GVU - trojaner Windows 7 brauche hilfe beim entfernen frstlog vorhanden

udoprautsch · 17.11.2013, 15:31

Hallo, jetzt hat es mich auch erwischt...
Ich habe die version mit dem webcam bild, der pc lässt sich im abgesicherten modus mit Eingabeaufforderung starten.
Daher hab ich mich schon um den frst.log gekümmert.
Aber weiter komm ich leider nicht.
Ich danke schon vielmals im voraus

Code:

ATTFilter

Scan1 result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 (ATTENTION: ====> FRST version is 51 days old and could be outdated)
Ran by Udo Prautsch (administrator) on UDOPRAUTSCH-PC on 17-11-2013 14:31:08
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6963744 2009-01-20] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [2342800 2009-05-21] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\SysWOW64\explorer.exe (Microsoft Corporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-07-30] (Hewlett-Packard Company)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-29] (Google Inc.)
MountPoints2: {068d8f81-4a5b-11df-9058-00241d8c093f} - E:\AutoRun.exe
MountPoints2: {068d8f85-4a5b-11df-9058-00241d8c093f} - E:\AutoRun.exe
MountPoints2: {850c105b-509d-11df-8ebe-00040ec3dab5} - F:\LxSetup.exe
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-09-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe [557056 2010-04-17] (BitLeader)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2008-02-21] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [CherryConfigDlg] - C:\Program Files (x86)\Cherry\SmartDevice\CT_API_Config\ConfigDlg.exe [335951 2008-02-01] (Cherry GmbH)
HKLM-x32\...\Run: [chkhbci] - C:\Windows\system32\chkhbcin.exe
HKLM-x32\...\Run: [GloboFleet] - C:\Program Files (x86)\Buyond_GmbH\GloboFleet_CC_Plus\GloboFleet_CC_Plus.exe [152936 2010-04-19] (Buyond GmbH)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2420248 2013-11-11] ()
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-09-04] (cyberlink)
HKLM-x32\...\Run: [RemoteControl] - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [87336 2009-04-16] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [62760 2009-04-16] ()
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\pdf24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-30] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-04] (AVG Secure Search)
Startup: C:\Users\Udo Prautsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlja7t3jw.lnk
ShortcutTarget: wlja7t3jw.lnk -> C:\PROGRA~3\wj3t7ajlw.dss ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF30466696ADECA01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
URLSearchHook: (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -  No File
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={14BF076C-2CCD-42A2-B66A-8DA060132A3E}&mid=8f625c88cae547d0b710d16d5b68e0cc-9fe93a32e5fc4f1fd49ef12e7882df95d3e9a992&lang=de&ds=tt014&pr=sa&d=2012-07-23 18:01:28&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={14BF076C-2CCD-42A2-B66A-8DA060132A3E}&mid=8f625c88cae547d0b710d16d5b68e0cc-9fe93a32e5fc4f1fd49ef12e7882df95d3e9a992&lang=de&ds=tt014&pr=sa&d=2012-07-23 18:01:28&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A08DC114-406E-49D1-B690-66545F9620B4} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10266&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^AGX&apn_dtid=^YYYYYY^YY^CA&apn_uid=40208954-318b-45b8-b8ad-85876e5c649e&apn_sauid=78AE5E38-5E89-495B-8D84-8552A504C61F
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80195&lng=de
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU -  No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKCU -  No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU -  No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: hxxp://isearch.avg.com/?cid={14BF076C-2CCD-42A2-B66A-8DA060132A3E}&mid=8f625c88cae547d0b710d16d5b68e0cc-9fe93a32e5fc4f1fd49ef12e7882df95d3e9a992&lang=de&ds=tt014&pr=sa&d=2012-07-23 18:01:28&v=15.3.0.11&pid=avg&sg=0&sap=hp
CHR RestoreOnStartup: "hxxp://isearch.avg.com/?cid={14BF076C-2CCD-42A2-B66A-8DA060132A3E}&mid=8f625c88cae547d0b710d16d5b68e0cc-9fe93a32e5fc4f1fd49ef12e7882df95d3e9a992&lang=de&ds=tt014&pr=sa&d=2012-07-23 18:01:28&v=15.3.0.11&pid=avg&sg=0&sap=hp"]},"sync":{"suppress_start":false},"translate_accepted_count":{"en":1},"translate_denied_count":{"en":0},"translate_whitelists":{"en":"de"
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Udo Prautsch\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.18.0.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.1.2.1\avg.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin)
S2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-02-05] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2008-09-24] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-10-22] (TuneUp Software)
S2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [1734680 2013-11-11] (AVG Secure Search)
S2 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] ()

