GZV Trojaner - abgesichter Modus startet nicht - Schritt 1 bis 4 erledigt

AlexiusD · 03.09.2013, 12:25

Hallo zusammen,

ich hab den Trojaner "Gesellschaft zur..." auf dem Laptop meiner Mutter(bei mir war/ist er auch drauf,aber da hab ich das mit Norton in den Griff bekommen).

Problem bei dem Rechner meiner Mutter ist,dass ich den abgesicherten Modus nicht starten kann(fährt immer nur hoch und direkt wieder runter).

Habe nun bisschen hier nachgelesen und bin auf eine Anleitung mit frst.exe gekommen.Habe die ersten 4 Schritte schon durchgeführt und ich werde im ersten Post das log reinkopieren.Wäre für (schnelle) Hilfe echt dankbar.(Habe kaum Ahnung von der Materie)

Windows 7 , 64Bit

hoffe es fehlen keine Infos(?!)

LG Alex

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 01
Ran by SYSTEM on MININT-D9JKF0Q on 03-09-2013 13:10:54
Running from I:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1486392 2011-04-05] (McAfee, Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-21] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-03-28] (Avira GmbH)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()
HKU\Margret Dresen\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-13] (Google Inc.)
HKU\Margret Dresen\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\MARGRE~1\AppData\Local\Temp\blrwtejtdkunanypp.exe [80896 2013-09-03] (Valve Corporation) <===== ATTENTION
HKU\Margret Dresen\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Margret Dresen\...\Command Processor: "C:\Users\MARGRE~1\AppData\Local\Temp\blrwtejtdkunanypp.exe" <===== ATTENTION!
Startup: C:\Users\Margret Dresen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-03-28] (Avira GmbH)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-10] (Avira GmbH)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [509416 2010-10-07] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [200056 2011-04-14] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [245352 2011-04-14] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [149032 2011-04-14] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-10] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-10] (Avira GmbH)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-03 01:50 - 2013-09-03 01:50 - 01084737 _____ C:\Users\Margret Dresen\AppData\Local\2433f433
2013-09-03 01:50 - 2013-09-03 01:50 - 01084736 _____ C:\Users\Margret Dresen\AppData\Roaming\2433f433
2013-09-03 01:50 - 2013-09-03 01:50 - 01084717 _____ C:\ProgramData\2433f433
2013-08-26 08:26 - 2013-08-26 08:26 - 00001035 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-08-26 08:26 - 2013-08-26 08:26 - 00000000 ____D C:\Users\Margret Dresen\AppData\Roaming\pdfforge
2013-08-26 08:26 - 2013-08-26 08:26 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-08-26 08:26 - 2013-04-09 05:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\System32\pdfcmon.dll
2013-08-26 08:26 - 2013-01-09 05:52 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2013-08-26 08:26 - 2012-05-05 01:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2013-08-26 08:26 - 2012-05-05 01:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-08-26 08:26 - 2012-05-05 01:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-08-26 08:26 - 1998-07-06 08:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-08-26 08:26 - 1998-07-06 08:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-08-26 08:26 - 1998-07-06 08:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-08-26 08:22 - 2013-08-26 08:24 - 17810632 _____ (pdfforge GmbH) C:\Users\Margret Dresen\Downloads\PDFCreator-1_7_1_setup.exe
2013-08-18 09:30 - 2013-08-18 09:30 - 00000040 _____ C:\Windows\System32\ꮰµ
2013-08-18 07:02 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-18 07:02 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-18 07:02 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-18 07:02 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-18 07:02 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-18 07:02 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-18 07:02 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-18 07:02 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-18 07:02 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-18 07:02 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-18 07:02 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-18 07:02 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-18 05:59 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-18 05:59 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-18 05:59 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-18 05:59 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-18 05:59 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-18 05:59 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-18 05:59 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-18 05:59 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-18 05:59 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-18 05:59 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-18 05:58 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-16 09:47 - 2013-08-16 09:47 - 00000000 ____D C:\Users\Margret Dresen\AppData\Roaming\Avira
2013-08-16 09:41 - 2013-08-16 09:41 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-14 11:16 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 11:16 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 11:16 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 11:14 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 11:13 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-14 11:10 - 2013-08-14 11:10 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-14 06:38 - 2013-08-18 07:00 - 00000000 ____D C:\Windows\System32\MRT

