GVU Trojaner Win 7, nichts geht mehr

josch773 · 23.07.2013, 17:53

Hallo Zusammen,

bin neu hier und mit PCs nicht unbedingt bewandert. Leider habe ich mir den GVU-Trojaner eingefangen. Aus einigen Beiträgen habe ich schon gelesen, dass ich den frst laufen lassen soll, habe auch schon die txt erstellt, voilà:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013
Ran by SYSTEM on 23-07-2013 18:42:20
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-01] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-10] (Alcor Micro Corp.)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [x]
HKLM-x32\...\Run: [ASUSPRP] - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-12] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2236080 2013-06-26] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [FreePDF Assistant] - "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKU\Jürgen\...\Run: [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent [1672616 2013-07-09] (Valve Corporation)
HKU\Jürgen\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\Jürgen\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\JRGEN~1\AppData\Local\Temp\qjjvcakqkcyhjjcgg.exe [60928 2013-07-21] (Cisco Systems, Inc.) <===== ATTENTION
HKU\Jürgen\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Jürgen\...\Command Processor: "C:\Users\JRGEN~1\AppData\Local\Temp\qjjvcakqkcyhjjcgg.exe" <===== ATTENTION!
HKU\UpdatusUser\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB [1266712 2013-05-31] (AVG Secure Search)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-02-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [192616 2011-02-07] (NVIDIA Corporation)
Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Services (Whitelisted) =================

S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-17] (AVG Technologies CZ, s.r.o.)
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
S2 SpyroService; C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [48128 2011-09-09] (FS)
S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-26] (AVG Secure Search)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-28] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-07] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-07] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-26] (AVG Technologies)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-23 18:42 - 2013-07-23 18:42 - 00000000 ____D C:\FRST
2013-07-21 19:10 - 2013-07-21 19:10 - 01084715 _____ C:\Users\Jürgen\AppData\Roaming\2433f433
2013-07-21 19:10 - 2013-07-21 19:10 - 01084672 _____ C:\ProgramData\2433f433
2013-07-21 19:10 - 2013-07-21 19:10 - 01084666 _____ C:\Users\Jürgen\AppData\Local\2433f433
2013-07-21 14:55 - 2013-07-21 14:55 - 00003416 ____N C:\bootsqm.dat
2013-07-21 14:39 - 2013-07-21 14:39 - 00000000 __SHD C:\found.001
2013-07-05 11:37 - 2013-07-05 13:54 - 00000154 _____ C:\Users\Jürgen\AppData\Roaming\Rim.Transcoder.Exception.log
2013-07-05 11:19 - 2013-07-05 11:19 - 00013785 _____ C:\ads_err.adt
2013-07-05 11:19 - 2013-07-05 11:19 - 00004559 _____ C:\ads_err.adm
2013-07-05 11:19 - 2013-07-05 11:19 - 00003072 _____ C:\ads_err.adi
2013-07-05 11:18 - 2013-07-05 11:18 - 00000000 ____D C:\Users\Jürgen\Documents\BlackBerry
2013-07-05 11:17 - 2013-07-05 13:54 - 00000154 _____ C:\Users\Jürgen\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-07-05 11:17 - 2013-07-05 13:54 - 00000077 _____ C:\Users\Jürgen\AppData\Roaming\Rim.Desktop.Exception.log
2013-07-05 11:17 - 2013-07-05 11:18 - 00000000 ____D C:\Users\Jürgen\AppData\Roaming\Research In Motion
2013-07-05 11:17 - 2013-07-05 11:17 - 00000000 ____D C:\Users\Jürgen\AppData\Local\Research In Motion
2013-07-05 11:13 - 2013-07-05 11:13 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2013-07-05 11:12 - 2013-07-05 11:12 - 00002233 _____ C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2013-07-05 11:12 - 2013-07-05 11:12 - 00001847 _____ C:\Users\Jürgen\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-07-05 11:12 - 2013-07-05 11:12 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2013-07-05 11:12 - 2012-12-10 05:48 - 00044544 _____ (Research in Motion Ltd) C:\Windows\System32\Drivers\RimSerial_AMD64.sys
2013-07-05 11:11 - 2013-07-05 11:11 - 00000000 ____D C:\ProgramData\Research In Motion
2013-07-05 11:11 - 2013-07-05 11:11 - 00000000 ____D C:\Program Files (x86)\Research In Motion
2013-06-23 11:12 - 2010-05-26 01:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-23 11:11 - 2010-05-26 01:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-06-23 11:10 - 2010-05-26 01:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-06-23 11:09 - 2010-05-26 01:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-06-23 10:34 - 2013-06-23 10:49 - 326112440 _____ (Nero AG) C:\Users\Jürgen\Downloads\Nero-12.5.01900_trial (1).exe
2013-06-23 10:31 - 2013-06-23 10:40 - 326112440 _____ (Nero AG) C:\Users\Jürgen\Downloads\Nero-12.5.01900_trial.exe
2013-06-23 10:29 - 2013-06-23 10:29 - 00000000 ____D C:\Users\Jürgen\AppData\Roaming\Nero
2013-06-23 10:27 - 2013-06-23 11:56 - 00000000 ____D C:\ProgramData\Nero
2013-06-23 10:18 - 2013-06-23 10:21 - 101704840 _____ (Nero AG) C:\Users\Jürgen\Downloads\Nero_BurningROM-12.5.00900_trial.exe

