Win Vista: GVU Trojaner

JANTOR · 29.10.2013, 17:02

Hallo an die Expertenrunde

Ich versuche gerade einen Rechner zu retten der mit dem GVU/Europol/BSI Trojaner befahlen ist.
Ich habe mich hier schon etwas belesen und mithilfe einer Live CD und Farbars Recovery Scan Tool eine FRST.txt erstellt.

Ich hoffe auf eure Unterstützung

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by SYSTEM on MININT-BF89ADA on 29-10-2013 15:45:16
Running from H:\
Windows Vista (TM) Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NWEReboot] - [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [TPwrMain] - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [topi] - C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [Seagate Dashboard] - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2010-04-30] ()
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [NeroCheck] - C:\Windows\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [Memeo Send] - C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe [236816 2009-11-05] ()
HKLM\...\Run: [Memeo Instant Backup] - C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-01-24] (Memeo Inc.)
HKLM\...\Run: [Memeo AutoSync] - C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe [144608 2010-04-16] (Memeo Inc.)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1442888 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [ITSecMng] - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-28] ( TOSHIBA CORPORATION)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1406024 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\Toshiba\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] - C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-01-25] (TOSHIBA Corporation.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [Desktop SMS] - C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-09-24] (APN)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Flo\...\Run: [] - [x]
HKU\Flo\...\Run: [Google Update] - [x]
HKU\Flo\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Flo\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-24] (Google Inc.)
HKU\Flo\...\Run: [NTRedirect] - C:\Windows\system32\rundll32.exe  "C:\Users\Flo\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
HKU\Flo\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [ 2012-05-16] (Nokia)
HKU\Flo\...\Run: [ISUSPM] - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
HKU\Flo\...\Run: [ICQ] - "C:\Program Files\ICQ6.5\ICQ.exe" silent
HKU\Flo\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Flo\...\Policies\system: [LogonHoursAction] 2
HKU\Flo\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll  [ 2013-10-08] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wd78h8.lnk
ShortcutTarget: wd78h8.lnk -> C:\PROGRA~2\8h87dw.plz ()

========================== Services (Whitelisted) =================

S4 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-09-24] (APN LLC.)
S2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3032032 2013-10-08] ()
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1836544 2008-02-15] (Google)
S2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-01-24] (Memeo)
S2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International)
S2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-04-30] (Memeo)
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~2\8h87dw.plz [184320 2013-10-09] ()
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{cdd80180-a874-a155-79d3-32d208873e25}\   \...\???\{cdd80180-a874-a155-79d3-32d208873e25}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-10] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-10] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.)
S3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [25160 2007-08-07] (Elaborate Bytes AG)
S0 PzWDM; C:\Windows\System32\Drivers\PzWDM.sys [15172 2009-04-11] (Prassi Technology)
S3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-15] (Avira GmbH)
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 efipsk; \??\C:\Users\Flo\AppData\Local\Temp\efipsk.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 xMrMINI; system32\DRIVERS\xMrMini.sys [x]
S3 xVGAMINI; system32\DRIVERS\xVgaMini.sys [x]
S3 xVGAUSB; system32\drivers\xvgausb.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-29 15:45 - 2013-10-29 15:45 - 00000000 ____D C:\FRST
2013-10-10 15:46 - 2013-10-10 15:46 - 100267706 _____ C:\Windows\System32\摒᯽ᰴ˜
2013-10-09 16:09 - 2013-10-21 21:10 - 00000000 ____D C:\Windows\pss
2013-10-09 15:29 - 2013-10-21 21:34 - 95025368 ____T C:\ProgramData\wd78h8.pff
2013-10-09 15:29 - 2013-10-21 21:34 - 00000000 _____ C:\ProgramData\wd78h8.ctrl
2013-10-09 15:29 - 2013-10-09 15:31 - 00000004 _____ C:\Users\Flo\AppData\Roaming\cache.ini
2013-10-09 15:29 - 2013-10-09 15:29 - 00184320 _____ C:\ProgramData\8h87dw.plz
2013-10-09 14:59 - 2013-10-09 15:12 - 00000000 ____D C:\Users\Flo\Desktop\Luminox
2013-10-03 21:32 - 2013-10-09 15:00 - 100146679 _____ C:\Windows\System32\꘦㝋ᰴ¢
2013-10-02 14:29 - 2013-07-31 11:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-02 14:29 - 2013-07-31 11:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-02 14:29 - 2013-07-31 11:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-02 14:29 - 2013-07-31 10:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-02 14:29 - 2013-07-31 10:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-10-02 14:29 - 2013-07-31 10:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-02 14:29 - 2013-07-31 10:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-10-02 14:29 - 2013-07-31 10:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-02 14:29 - 2013-07-31 10:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-02 14:29 - 2013-07-31 10:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-10-02 14:29 - 2013-07-31 10:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-10-02 14:29 - 2013-07-31 10:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-02 14:29 - 2013-07-31 10:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-02 14:29 - 2013-07-31 10:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-02 14:29 - 2013-07-31 10:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-10-02 14:29 - 2013-07-31 10:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-02 14:03 - 2013-10-02 14:10 - 00000000 ____D C:\Windows\System32\MRT
2013-09-30 21:32 - 2013-09-30 21:32 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Avira
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-09-30 21:06 - 2013-09-30 21:06 - 00000000 ____D C:\ProgramData\APN
2013-09-30 21:05 - 2013-10-21 20:33 - 00001852 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-30 21:04 - 2013-10-10 18:14 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-09-30 21:04 - 2013-10-10 18:14 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-09-30 21:04 - 2013-10-10 18:14 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-09-30 21:04 - 2013-08-15 10:26 - 00028520 _____ (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-09-30 21:03 - 2013-10-21 19:54 - 00000000 ____D C:\ProgramData\Avira
2013-09-30 21:03 - 2013-09-30 21:03 - 00000000 ____D C:\Program Files\Avira
2013-09-29 20:47 - 2013-09-29 20:47 - 00000000 ____D C:\Users\Flo\AppData\Roaming\File Scout