==================== One Month Modified Files and Folders =======

2013-09-03 03:00 - 2009-07-13 20:51 - 00118917 _____ C:\Windows\setupact.log
2013-09-03 02:59 - 2011-04-28 13:06 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-03 02:59 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 02:49 - 2010-09-21 19:07 - 01516866 _____ C:\Windows\WindowsUpdate.log
2013-09-03 02:49 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-03 02:49 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-03 02:39 - 2013-04-05 06:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-03 01:50 - 2013-09-03 01:50 - 01084737 _____ C:\Users\Margret Dresen\AppData\Local\2433f433
2013-09-03 01:50 - 2013-09-03 01:50 - 01084736 _____ C:\Users\Margret Dresen\AppData\Roaming\2433f433
2013-09-03 01:50 - 2013-09-03 01:50 - 01084717 _____ C:\ProgramData\2433f433
2013-09-03 01:37 - 2011-04-28 13:06 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-03 00:40 - 2013-01-20 09:28 - 00000000 ___RD C:\Users\Margret Dresen\Dropbox
2013-09-03 00:40 - 2013-01-20 09:25 - 00000000 ____D C:\Users\Margret Dresen\AppData\Roaming\Dropbox
2013-08-26 08:26 - 2013-08-26 08:26 - 00001035 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-08-26 08:26 - 2013-08-26 08:26 - 00000000 ____D C:\Users\Margret Dresen\AppData\Roaming\pdfforge
2013-08-26 08:26 - 2013-08-26 08:26 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-08-26 08:24 - 2013-08-26 08:22 - 17810632 _____ (pdfforge GmbH) C:\Users\Margret Dresen\Downloads\PDFCreator-1_7_1_setup.exe
2013-08-26 02:40 - 2013-01-23 08:55 - 00002018 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-08-21 09:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 13:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-18 13:44 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-18 13:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-08-18 13:42 - 2011-05-01 13:00 - 00000000 ____D C:\ProgramData\Avira
2013-08-18 13:42 - 2011-05-01 13:00 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-18 09:30 - 2013-08-18 09:30 - 00000040 _____ C:\Windows\System32\ꮰµ
2013-08-18 07:02 - 2013-08-14 06:38 - 00000000 ____D C:\Windows\System32\MRT
2013-08-18 07:00 - 2013-04-12 11:55 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-18 03:59 - 2011-04-28 12:50 - 00000000 ____D C:\users\Margret Dresen
2013-08-16 09:47 - 2013-08-16 09:47 - 00000000 ____D C:\Users\Margret Dresen\AppData\Roaming\Avira
2013-08-16 09:41 - 2013-08-16 09:41 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-14 20:44 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-14 20:42 - 2010-07-13 03:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-14 11:10 - 2013-08-14 11:10 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk

Files to move or delete:
====================
C:\Users\MARGRE~1\AppData\Local\Temp\blrwtejtdkunanypp.exe
C:\Users\Margret Dresen\AppData\Local\Temp\APNStub.exe
C:\Users\Margret Dresen\AppData\Local\Temp\AskSLib.dll
C:\Users\Margret Dresen\AppData\Local\Temp\blrwtejtdkunanypp.exe
C:\Users\Margret Dresen\AppData\Local\Temp\install_reader10_de_mssa_aih(1).exe
C:\Users\Margret Dresen\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Margret Dresen\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Margret Dresen\AppData\Local\Temp\nswF2C8.tmp\DropboxNSISTools.dll
C:\Users\Margret Dresen\AppData\Local\Temp\nssD318.tmp\DropboxNSISTools.dll
C:\Users\Margret Dresen\AppData\Local\Temp\nssD318.tmp\UAC.dll
C:\Users\Margret Dresen\AppData\Local\Temp\nsf95F9.tmp\DropboxNSISTools.dll
C:\Users\Margret Dresen\AppData\Local\Temp\D99C.dir\InstallFlashPlayer.exe
C:\Users\Margret Dresen\AppData\Local\Temp\D365.dir\InstallFlashPlayer.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\GoogleEarth.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\icudt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGCore.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGMath.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemyext.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthps.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\icudt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGCore.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGMath.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGOpt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGUtils.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtCore4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtGui4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-14 11:33:47
Restore point made on: 2013-07-29 10:51:31
Restore point made on: 2013-08-14 06:37:57
Restore point made on: 2013-08-14 12:06:47
Restore point made on: 2013-08-18 07:00:07
Restore point made on: 2013-08-25 15:09:37