==================== One Month Modified Files and Folders =======

2013-07-23 18:42 - 2013-07-23 18:42 - 00000000 ____D C:\FRST
2013-07-23 08:27 - 2011-04-12 18:33 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-23 08:26 - 2013-05-31 10:27 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-07-23 08:26 - 2012-08-24 08:45 - 00045054 _____ C:\Windows\setupact.log
2013-07-23 08:26 - 2011-04-12 18:33 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-23 08:26 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 19:10 - 2013-07-21 19:10 - 01084715 _____ C:\Users\Jürgen\AppData\Roaming\2433f433
2013-07-21 19:10 - 2013-07-21 19:10 - 01084672 _____ C:\ProgramData\2433f433
2013-07-21 19:10 - 2013-07-21 19:10 - 01084666 _____ C:\Users\Jürgen\AppData\Local\2433f433
2013-07-21 19:01 - 2012-04-01 01:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 15:09 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 15:09 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 15:01 - 2012-08-24 06:22 - 00000000 ____D C:\ProgramData\MFAData
2013-07-21 14:55 - 2013-07-21 14:55 - 00003416 ____N C:\bootsqm.dat
2013-07-21 14:39 - 2013-07-21 14:39 - 00000000 __SHD C:\found.001
2013-07-21 11:36 - 2011-08-31 03:47 - 00002556 _____ C:\Windows\System32\AutoRunFilter.ini
2013-07-21 11:25 - 2013-01-13 00:43 - 00000000 ____D C:\Users\Jürgen\AppData\Roaming\Skype
2013-07-21 08:30 - 2012-12-14 12:10 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-21 08:30 - 2011-11-03 11:42 - 00000000 ___HD C:\ASUS.DAT
2013-07-21 08:29 - 2011-11-03 11:42 - 00045056 _____ C:\Windows\System32\acovcnt.exe
2013-07-20 16:22 - 2012-04-01 01:30 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-20 16:22 - 2012-04-01 01:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-20 16:22 - 2011-11-08 10:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-20 16:21 - 2011-11-08 10:27 - 00000000 ____D C:\Users\Jürgen\AppData\Local\Adobe
2013-07-15 07:59 - 2009-07-13 21:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-14 01:37 - 2012-04-08 23:54 - 00000000 ____D C:\Users\Jürgen\AppData\Roaming\.minecraft
2013-07-13 10:54 - 2012-09-11 05:32 - 00023046 _____ C:\Windows\PFRO.log
2013-07-12 23:20 - 2011-12-18 22:51 - 00000000 ____D C:\Users\Jürgen\AppData\Roaming\Origin
2013-07-12 23:20 - 2011-12-18 22:50 - 00000000 ____D C:\ProgramData\Origin
2013-07-12 23:19 - 2011-12-18 22:51 - 00000000 ____D C:\Users\Jürgen\AppData\Local\Origin
2013-07-12 23:19 - 2011-12-18 22:49 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-12 15:22 - 2011-04-12 18:33 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 15:22 - 2011-04-12 18:33 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-08 08:07 - 2013-06-13 08:47 - 00000983 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-08 08:06 - 2012-04-19 12:28 - 00000000 ___HD C:\$AVG
2013-07-05 13:54 - 2013-07-05 11:37 - 00000154 _____ C:\Users\Jürgen\AppData\Roaming\Rim.Transcoder.Exception.log
2013-07-05 13:54 - 2013-07-05 11:17 - 00000154 _____ C:\Users\Jürgen\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-07-05 13:54 - 2013-07-05 11:17 - 00000077 _____ C:\Users\Jürgen\AppData\Roaming\Rim.Desktop.Exception.log
2013-07-05 11:49 - 2011-08-31 03:47 - 00001664 _____ C:\Windows\System32\ServiceFilter.ini
2013-07-05 11:39 - 2011-12-28 00:27 - 00013824 _____ C:\Users\Jürgen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-05 11:19 - 2013-07-05 11:19 - 00013785 _____ C:\ads_err.adt
2013-07-05 11:19 - 2013-07-05 11:19 - 00004559 _____ C:\ads_err.adm
2013-07-05 11:19 - 2013-07-05 11:19 - 00003072 _____ C:\ads_err.adi
2013-07-05 11:18 - 2013-07-05 11:18 - 00000000 ____D C:\Users\Jürgen\Documents\BlackBerry
2013-07-05 11:18 - 2013-07-05 11:17 - 00000000 ____D C:\Users\Jürgen\AppData\Roaming\Research In Motion
2013-07-05 11:17 - 2013-07-05 11:17 - 00000000 ____D C:\Users\Jürgen\AppData\Local\Research In Motion
2013-07-05 11:13 - 2013-07-05 11:13 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2013-07-05 11:12 - 2013-07-05 11:12 - 00002233 _____ C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2013-07-05 11:12 - 2013-07-05 11:12 - 00001847 _____ C:\Users\Jürgen\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-07-05 11:12 - 2013-07-05 11:12 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2013-07-05 11:11 - 2013-07-05 11:11 - 00000000 ____D C:\ProgramData\Research In Motion
2013-07-05 11:11 - 2013-07-05 11:11 - 00000000 ____D C:\Program Files (x86)\Research In Motion
2013-07-05 11:06 - 2011-02-18 20:24 - 00669360 _____ C:\Windows\System32\perfh007.dat
2013-07-05 11:06 - 2011-02-18 20:24 - 00135040 _____ C:\Windows\System32\perfc007.dat
2013-07-05 11:06 - 2009-07-13 21:13 - 01538292 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-05 11:02 - 2012-09-21 11:26 - 00016792 _____ C:\Windows\WindowsUpdate.log
2013-06-30 12:20 - 2013-01-13 00:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-30 12:20 - 2013-01-13 00:43 - 00000000 ____D C:\ProgramData\Skype
2013-06-26 12:22 - 2012-08-24 06:26 - 00045856 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-06-26 12:22 - 2012-08-24 06:26 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-06-26 12:22 - 2012-08-24 06:26 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-06-23 11:56 - 2013-06-23 10:27 - 00000000 ____D C:\ProgramData\Nero
2013-06-23 11:05 - 2011-11-03 11:41 - 00000000 ____D C:\users\Jürgen
2013-06-23 10:49 - 2013-06-23 10:34 - 326112440 _____ (Nero AG) C:\Users\Jürgen\Downloads\Nero-12.5.01900_trial (1).exe
2013-06-23 10:40 - 2013-06-23 10:31 - 326112440 _____ (Nero AG) C:\Users\Jürgen\Downloads\Nero-12.5.01900_trial.exe
2013-06-23 10:29 - 2013-06-23 10:29 - 00000000 ____D C:\Users\Jürgen\AppData\Roaming\Nero
2013-06-23 10:21 - 2013-06-23 10:18 - 101704840 _____ (Nero AG) C:\Users\Jürgen\Downloads\Nero_BurningROM-12.5.00900_trial.exe