==================== One Month Modified Files and Folders =======

2013-10-29 15:45 - 2013-10-29 15:45 - 00000000 ____D C:\FRST
2013-10-21 21:34 - 2013-10-09 15:29 - 95025368 ____T C:\ProgramData\wd78h8.pff
2013-10-21 21:34 - 2013-10-09 15:29 - 00000000 _____ C:\ProgramData\wd78h8.ctrl
2013-10-21 21:33 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-21 21:33 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-21 21:10 - 2013-10-09 16:09 - 00000000 ____D C:\Windows\pss
2013-10-21 20:37 - 2010-12-14 22:47 - 00325866 _____ C:\Windows\PFRO.log
2013-10-21 20:33 - 2013-09-30 21:05 - 00001852 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-21 19:54 - 2013-09-30 21:03 - 00000000 ____D C:\ProgramData\Avira
2013-10-21 19:14 - 2008-08-08 15:43 - 00007620 _____ C:\Users\Flo\AppData\Local\d3d9caps.dat
2013-10-21 18:50 - 2013-09-22 21:57 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-10 18:14 - 2013-09-30 21:04 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-10-10 18:14 - 2013-09-30 21:04 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-10-10 18:14 - 2013-09-30 21:04 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-10-10 15:51 - 2008-01-21 08:16 - 01444946 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-10 15:46 - 2013-10-10 15:46 - 100267706 _____ C:\Windows\System32\摒᯽ᰴ˜
2013-10-10 14:58 - 2011-03-01 22:04 - 00001027 _____ C:\Users\Flo\Desktop\Seagate Dashboard.lnk
2013-10-10 14:56 - 2008-08-05 18:55 - 00068096 _____ C:\Users\Flo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-09 16:09 - 2008-08-22 18:34 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-10-09 15:31 - 2013-10-09 15:29 - 00000004 _____ C:\Users\Flo\AppData\Roaming\cache.ini
2013-10-09 15:29 - 2013-10-09 15:29 - 00184320 _____ C:\ProgramData\8h87dw.plz
2013-10-09 15:29 - 2008-02-15 18:04 - 00000000 ____D C:\Program Files\Google
2013-10-09 15:28 - 2008-08-04 16:28 - 00000000 ____D C:\Users\Flo\AppData\Local\Google
2013-10-09 15:12 - 2013-10-09 14:59 - 00000000 ____D C:\Users\Flo\Desktop\Luminox
2013-10-09 15:00 - 2013-10-03 21:32 - 100146679 _____ C:\Windows\System32\꘦㝋ᰴ¢
2013-10-09 15:00 - 2008-08-24 19:41 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Skype
2013-10-05 21:55 - 2008-08-04 16:05 - 01796984 _____ C:\Windows\WindowsUpdate.log
2013-10-02 16:24 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-02 16:14 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-10-02 15:56 - 2006-11-02 13:47 - 00460752 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-02 15:52 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-10-02 15:52 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-10-02 15:52 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-10-02 14:44 - 2008-02-26 14:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-02 14:10 - 2013-10-02 14:03 - 00000000 ____D C:\Windows\System32\MRT
2013-09-30 21:32 - 2013-09-30 21:32 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Avira
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-09-30 21:06 - 2013-09-30 21:06 - 00000000 ____D C:\ProgramData\APN
2013-09-30 21:03 - 2013-09-30 21:03 - 00000000 ____D C:\Program Files\Avira
2013-09-30 19:58 - 2013-03-17 15:27 - 00000000 ____D C:\Users\Flo\Documents\Kontoauszüge
2013-09-29 20:47 - 2013-09-29 20:47 - 00000000 ____D C:\Users\Flo\AppData\Roaming\File Scout

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
C:\Users\Flo\AppData\Roaming\cache.ini
C:\Users\Flo\AppData\Roaming\desktop.ini
ZeroAccess:
C:\Users\Flo\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
C:\ProgramData\8h87dw.plz
C:\ProgramData\wd78h8.ctrl
C:\ProgramData\wd78h8.pff
C:\Users\Flo\AppData\Roaming\cache.dat