==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 3958.71 MB
Available physical RAM: 3235.74 MB
Total Pagefile: 3956.86 MB
Available Pagefile: 3232.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:197.26 GB) (Free:146.61 GB) NTFS
Drive d: (Eigene Dateien) (Fixed) (Total:341.8 GB) (Free:339.9 GB) NTFS
Drive e: (Volume) (Fixed) (Total:146.48 GB) (Free:146.39 GB) NTFS
Drive g: (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.42 GB) NTFS
Drive h: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive i: () (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: F1420C4E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=197 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=488 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 125 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=124 MB) - (Type=06)


LastRegBack: 2013-08-25 15:01

==================== End Of Log ============================

--- --- ---

schrauber · 03.09.2013, 12:27

hi,

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Margret Dresen\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\MARGRE~1\AppData\Local\Temp\blrwtejtdkunanypp.exe [80896 2013-09-03] (Valve Corporation) <===== ATTENTION
HKU\Margret Dresen\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Margret Dresen\...\Command Processor: "C:\Users\MARGRE~1\AppData\Local\Temp\blrwtejtdkunanypp.exe" <===== ATTENTION!
2013-09-03 01:50 - 2013-09-03 01:50 - 01084737 _____ C:\Users\Margret Dresen\AppData\Local\2433f433
2013-09-03 01:50 - 2013-09-03 01:50 - 01084736 _____ C:\Users\Margret Dresen\AppData\Roaming\2433f433
2013-09-03 01:50 - 2013-09-03 01:50 - 01084717 _____ C:\ProgramData\2433f433
C:\Users\MARGRE~1\AppData\Local\Temp\blrwtejtdkunanypp.exe
C:\Users\Margret Dresen\AppData\Local\Temp\APNStub.exe
C:\Users\Margret Dresen\AppData\Local\Temp\AskSLib.dll
C:\Users\Margret Dresen\AppData\Local\Temp\blrwtejtdkunanypp.exe
C:\Users\Margret Dresen\AppData\Local\Temp\install_reader10_de_mssa_aih(1).exe
C:\Users\Margret Dresen\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Margret Dresen\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Margret Dresen\AppData\Local\Temp\nswF2C8.tmp\DropboxNSISTools.dll
C:\Users\Margret Dresen\AppData\Local\Temp\nssD318.tmp\DropboxNSISTools.dll
C:\Users\Margret Dresen\AppData\Local\Temp\nssD318.tmp\UAC.dll
C:\Users\Margret Dresen\AppData\Local\Temp\nsf95F9.tmp\DropboxNSISTools.dll
C:\Users\Margret Dresen\AppData\Local\Temp\D99C.dir\InstallFlashPlayer.exe
C:\Users\Margret Dresen\AppData\Local\Temp\D365.dir\InstallFlashPlayer.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\GoogleEarth.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\icudt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGCore.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGMath.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemyext.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthps.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\icudt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGCore.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGMath.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGOpt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGUtils.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtCore4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtGui4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Rechner normal starten

AlexiusD · 03.09.2013, 12:32

danke für die schnelle antwort.habe nun den rechner neu gestartet und versucht die windows taste + R zu drücken,aber es passiert nichts.da ist halt das bild des trojaners.

oder wo soll ich windowstaste+R drücken?

wäre nett,wenn du die anweisung nochmal so geben kannst,dass ich die ausführen kann,wenn der rechner zu beginn ausgeschaltet ist.

edit:ich glaubs ich habs jetzt verstanden.den text kopiere ich von diesem rechner auf den usb stick und starte den infizierten rechner damit dann neu...moment,das mach ich jetzt mal