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH)
S3 gdrv; C:\Windows\gdrv.sys [23080 2013-11-17] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [23080 2013-11-17] (Windows (R) Server 2003 DDK provider)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-25] (Duplex Secure Ltd.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [146928 2009-09-04] (CyberLink Corp.)
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [146928 2009-09-04] (CyberLink Corp.)
S0 CLBStor; No ImagePath
S2 CLBUDFR; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-17 10:28 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-17 10:28 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-17 10:28 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-17 10:28 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-17 10:28 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-17 10:28 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-17 10:28 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-17 10:28 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-17 10:28 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-17 10:28 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-17 10:28 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-17 10:28 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-17 10:28 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-17 10:28 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-17 10:28 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-17 10:28 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-17 10:28 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-17 10:28 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-17 10:28 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-17 10:28 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-17 10:28 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-17 10:28 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-17 10:28 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-17 10:28 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-17 10:28 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-17 10:28 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-17 10:28 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-17 10:28 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-17 10:28 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-17 10:28 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-17 10:28 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 05:49 - 2013-11-17 14:22 - 00000291 _____ C:\ProgramData\wlja7t3jw.reg
2013-11-13 05:48 - 2013-11-17 14:22 - 95025368 ____T C:\ProgramData\wlja7t3jw.bxx
2013-11-13 05:48 - 2013-11-17 14:22 - 00000000 _____ C:\ProgramData\wlja7t3jw.fvv
2013-11-13 05:48 - 2013-11-13 05:48 - 00153088 _____ C:\ProgramData\wj3t7ajlw.dss
2013-11-13 05:48 - 2013-11-13 05:48 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\wlja7t3jw.pss
2013-11-13 05:32 - 2013-11-13 05:32 - 00000000 ____D C:\Users\Udo Prautsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-11-13 05:18 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 05:18 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 05:17 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 05:17 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 05:17 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 05:17 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 05:17 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 05:17 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 05:17 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 05:17 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 05:17 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 05:17 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 05:17 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 05:17 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 05:17 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 05:17 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 05:17 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 05:17 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 05:17 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 05:17 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 05:17 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 05:17 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 05:17 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 05:17 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 05:17 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 05:17 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 05:17 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 05:17 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 05:17 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 05:17 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-03 14:51 - 2013-10-22 15:37 - 00036664 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2013-11-03 14:51 - 2013-10-22 15:37 - 00030008 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2013-11-03 14:51 - 2013-10-22 15:37 - 00026936 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll

==================== One Month Modified Files and Folders =======

2013-11-17 14:28 - 2009-07-14 18:58 - 00658988 _____ C:\Windows\system32\perfh007.dat
2013-11-17 14:28 - 2009-07-14 18:58 - 00132558 _____ C:\Windows\system32\perfc007.dat
2013-11-17 14:28 - 2009-07-14 06:13 - 01512418 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-17 14:22 - 2013-11-13 05:49 - 00000291 _____ C:\ProgramData\wlja7t3jw.reg
2013-11-17 14:22 - 2013-11-13 05:48 - 95025368 ____T C:\ProgramData\wlja7t3jw.bxx
2013-11-17 14:22 - 2013-11-13 05:48 - 00000000 _____ C:\ProgramData\wlja7t3jw.fvv
2013-11-17 14:22 - 2011-08-29 20:31 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-17 14:01 - 2012-09-18 10:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-17 14:01 - 2011-08-29 20:31 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-17 14:01 - 2010-04-18 01:20 - 01298146 _____ C:\Windows\WindowsUpdate.log
2013-11-17 11:06 - 2012-08-14 09:31 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-17 10:52 - 2009-07-14 05:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-17 10:52 - 2009-07-14 05:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-17 10:47 - 2010-04-17 20:47 - 00000124 _____ C:\service.log
2013-11-17 10:46 - 2010-04-17 21:55 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-17 10:46 - 2010-04-17 20:46 - 00023080 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-11-17 10:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-17 10:46 - 2009-07-14 05:51 - 00086436 _____ C:\Windows\setupact.log
2013-11-17 10:27 - 2013-08-15 02:02 - 00000000 ____D C:\Windows\system32\MRT
2013-11-17 10:25 - 2010-04-17 21:13 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0CE2CBD3-6823-422B-BBD3-09AF6A90CB0D}
2013-11-17 10:23 - 2010-04-18 16:28 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 05:48 - 2013-11-13 05:48 - 00153088 _____ C:\ProgramData\wj3t7ajlw.dss
2013-11-13 05:48 - 2013-11-13 05:48 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\wlja7t3jw.pss
2013-11-13 05:48 - 2010-04-17 20:42 - 00000000 ___RD C:\Users\Udo Prautsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-13 05:45 - 2013-03-13 10:14 - 00000000 ____D C:\Users\Udo Prautsch\AppData\Local\DoNotTrackPlus
2013-11-13 05:32 - 2013-11-13 05:32 - 00000000 ____D C:\Users\Udo Prautsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-11-13 05:32 - 2010-05-13 21:22 - 00000000 ____D C:\ProgramData\GloboFleet
2013-11-13 05:32 - 2010-04-17 22:21 - 00000344 _____ C:\Windows\lgfwup.ini
2013-11-13 05:32 - 2010-04-17 22:21 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2013-11-11 04:27 - 2012-07-23 17:01 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-11-11 04:26 - 2012-09-05 16:01 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-11-03 14:50 - 2012-07-23 16:52 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2013-10-26 13:54 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-22 15:37 - 2013-11-03 14:51 - 00036664 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2013-10-22 15:37 - 2013-11-03 14:51 - 00030008 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2013-10-22 15:37 - 2013-11-03 14:51 - 00026936 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2013-10-22 15:37 - 2012-07-23 17:02 - 00035640 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2013-10-22 15:37 - 2012-07-23 17:02 - 00022328 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll

Files to move or delete:
====================
C:\ProgramData\wlja7t3jw.reg


Some content of TEMP:
====================
C:\Users\Udo Prautsch\AppData\Local\Temp\~tmf8723634452641809339.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 12:16

==================== End Of Log ============================

schrauber · 17.11.2013, 16:25

hi,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: C:\Users\Udo Prautsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlja7t3jw.lnk
ShortcutTarget: wlja7t3jw.lnk -> C:\PROGRA~3\wj3t7ajlw.dss ()
2013-11-13 05:49 - 2013-11-17 14:22 - 00000291 _____ C:\ProgramData\wlja7t3jw.reg
2013-11-13 05:48 - 2013-11-17 14:22 - 95025368 ____T C:\ProgramData\wlja7t3jw.bxx
2013-11-13 05:48 - 2013-11-17 14:22 - 00000000 _____ C:\ProgramData\wlja7t3jw.fvv
2013-11-13 05:48 - 2013-11-13 05:48 - 00153088 _____ C:\ProgramData\wj3t7ajlw.dss
2013-11-13 05:48 - 2013-11-13 05:48 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\wlja7t3jw.pss
2013-11-17 14:22 - 2013-11-13 05:49 - 00000291 _____ C:\ProgramData\wlja7t3jw.reg
2013-11-17 14:22 - 2013-11-13 05:48 - 95025368 ____T C:\ProgramData\wlja7t3jw.bxx
2013-11-17 14:22 - 2013-11-13 05:48 - 00000000 _____ C:\ProgramData\wlja7t3jw.fvv

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Rechner normal starten.