Some content of TEMP:
====================
C:\Users\Flo\AppData\Local\Temp\AskSLib.dll
C:\Users\Flo\AppData\Local\Temp\avgnt.exe
C:\Users\Flo\AppData\Local\Temp\DivXSetup.exe
C:\Users\Flo\AppData\Local\Temp\h-1286168718.tmp.dll
C:\Users\Flo\AppData\Local\Temp\h-1987662720.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h-218555463.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h-666281693.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h1029146361.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h2053962218.tmp.exe
C:\Users\Flo\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Flo\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Flo\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Flo\AppData\Local\Temp\msimg32.dll
C:\Users\Flo\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Flo\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Flo\AppData\Local\Temp\Setup_UM_165.exe
C:\Users\Flo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Flo\AppData\Local\Temp\vc8redist.exe
C:\Users\Flo\AppData\Local\Temp\~tmf3780541788549246657.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

4
Restore point made on: 2013-10-02 13:27:47
Restore point made on: 2013-10-02 13:57:51
Restore point made on: 2013-10-05 21:53:50
Restore point made on: 2013-10-09 15:30:30

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 4094.43 MB
Available physical RAM: 3561.68 MB
Total Pagefile: 4092.71 MB
Available Pagefile: 3575.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.08 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:117.54 GB) (Free:7.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:232.89 GB) (Free:62.93 GB) NTFS
Drive e: (Data) (Fixed) (Total:113.88 GB) (Free:108.71 GB) NTFS
Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS
Drive g: (KB3OPK_DE) (CDROM) (Total:1.87 GB) (Free:0 GB) UDF
Drive h: (Transcend) (Removable) (Total:7.35 GB) (Free:7.33 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 22741035)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=114 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 68F4EF2A)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.


LastRegBack: 2013-10-21 21:19

==================== End Of Log ============================

cosinus · 29.10.2013, 17:07

Hallo und

Zitat:

S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{cdd80180-a874-a155-79d3-32d208873e25}\ \...\???\{cdd80180-a874-a155-79d3-32d208873e25}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?

Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.
Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.
Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, dass sie sich praktisch "jeder" ansehen konnte.

Teile mir also mit, wie du dich entschieden hast.

JANTOR · 29.10.2013, 17:16

Hallo Cosinius

Danke für die schnelle Antwort und die Tips.
Ich möchte den PC ersteinmal wieder funktionstüchtig herstellen und hierbei um deine Hilfe bitten.

cosinus · 29.10.2013, 17:33

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wd78h8.lnk
ShortcutTarget: wd78h8.lnk -> C:\PROGRA~2\8h87dw.plz ()
S2 Winmgmt; C:\PROGRA~2\8h87dw.plz [184320 2013-10-09] ()
S3 efipsk; \??\C:\Users\Flo\AppData\Local\Temp\efipsk.sys [x]
C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wd78h8.lnk
C:\PROGRA~2\8h87dw.plz
C:\Users\Flo\AppData\Local\Temp\efipsk.sys
C:\Users\Flo\AppData\Roaming\desktop.ini
C:\ProgramData\wd78h8.pff
C:\ProgramData\wd78h8.ctrl
C:\Users\Flo\AppData\Roaming\cache.ini
C:\ProgramData\8h87dw.plz

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

JANTOR · 29.10.2013, 17:41

Erledigt

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-10-2013
Ran by SYSTEM at 2013-10-29 16:38:52 Run:1
Running from H:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wd78h8.lnk
ShortcutTarget: wd78h8.lnk -> C:\PROGRA~2\8h87dw.plz ()
S2 Winmgmt; C:\PROGRA~2\8h87dw.plz [184320 2013-10-09] ()
S3 efipsk; \??\C:\Users\Flo\AppData\Local\Temp\efipsk.sys [x]
C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wd78h8.lnk
C:\PROGRA~2\8h87dw.plz
C:\Users\Flo\AppData\Local\Temp\efipsk.sys
C:\Users\Flo\AppData\Roaming\desktop.ini
C:\ProgramData\wd78h8.pff
C:\ProgramData\wd78h8.ctrl
C:\Users\Flo\AppData\Roaming\cache.ini
C:\ProgramData\8h87dw.plz
*****************

C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wd78h8.lnk => Moved successfully.
C:\PROGRA~2\8h87dw.plz => Moved successfully.
Winmgmt => Service restored successfully.
efipsk => Service deleted successfully.
"C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wd78h8.lnk" => File/Directory not found.
"C:\PROGRA~2\8h87dw.plz" => File/Directory not found.
"C:\Users\Flo\AppData\Local\Temp\efipsk.sys" => File/Directory not found.
C:\Users\Flo\AppData\Roaming\desktop.ini => Moved successfully.
C:\ProgramData\wd78h8.pff => Moved successfully.
C:\ProgramData\wd78h8.ctrl => Moved successfully.
C:\Users\Flo\AppData\Roaming\cache.ini => Moved successfully.
"C:\ProgramData\8h87dw.plz" => File/Directory not found.

==== End of Fixlog ====

cosinus · 30.10.2013, 00:42

Startet Windows wieder normal?

JANTOR · 30.10.2013, 17:22

Hallo Cosinus, sorry für die späte Antwort....

