05 23:05 - 00001991 _____ () C:\ProgramData\RUNDLL32.EXE-4536-F.txt
2014-08-05 22:59 - 2014-08-05 22:59 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-4556-F.txt
2014-08-05 21:32 - 2014-08-05 09:41 - 00020288 _____ () C:\ProgramData\RUNDLL32.EXE-3224-F.txt
2014-08-05 21:18 - 2013-11-09 22:16 - 00000000 ____D () C:\Program Files (x86)\File Type Assistant
2014-08-05 21:15 - 2013-10-26 10:30 - 00000000 ____D () C:\Users\Hannerl1971\AppData\Roaming\PCPowerSpeed
2014-08-05 09:41 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
2014-08-05 09:31 - 2014-08-05 09:31 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-5928-F.txt
2014-08-05 09:28 - 2012-12-02 03:02 - 00000296 _____ () C:\Windows\Tasks\RMSchedule.job
2014-08-05 09:26 - 2014-08-05 09:24 - 00001629 _____ () C:\ProgramData\RUNDLL32.EXE-1712-F.txt
2014-08-05 09:26 - 2012-12-03 10:00 - 00000284 _____ () C:\Windows\SysWOW64\AppLog.log
2014-08-05 09:18 - 2014-08-05 09:18 - 00000433 _____ () C:\ProgramData\RUNDLL32.EXE-4632-F.txt
2014-08-05 06:47 - 2014-08-05 06:47 - 00000000 _____ () C:\Users\Hannerl1971\AppData\Local\{ED399E0B-E4C0-432A-BD5C-7EF2038D2A0B}
2014-08-05 06:44 - 2014-08-05 06:43 - 00802370 _____ () C:\ProgramData\RUNDLL32.EXE-9808-F.txt
2014-08-05 06:42 - 2014-08-05 06:42 - 00330980 ____T (Microsoft Corporation) C:\ProgramData\C1A30C.dot
2014-08-05 06:40 - 2014-08-05 06:40 - 00131999 _____ () C:\ProgramData\C03A1C.cpp
2014-07-31 08:56 - 2014-07-30 23:50 - 00000000 ____D () C:\ProgramData\tmp
2014-07-31 00:20 - 2014-07-31 00:20 - 00000000 ____D () C:\Users\Hannerl1971\restore
2014-07-31 00:20 - 2011-08-13 08:55 - 00000000 ____D () C:\users\Hannerl1971
2014-07-31 00:17 - 2014-07-31 00:17 - 00001183 _____ () C:\Users\Public\Desktop\Hartlauer Fotoviewer.lnk
2014-07-31 00:17 - 2014-07-31 00:17 - 00001183 _____ () C:\Users\Public\Desktop\Hartlauer Foto World.lnk
2014-07-31 00:16 - 2014-07-30 23:48 - 00000000 ____D () C:\Program Files (x86)\Hartlauer Foto World
2014-07-31 00:13 - 2014-07-31 00:13 - 00000000 ____D () C:\Program Files\Hartlauer Foto World
2014-07-31 00:03 - 2014-07-02 08:19 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-07-30 23:53 - 2014-07-30 23:50 - 00000000 ____D () C:\ProgramData\hps
2014-07-30 23:51 - 2012-02-06 22:07 - 00005844 _____ () C:\Windows\wininit.ini
2014-07-30 23:50 - 2014-07-30 23:50 - 00000000 ____D () C:\Users\Hannerl1971\AppData\Roaming\hps-install
2014-07-24 07:59 - 2013-03-14 10:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 07:59 - 2013-03-14 10:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-22 23:51 - 2013-10-26 10:30 - 00000000 ____D () C:\Program Files (x86)\AppGraffiti
2014-07-19 20:11 - 2013-12-29 22:10 - 00000201 _____ () C:\Users\Hannerl1971\AppData\Roaming\WB.CFG

Files to move or delete:
====================
C:\ProgramData\236Uhnoz.exe
C:\ProgramData\3TVghlvz.exe

Some content of TEMP:
====================
C:\Users\Hannerl1971\AppData\Local\Temp\2890.dll
C:\Users\Hannerl1971\AppData\Local\Temp\AdobeUpdateSetup.exe
C:\Users\Hannerl1971\AppData\Local\Temp\FileSystemView.dll
C:\Users\Hannerl1971\AppData\Local\Temp\FreeFileViewerSetup.exe
C:\Users\Hannerl1971\AppData\Local\Temp\gmx_mediacenter_setup_bundled.exe
C:\Users\Hannerl1971\AppData\Local\Temp\GMX_Toolbar_IE_Setup.exe
C:\Users\Hannerl1971\AppData\Local\Temp\Sqlite3.dll
C:\Users\Hannerl1971\AppData\Local\Temp\{27F7265F-143C-41C0-AD82-4A24F102F451}-30.0.1599.69_chrome_installer.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2014-06-17 10:21:03
Restore point made on: 2014-06-22 07:45:27
Restore point made on: 2014-06-24 07:09:18
Restore point made on: 2014-06-24 07:11:15
Restore point made on: 2014-06-24 07:17:09
Restore point made on: 2014-06-24 07:42:32
Restore point made on: 2014-06-24 10:20:11
Restore point made on: 2014-07-02 08:18:52
Restore point made on: 2014-07-03 05:41:08
Restore point made on: 2014-07-09 22:11:50
Restore point made on: 2014-07-24 04:04:58
Restore point made on: 2014-07-31 08:14:58

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4078.56 MB
Available physical RAM: 3345.67 MB
Total Pagefile: 4076.71 MB
Available Pagefile: 3329.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:457.21 GB) (Free:373.58 GB) NTFS
Drive e: (DATA) (Fixed) (Total:457.21 GB) (Free:457.1 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:17 GB) (Free:4.63 GB) NTFS
Drive i: (Sony_16GM) (Removable) (Total:14.55 GB) (Free:0.78 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 80E558F9)
Partition 1: (Not Active) - (Size=17 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=457 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

LastRegBack: 2014-07-08 10:09

==================== End Of Log ============================

besten dank im voraus

Warlord711 · 11.08.2014, 18:31

Hallo jakki666

Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: C:\Users\Hannerl1971\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\C03A1C.cpp ()
S2 Winmgmt; C:\ProgramData\C1A30C.dot [330980 2014-08-05] (Microsoft Corporation
HKU\Hannerl1971\...\Run: [1Xfimpxz] => C:\ProgramData\1Xfimpxz.exe Ä = < <  ¬ p-=
C:\ProgramData\1Xfimpxz.exe
C:\ProgramData\C1A30C.dot
C:\ProgramData\C03A1C.cpp

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Danach den Rechner normal starten.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

GVU Trojaner löschen ohne abgesicherten Modus

Log-Analyse und Auswertung: GVU Trojaner löschen ohne abgesicherten Modus

GVU Trojaner löschen ohne abgesicherten Modus

GVU Trojaner löschen ohne abgesicherten Modus

Ähnliche Themen: GVU Trojaner löschen ohne abgesicherten Modus