udoprautsch · 17.11.2013, 16:47

So, bitte schön

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013
Ran by Udo Prautsch at 2013-11-17 16:42:50 Run:1
Running from E:\
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Udo Prautsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlja7t3jw.lnk ShortcutTarget: wlja7t3jw.lnk -> C:\PROGRA~3\wj3t7ajlw.dss () 2013-11-13 05:49 - 2013-11-17 14:22 - 00000291 _____ C:\ProgramData\wlja7t3jw.reg 2013-11-13 05:48 - 2013-11-17 14:22 - 95025368 ____T C:\ProgramData\wlja7t3jw.bxx 2013-11-13 05:48 - 2013-11-17 14:22 - 00000000 _____ C:\ProgramData\wlja7t3jw.fvv 2013-11-13 05:48 - 2013-11-13 05:48 - 00153088 _____ C:\ProgramData\wj3t7ajlw.dss 2013-11-13 05:48 - 2013-11-13 05:48 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\wlja7t3jw.pss 2013-11-17 14:22 - 2013-11-13 05:49 - 00000291 _____ C:\ProgramData\wlja7t3jw.reg 2013-11-17 14:22 - 2013-11-13 05:48 - 95025368 ____T C:\ProgramData\wlja7t3jw.bxx 2013-11-17 14:22 - 2013-11-13 05:48 - 00000000 _____ C:\ProgramData\wlja7t3jw.fvv 
*****************

C:\Users\Udo Prautsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlja7t3jw.lnk ShortcutTarget: wlja7t3jw.lnk -> C:\PROGRA~3\wj3t7ajlw.dss () 2013-11-13 05:49 - 2013-11-17 14:22 - 00000291 _____ C:\ProgramData\wlja7t3jw.reg 2013-11-13 05:48 - 2013-11-17 14:22 - 95025368 ____T C:\ProgramData\wlja7t3jw.bxx 2013-11-13 05:48 - 2013-11-17 14:22 - 00000000 _____ C:\ProgramData\wlja7t3jw.fvv 2013-11-13 05:48 - 2013-11-13 05:48 - 00153088 _____ C:\ProgramData\wj3t7ajlw.dss 2013-11-13 05:48 - 2013-11-13 05:48 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\wlja7t3jw.pss 2013-11-17 14:22 - 2013-11-13 05:49 - 00000291 _____ C:\ProgramData\wlja7t3jw.reg 2013-11-17 14:22 - 2013-11-13 05:48 - 95025368 ____T C:\ProgramData\wlja7t3jw.bxx 2013-11-17 14:22 - 2013-11-13 05:48 - 00000000 _____ C:\ProgramData\wlja7t3jw.fvv  not found.
Startup: C:\Users\Udo Prautsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlja7t3jw.lnk C:\PROGRA~3\wj3t7ajlw.dss C:\ProgramData\wlja7t3jw.pss 2013-11-17 14:22 - 2013-11-13 05:49 - 00000291 _____ C:\ProgramData\wlja7t3jw.reg 2013-11-17 14:22 - 2013-11-13 05:48 - 95025368 ____T C:\ProgramData\wlja7t3jw.bxx 2013-11-17 14:22 - 2013-11-13 05:48 - 00000000 _____ C:\ProgramData\wlja7t3jw.fvv  not found.

==== End of Fixlog ====

schrauber · 18.11.2013, 09:37

Startet der Rechner normal?

udoprautsch · 18.11.2013, 15:16

Nein Leider nicht, der GVU-bildschirm kommt wieder

schrauber · 19.11.2013, 09:57

Neue Version von FRST laden,dann bitte nochmal ein Scanlog erstellen und posten.

18.11.2013, 09:37	#4
schrauber /// the machine /// TB-Ausbilder	GVU - trojaner Windows 7 brauche hilfe beim entfernen frstlog vorhanden Startet der Rechner normal? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

19.11.2013, 09:57	#6
schrauber /// the machine /// TB-Ausbilder	GVU - trojaner Windows 7 brauche hilfe beim entfernen frstlog vorhanden Neue Version von FRST laden,dann bitte nochmal ein Scanlog erstellen und posten. __________________ --> GVU - trojaner Windows 7 brauche hilfe beim entfernen frstlog vorhanden

GVU - trojaner Windows 7 brauche hilfe beim entfernen frstlog vorhanden

Plagegeister aller Art und deren Bekämpfung: GVU - trojaner Windows 7 brauche hilfe beim entfernen frstlog vorhanden