ZeroAccess:
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000001.@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000000.@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\800000cb.@

ZeroAccess:
C:\Users\Jürgen\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}
C:\Users\J�rgen\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\@
C:\Users\J�rgen\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\L
C:\Users\J�rgen\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 8104.14 MB
Available physical RAM: 7324.42 MB
Total Pagefile: 8102.29 MB
Available Pagefile: 7325.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:6.03 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (SDATA1) (Fixed) (Total:232.87 GB) (Free:232.77 GB) NTFS (Disk=1 Partition=1)
Drive e: (DATA) (Fixed) (Total:254.45 GB) (Free:192.91 GB) NTFS (Disk=0 Partition=3)
Drive f: (SDATA2) (Fixed) (Total:232.89 GB) (Free:232.79 GB) NTFS (Disk=1 Partition=2)
Drive g: (K73SV_WIN7_64_V4.00) (CDROM) (Total:2.11 GB) (Free:0 GB) UDF
Drive h: (HITMANPRO) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=186 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=254 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: DB91D7C0)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-07-19 16:20

==================== End Of Log ============================

Wie gehe ich nun weiter vor?

Vielen Dank für Eure Hilfe! :-)

GVU Trojaner Win 7, nichts geht mehr

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner Win 7, nichts geht mehr

GVU Trojaner Win 7, nichts geht mehr

Ähnliche Themen: GVU Trojaner Win 7, nichts geht mehr