Also folgender Sachstand:

Systemstart (normal) von Festplatte:

- System zeigt den Bootscreen und läuft und läuft und läuft...

Systemstart (abgesicherter Modus) von Festplatte:

- bootet und bleibt aber dann meist auf dem Desktop hängen

Systemstart (abgesicherter Modus mit Netzwerktreibern):

-bootet bleibt aber dann auf dem Desktop hängen

Systemstart (Computer reparieren) von Festplatte:

-bricht ab mit Hardwarefehler 0xc00000e9

Systemstart (Computer reparieren) von Win VISTA Recovery CD:

- Funktioniert und läuft durch, dann wieder bei allen anderen Boot Optionen das gleiche Spiel von vorn

Hier nochmal eine Log Datei FRST.txt (erstellt mit Win VISTA Recovery CD):

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by SYSTEM on MINWINPC on 30-10-2013 17:11:18
Running from H:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NWEReboot] - [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [TPwrMain] - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [topi] - C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [Seagate Dashboard] - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2010-04-30] ()
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [NeroCheck] - C:\Windows\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [Memeo Send] - C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe [236816 2009-11-05] ()
HKLM\...\Run: [Memeo Instant Backup] - C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-01-24] (Memeo Inc.)
HKLM\...\Run: [Memeo AutoSync] - C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe [144608 2010-04-16] (Memeo Inc.)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1442888 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [ITSecMng] - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-28] ( TOSHIBA CORPORATION)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1406024 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\Toshiba\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] - C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-01-25] (TOSHIBA Corporation.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [Desktop SMS] - C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-09-24] (APN)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Flo\...\Run: [] - [x]
HKU\Flo\...\Run: [Google Update] - [x]
HKU\Flo\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Flo\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-24] (Google Inc.)
HKU\Flo\...\Run: [NTRedirect] - C:\Windows\system32\rundll32.exe  "C:\Users\Flo\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
HKU\Flo\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [ 2012-05-16] (Nokia)
HKU\Flo\...\Run: [ISUSPM] - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
HKU\Flo\...\Run: [ICQ] - "C:\Program Files\ICQ6.5\ICQ.exe" silent
HKU\Flo\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Flo\...\Policies\system: [LogonHoursAction] 2
HKU\Flo\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll  [ 2013-10-08] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

========================== Services (Whitelisted) =================

S4 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-09-24] (APN LLC.)
S2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3032032 2013-10-08] ()
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1836544 2008-02-15] (Google)
S2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-01-24] (Memeo)
S2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International)
S2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-04-30] (Memeo)
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{cdd80180-a874-a155-79d3-32d208873e25}\   \...\???\{cdd80180-a874-a155-79d3-32d208873e25}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-10] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-10] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.)
S3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [25160 2007-08-07] (Elaborate Bytes AG)
S0 PzWDM; C:\Windows\System32\Drivers\PzWDM.sys [15172 2009-04-11] (Prassi Technology)
S3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-15] (Avira GmbH)
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 xMrMINI; system32\DRIVERS\xMrMini.sys [x]
S3 xVGAMINI; system32\DRIVERS\xVgaMini.sys [x]
S3 xVGAUSB; system32\drivers\xvgausb.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-29 15:45 - 2013-10-29 15:45 - 00000000 ____D C:\FRST
2013-10-10 15:46 - 2013-10-10 15:46 - 100267706 _____ C:\Windows\System32\摒᯽ᰴ˜
2013-10-09 16:09 - 2013-10-21 21:10 - 00000000 ____D C:\Windows\pss
2013-10-09 14:59 - 2013-10-09 15:12 - 00000000 ____D C:\Users\Flo\Desktop\Luminox
2013-10-03 21:32 - 2013-10-09 15:00 - 100146679 _____ C:\Windows\System32\꘦㝋ᰴ¢
2013-10-02 14:29 - 2013-07-31 11:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-02 14:29 - 2013-07-31 11:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-02 14:29 - 2013-07-31 11:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-02 14:29 - 2013-07-31 10:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-02 14:29 - 2013-07-31 10:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-10-02 14:29 - 2013-07-31 10:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-02 14:29 - 2013-07-31 10:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-10-02 14:29 - 2013-07-31 10:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-02 14:29 - 2013-07-31 10:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-02 14:29 - 2013-07-31 10:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-10-02 14:29 - 2013-07-31 10:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-10-02 14:29 - 2013-07-31 10:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-02 14:29 - 2013-07-31 10:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-02 14:29 - 2013-07-31 10:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-02 14:29 - 2013-07-31 10:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-10-02 14:29 - 2013-07-31 10:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-02 14:03 - 2013-10-02 14:10 - 00000000 ____D C:\Windows\System32\MRT
2013-09-30 21:32 - 2013-09-30 21:32 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Avira
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-09-30 21:06 - 2013-09-30 21:06 - 00000000 ____D C:\ProgramData\APN
2013-09-30 21:05 - 2013-10-21 20:33 - 00001852 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-30 21:04 - 2013-10-10 18:14 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-09-30 21:04 - 2013-10-10 18:14 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-09-30 21:04 - 2013-10-10 18:14 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-09-30 21:04 - 2013-08-15 10:26 - 00028520 _____ (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-09-30 21:03 - 2013-10-21 19:54 - 00000000 ____D C:\ProgramData\Avira
2013-09-30 21:03 - 2013-09-30 21:03 - 00000000 ____D C:\Program Files\Avira