schrauber · 03.09.2013, 12:41

genau das

AlexiusD · 03.09.2013, 12:42

so,den schritt hab ich jetzt durchgeführt.hier das ergebnis

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2013 01
Ran by SYSTEM at 2013-09-03 13:41:06 Run:1
Running from I:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Margret Dresen\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\MARGRE~1\AppData\Local\Temp\blrwtejtdkunanypp.exe [80896 2013-09-03] (Valve Corporation) <===== ATTENTION
HKU\Margret Dresen\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Margret Dresen\...\Command Processor: "C:\Users\MARGRE~1\AppData\Local\Temp\blrwtejtdkunanypp.exe" <===== ATTENTION!
2013-09-03 01:50 - 2013-09-03 01:50 - 01084737 _____ C:\Users\Margret Dresen\AppData\Local\2433f433
2013-09-03 01:50 - 2013-09-03 01:50 - 01084736 _____ C:\Users\Margret Dresen\AppData\Roaming\2433f433
2013-09-03 01:50 - 2013-09-03 01:50 - 01084717 _____ C:\ProgramData\2433f433
C:\Users\MARGRE~1\AppData\Local\Temp\blrwtejtdkunanypp.exe
C:\Users\Margret Dresen\AppData\Local\Temp\APNStub.exe
C:\Users\Margret Dresen\AppData\Local\Temp\AskSLib.dll
C:\Users\Margret Dresen\AppData\Local\Temp\blrwtejtdkunanypp.exe
C:\Users\Margret Dresen\AppData\Local\Temp\install_reader10_de_mssa_aih(1).exe
C:\Users\Margret Dresen\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Margret Dresen\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Margret Dresen\AppData\Local\Temp\nswF2C8.tmp\DropboxNSISTools.dll
C:\Users\Margret Dresen\AppData\Local\Temp\nssD318.tmp\DropboxNSISTools.dll
C:\Users\Margret Dresen\AppData\Local\Temp\nssD318.tmp\UAC.dll
C:\Users\Margret Dresen\AppData\Local\Temp\nsf95F9.tmp\DropboxNSISTools.dll
C:\Users\Margret Dresen\AppData\Local\Temp\D99C.dir\InstallFlashPlayer.exe
C:\Users\Margret Dresen\AppData\Local\Temp\D365.dir\InstallFlashPlayer.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\GoogleEarth.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\icudt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGCore.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGMath.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemyext.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthps.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\icudt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGCore.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGMath.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGOpt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGUtils.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtCore4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtGui4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll

*****************

HKU\Margret Dresen\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Margret Dresen\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Margret Dresen\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Margret Dresen\AppData\Local\2433f433 => Moved successfully.
C:\Users\Margret Dresen\AppData\Roaming\2433f433 => Moved successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\MARGRE~1\AppData\Local\Temp\blrwtejtdkunanypp.exe => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\APNStub.exe => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\AskSLib.dll => Moved successfully.
"C:\Users\Margret Dresen\AppData\Local\Temp\blrwtejtdkunanypp.exe" => File/Directory not found.
C:\Users\Margret Dresen\AppData\Local\Temp\install_reader10_de_mssa_aih(1).exe => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\nswF2C8.tmp\DropboxNSISTools.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\nssD318.tmp\DropboxNSISTools.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\nssD318.tmp\UAC.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\nsf95F9.tmp\DropboxNSISTools.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\D99C.dir\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\D365.dir\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\GoogleEarth.exe => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\icudt.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGCore.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGMath.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGSg.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemyext.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthps.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\icudt.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGAttrs.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGCore.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGGfx.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGMath.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGOpt.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGSg.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGUtils.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtCore4.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtGui4.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll => Moved successfully.
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll => Moved successfully.

==== End of Fixlog ====

schrauber · 03.09.2013, 12:43

Dann boote den Rechner mal ganz normal und freue dich

AlexiusD · 03.09.2013, 12:49

boah,das gibts ja gar nicht!

DANKE DANKE DANKE!

kann man hier irgendwo bewerten oder ähnliches?

würde dir gerne mal ein dickes Lob da lassen!!

hätte ich nicht mit gerechnet,dass das so schnell klappt!

kannst du mir noch nen tipp geben,wie ich das in zukunft vermeiden kann? braucht man zwingend ein kostenpflichtiges virenprogramm?

schrauber · 03.09.2013, 18:03

Kannst Du im Unterforum Lob/Kritik, und Du kannst auch Spenden wenn Du magst. Wir sind aber noch nit fertig

Ab jetzt alles im normalen Modus:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

03.09.2013, 12:41	#4
schrauber /// the machine /// TB-Ausbilder	GZV Trojaner - abgesichter Modus startet nicht - Schritt 1 bis 4 erledigt genau das __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

03.09.2013, 12:43	#6
schrauber /// the machine /// TB-Ausbilder	GZV Trojaner - abgesichter Modus startet nicht - Schritt 1 bis 4 erledigt Dann boote den Rechner mal ganz normal und freue dich __________________ --> GZV Trojaner - abgesichter Modus startet nicht - Schritt 1 bis 4 erledigt

GZV Trojaner - abgesichter Modus startet nicht - Schritt 1 bis 4 erledigt

Log-Analyse und Auswertung: GZV Trojaner - abgesichter Modus startet nicht - Schritt 1 bis 4 erledigt