==================== One Month Modified Files and Folders =======

2013-10-30 08:52 - 2008-01-21 08:16 - 01444946 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-30 07:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\LogFiles
2013-10-29 15:45 - 2013-10-29 15:45 - 00000000 ____D C:\FRST
2013-10-21 21:33 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-21 21:33 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-21 21:10 - 2013-10-09 16:09 - 00000000 ____D C:\Windows\pss
2013-10-21 20:37 - 2010-12-14 22:47 - 00325866 _____ C:\Windows\PFRO.log
2013-10-21 20:33 - 2013-09-30 21:05 - 00001852 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-21 19:54 - 2013-09-30 21:03 - 00000000 ____D C:\ProgramData\Avira
2013-10-21 19:14 - 2008-08-08 15:43 - 00007620 _____ C:\Users\Flo\AppData\Local\d3d9caps.dat
2013-10-21 18:50 - 2013-09-22 21:57 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-10 18:14 - 2013-09-30 21:04 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-10-10 18:14 - 2013-09-30 21:04 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-10-10 18:14 - 2013-09-30 21:04 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-10-10 15:46 - 2013-10-10 15:46 - 100267706 _____ C:\Windows\System32\摒᯽ᰴ˜
2013-10-10 14:58 - 2011-03-01 22:04 - 00001027 _____ C:\Users\Flo\Desktop\Seagate Dashboard.lnk
2013-10-10 14:56 - 2008-08-05 18:55 - 00068096 _____ C:\Users\Flo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-09 16:09 - 2008-08-22 18:34 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-10-09 15:29 - 2008-02-15 18:04 - 00000000 ____D C:\Program Files\Google
2013-10-09 15:28 - 2008-08-04 16:28 - 00000000 ____D C:\Users\Flo\AppData\Local\Google
2013-10-09 15:12 - 2013-10-09 14:59 - 00000000 ____D C:\Users\Flo\Desktop\Luminox
2013-10-09 15:00 - 2013-10-03 21:32 - 100146679 _____ C:\Windows\System32\꘦㝋ᰴ¢
2013-10-09 15:00 - 2008-08-24 19:41 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Skype
2013-10-05 21:55 - 2008-08-04 16:05 - 01796984 _____ C:\Windows\WindowsUpdate.log
2013-10-02 16:24 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-02 16:14 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-10-02 15:56 - 2006-11-02 13:47 - 00460752 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-02 15:52 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-10-02 15:52 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-10-02 15:52 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-10-02 14:44 - 2008-02-26 14:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-02 14:10 - 2013-10-02 14:03 - 00000000 ____D C:\Windows\System32\MRT
2013-09-30 21:32 - 2013-09-30 21:32 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Avira
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-09-30 21:06 - 2013-09-30 21:06 - 00000000 ____D C:\ProgramData\APN
2013-09-30 21:03 - 2013-09-30 21:03 - 00000000 ____D C:\Program Files\Avira
2013-09-30 19:58 - 2013-03-17 15:27 - 00000000 ____D C:\Users\Flo\Documents\Kontoauszüge

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Users\Flo\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
C:\Users\Flo\AppData\Roaming\cache.dat


Some content of TEMP:
====================
C:\Users\Flo\AppData\Local\Temp\AskSLib.dll
C:\Users\Flo\AppData\Local\Temp\avgnt.exe
C:\Users\Flo\AppData\Local\Temp\DivXSetup.exe
C:\Users\Flo\AppData\Local\Temp\h-1286168718.tmp.dll
C:\Users\Flo\AppData\Local\Temp\h-1987662720.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h-218555463.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h-666281693.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h1029146361.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h2053962218.tmp.exe
C:\Users\Flo\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Flo\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Flo\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Flo\AppData\Local\Temp\msimg32.dll
C:\Users\Flo\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Flo\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Flo\AppData\Local\Temp\Setup_UM_165.exe
C:\Users\Flo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Flo\AppData\Local\Temp\vc8redist.exe
C:\Users\Flo\AppData\Local\Temp\~tmf3780541788549246657.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

4
Restore point made on: 2013-10-02 13:27:47
Restore point made on: 2013-10-02 13:57:51
Restore point made on: 2013-10-05 21:53:50
Restore point made on: 2013-10-09 15:30:30

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 4093.48 MB
Available physical RAM: 3549.04 MB
Total Pagefile: 3834.13 MB
Available Pagefile: 3672.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.45 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:117.54 GB) (Free:7.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:232.89 GB) (Free:62.93 GB) NTFS
Drive e: (Data) (Fixed) (Total:113.88 GB) (Free:108.71 GB) NTFS
Drive f: (LRMCFRE_DE_DVD) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
Drive g: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS
Drive h: (Transcend) (Removable) (Total:7.35 GB) (Free:7.33 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 22741035)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=114 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 68F4EF2A)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.


LastRegBack: 2013-10-21 21:19

==================== End Of Log ============================

--- --- ---

cosinus · 30.10.2013, 21:44

Ok, dann noch ein Fix, berichte ob Windows danach normal wieder startet

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{cdd80180-a874-a155-79d3-32d208873e25}\   \...\???\{cdd80180-a874-a155-79d3-32d208873e25}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Program Files\Google\Desktop\Install
C:\Users\Flo\AppData\Local\Google\Desktop\Install
C:\Windows\assembly\GAC\Desktop.ini
C:\Users\Flo\AppData\Roaming\cache.dat
C:\Users\Flo\AppData\Local\Temp\AskSLib.dll
C:\Users\Flo\AppData\Local\Temp\avgnt.exe
C:\Users\Flo\AppData\Local\Temp\DivXSetup.exe
C:\Users\Flo\AppData\Local\Temp\h-1286168718.tmp.dll
C:\Users\Flo\AppData\Local\Temp\h-1987662720.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h-218555463.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h-666281693.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h1029146361.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h2053962218.tmp.exe
C:\Users\Flo\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Flo\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Flo\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Flo\AppData\Local\Temp\msimg32.dll
C:\Users\Flo\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Flo\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Flo\AppData\Local\Temp\Setup_UM_165.exe
C:\Users\Flo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Flo\AppData\Local\Temp\vc8redist.exe
C:\Users\Flo\AppData\Local\Temp\~tmf3780541788549246657.dll
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

JANTOR · 30.10.2013, 22:31

Hier schonmal das Log File..... Der Laptop scheint wieder beim Bootlogo zu hängen....

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-10-2013
Ran by SYSTEM at 2013-10-30 21:19:16 Run:3
Running from H:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{cdd80180-a874-a155-79d3-32d208873e25}\   \...\???\{cdd80180-a874-a155-79d3-32d208873e25}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Program Files\Google\Desktop\Install
C:\Users\Flo\AppData\Local\Google\Desktop\Install
C:\Windows\assembly\GAC\Desktop.ini
C:\Users\Flo\AppData\Roaming\cache.dat
C:\Users\Flo\AppData\Local\Temp\AskSLib.dll
C:\Users\Flo\AppData\Local\Temp\avgnt.exe
C:\Users\Flo\AppData\Local\Temp\DivXSetup.exe
C:\Users\Flo\AppData\Local\Temp\h-1286168718.tmp.dll
C:\Users\Flo\AppData\Local\Temp\h-1987662720.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h-218555463.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h-666281693.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h1029146361.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h2053962218.tmp.exe
C:\Users\Flo\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Flo\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Flo\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Flo\AppData\Local\Temp\msimg32.dll
C:\Users\Flo\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Flo\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Flo\AppData\Local\Temp\Setup_UM_165.exe
C:\Users\Flo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Flo\AppData\Local\Temp\vc8redist.exe
C:\Users\Flo\AppData\Local\Temp\~tmf3780541788549246657.dll
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
*****************

*etadpug => Unable to delete service
*etadpug => Service should be removed with FRST outside recovery mode.
"C:\Program Files\Google\Desktop\Install" => File/Directory not found.
"C:\Users\Flo\AppData\Local\Google\Desktop\Install" => File/Directory not found.
"C:\Windows\assembly\GAC\Desktop.ini" => File/Directory not found.
"C:\Users\Flo\AppData\Roaming\cache.dat" => File/Directory not found.
"C:\Users\Flo\AppData\Local\Temp\AskSLib.dll" => File/Directory not found.
C:\Users\Flo\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\DivXSetup.exe => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\h-1286168718.tmp.dll => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\h-1987662720.tmp.exe => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\h-218555463.tmp.exe => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\h-666281693.tmp.exe => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\h1029146361.tmp.exe => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\h2053962218.tmp.exe => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\msimg32.dll => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\NOSEventMessages.dll => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\setup_fsu_cid.exe => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\Setup_UM_165.exe => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\vc8redist.exe => Moved successfully.
C:\Users\Flo\AppData\Local\Temp\~tmf3780541788549246657.dll => Moved successfully.
Error: DeleteJunctionsIndirectory: C:\Program Files\Windows Defender => entry should be fixed outside recovery mode.

==== End of Fixlog ====

cosinus · 30.10.2013, 22:41

Dann mach noch ein letztes frisches Log...wenn das danach auch nichts wird dürfte dein System schon zu stark beschädigt sein um es zu bereinigen/reparieren

JANTOR · 30.10.2013, 22:58

Auch im abgesicherten Modus startet er zwar aber der Desktop bleibt dann schwarz nach der Anmeldung. Hier das File.

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by SYSTEM on MINWINPC on 30-10-2013 20:56:05
Running from H:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NWEReboot] - [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [TPwrMain] - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [topi] - C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [Seagate Dashboard] - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2010-04-30] ()
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [NeroCheck] - C:\Windows\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [Memeo Send] - C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe [236816 2009-11-05] ()
HKLM\...\Run: [Memeo Instant Backup] - C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-01-24] (Memeo Inc.)
HKLM\...\Run: [Memeo AutoSync] - C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe [144608 2010-04-16] (Memeo Inc.)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1442888 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [ITSecMng] - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-28] ( TOSHIBA CORPORATION)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1406024 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\Toshiba\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] - C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-01-25] (TOSHIBA Corporation.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [Desktop SMS] - C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-09-24] (APN)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Flo\...\Run: [] - [x]
HKU\Flo\...\Run: [Google Update] - [x]
HKU\Flo\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Flo\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-24] (Google Inc.)
HKU\Flo\...\Run: [NTRedirect] - C:\Windows\system32\rundll32.exe  "C:\Users\Flo\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
HKU\Flo\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [ 2012-05-16] (Nokia)
HKU\Flo\...\Run: [ISUSPM] - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
HKU\Flo\...\Run: [ICQ] - "C:\Program Files\ICQ6.5\ICQ.exe" silent
HKU\Flo\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Flo\...\Policies\system: [LogonHoursAction] 2
HKU\Flo\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll  [ 2013-10-08] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

========================== Services (Whitelisted) =================

S4 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-09-24] (APN LLC.)
S2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3032032 2013-10-08] ()
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1836544 2008-02-15] (Google)
S2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-01-24] (Memeo)
S2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International)
S2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-04-30] (Memeo)
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{cdd80180-a874-a155-79d3-32d208873e25}\   \...\???\{cdd80180-a874-a155-79d3-32d208873e25}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-10] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-10] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.)
S3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [25160 2007-08-07] (Elaborate Bytes AG)
S0 PzWDM; C:\Windows\System32\Drivers\PzWDM.sys [15172 2009-04-11] (Prassi Technology)
S3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-15] (Avira GmbH)
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 xMrMINI; system32\DRIVERS\xMrMini.sys [x]
S3 xVGAMINI; system32\DRIVERS\xVgaMini.sys [x]
S3 xVGAUSB; system32\drivers\xvgausb.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-29 15:45 - 2013-10-30 21:19 - 00000000 ____D C:\FRST
2013-10-10 15:46 - 2013-10-10 15:46 - 100267706 _____ C:\Windows\System32\摒᯽ᰴ˜
2013-10-09 16:09 - 2013-10-21 21:10 - 00000000 ____D C:\Windows\pss
2013-10-09 14:59 - 2013-10-09 15:12 - 00000000 ____D C:\Users\Flo\Desktop\Luminox
2013-10-03 21:32 - 2013-10-09 15:00 - 100146679 _____ C:\Windows\System32\꘦㝋ᰴ¢
2013-10-02 14:29 - 2013-07-31 11:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-02 14:29 - 2013-07-31 11:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-02 14:29 - 2013-07-31 11:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-02 14:29 - 2013-07-31 10:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-02 14:29 - 2013-07-31 10:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-10-02 14:29 - 2013-07-31 10:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-02 14:29 - 2013-07-31 10:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-10-02 14:29 - 2013-07-31 10:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-02 14:29 - 2013-07-31 10:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-02 14:29 - 2013-07-31 10:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-10-02 14:29 - 2013-07-31 10:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-10-02 14:29 - 2013-07-31 10:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-02 14:29 - 2013-07-31 10:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-02 14:29 - 2013-07-31 10:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-02 14:29 - 2013-07-31 10:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-10-02 14:29 - 2013-07-31 10:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-02 14:03 - 2013-10-02 14:10 - 00000000 ____D C:\Windows\System32\MRT
2013-09-30 21:32 - 2013-09-30 21:32 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Avira
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-09-30 21:06 - 2013-09-30 21:06 - 00000000 ____D C:\ProgramData\APN
2013-09-30 21:05 - 2013-10-21 20:33 - 00001852 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-30 21:04 - 2013-10-10 18:14 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-09-30 21:04 - 2013-10-10 18:14 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-09-30 21:04 - 2013-10-10 18:14 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-09-30 21:04 - 2013-08-15 10:26 - 00028520 _____ (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-09-30 21:03 - 2013-10-21 19:54 - 00000000 ____D C:\ProgramData\Avira
2013-09-30 21:03 - 2013-09-30 21:03 - 00000000 ____D C:\Program Files\Avira

==================== One Month Modified Files and Folders =======

2013-10-30 21:19 - 2013-10-29 15:45 - 00000000 ____D C:\FRST
2013-10-30 08:52 - 2008-01-21 08:16 - 01444946 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-30 07:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\LogFiles
2013-10-21 21:33 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-21 21:33 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-21 21:10 - 2013-10-09 16:09 - 00000000 ____D C:\Windows\pss
2013-10-21 20:37 - 2010-12-14 22:47 - 00325866 _____ C:\Windows\PFRO.log
2013-10-21 20:33 - 2013-09-30 21:05 - 00001852 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-21 19:54 - 2013-09-30 21:03 - 00000000 ____D C:\ProgramData\Avira
2013-10-21 19:14 - 2008-08-08 15:43 - 00007620 _____ C:\Users\Flo\AppData\Local\d3d9caps.dat
2013-10-21 18:50 - 2013-09-22 21:57 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-10 18:14 - 2013-09-30 21:04 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-10-10 18:14 - 2013-09-30 21:04 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-10-10 18:14 - 2013-09-30 21:04 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-10-10 15:46 - 2013-10-10 15:46 - 100267706 _____ C:\Windows\System32\摒᯽ᰴ˜
2013-10-10 14:58 - 2011-03-01 22:04 - 00001027 _____ C:\Users\Flo\Desktop\Seagate Dashboard.lnk
2013-10-10 14:56 - 2008-08-05 18:55 - 00068096 _____ C:\Users\Flo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-09 16:09 - 2008-08-22 18:34 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-10-09 15:29 - 2008-02-15 18:04 - 00000000 ____D C:\Program Files\Google
2013-10-09 15:28 - 2008-08-04 16:28 - 00000000 ____D C:\Users\Flo\AppData\Local\Google
2013-10-09 15:12 - 2013-10-09 14:59 - 00000000 ____D C:\Users\Flo\Desktop\Luminox
2013-10-09 15:00 - 2013-10-03 21:32 - 100146679 _____ C:\Windows\System32\꘦㝋ᰴ¢
2013-10-09 15:00 - 2008-08-24 19:41 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Skype
2013-10-05 21:55 - 2008-08-04 16:05 - 01796984 _____ C:\Windows\WindowsUpdate.log
2013-10-02 16:24 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-02 16:14 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-10-02 15:56 - 2006-11-02 13:47 - 00460752 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-02 15:52 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-10-02 15:52 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-10-02 15:52 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-10-02 14:44 - 2008-02-26 14:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-02 14:10 - 2013-10-02 14:03 - 00000000 ____D C:\Windows\System32\MRT
2013-09-30 21:32 - 2013-09-30 21:32 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Avira
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-09-30 21:06 - 2013-09-30 21:06 - 00000000 ____D C:\ProgramData\APN
2013-09-30 21:03 - 2013-09-30 21:03 - 00000000 ____D C:\Program Files\Avira
2013-09-30 19:58 - 2013-03-17 15:27 - 00000000 ____D C:\Users\Flo\Documents\Kontoauszüge

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

4
Restore point made on: 2013-10-02 13:27:47
Restore point made on: 2013-10-02 13:57:51
Restore point made on: 2013-10-05 21:53:50
Restore point made on: 2013-10-09 15:30:30

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 4093.48 MB
Available physical RAM: 3543.81 MB
Total Pagefile: 3834.13 MB
Available Pagefile: 3671.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.45 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:117.54 GB) (Free:7.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:232.89 GB) (Free:62.93 GB) NTFS
Drive e: (Data) (Fixed) (Total:113.88 GB) (Free:108.71 GB) NTFS
Drive f: (LRMCFRE_DE_DVD) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
Drive g: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS
Drive h: (Transcend) (Removable) (Total:7.35 GB) (Free:7.33 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 22741035)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=114 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 68F4EF2A)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.


LastRegBack: 2013-10-21 21:19

==================== End Of Log ============================

--- --- ---

--- --- ---

cosinus · 30.10.2013, 23:52

ZeroAccess ist leider immer noch aktiv und lässt sich so nicht mit FRST fixen.
Ich befürchte dein System ist schon zu stark beschädigt.

JANTOR · 31.10.2013, 06:05

Habe gerade gesehen das noch ein paar Wiederherstellungspunkte da sind.

Restore point made on: 2013-10-09 15:30:30

Siehst du in den Log Files wann ich mir den Trojaner eingefangen habe? Ich könnte versuchen auf den Wiederherstellungspunkt zurück zu setzen und wir checken nochmal.

cosinus · 31.10.2013, 23:53

Das siehst du selbst in den Logs:

Zitat:

Restore point made on: 2013-10-02 13:27:47
Restore point made on: 2013-10-02 13:57:51
Restore point made on: 2013-10-05 21:53:50
Restore point made on: 2013-10-09 15:30:30

Wie brauchbar diese Punkte sind ist eine andere Frage.

JANTOR · 01.11.2013, 17:14

Ok,....wie schon erwartet sind die restore points nicht zu gebrauchen. Dann muss ich mich geschlagen geben und neu aufsetzen.

30.10.2013, 00:42	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win Vista: GVU Trojaner Startet Windows wieder normal? __________________ --> Win Vista: GVU Trojaner

30.10.2013, 22:41	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win Vista: GVU Trojaner Dann mach noch ein letztes frisches Log...wenn das danach auch nichts wird dürfte dein System schon zu stark beschädigt sein um es zu bereinigen/reparieren __________________ Logfiles bitte immer in CODE-Tags posten

30.10.2013, 23:52	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win Vista: GVU Trojaner ZeroAccess ist leider immer noch aktiv und lässt sich so nicht mit FRST fixen. Ich befürchte dein System ist schon zu stark beschädigt. __________________ Logfiles bitte immer in CODE-Tags posten

Win Vista: GVU Trojaner

Log-Analyse und Auswertung: Win Vista: GVU Trojaner