Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bundestrojaner, abges. modus nicht möglich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.03.2014, 17:17   #1
Leviathan091
 
bundestrojaner, abges. modus nicht möglich - Standard

bundestrojaner, abges. modus nicht möglich



hallo, ich habe mir blöderweise den Bundes(GVU) trojaner eingefangen. ich komme auch nicht mehr in den abgesicherten modus, wenn ich es auswähle, lädt er bis zu einem gewissen punkt und fährt dann wieder runter und im normalen modus wieder hoch und ich kann wiederr nichts auf dem desktop machen. ICh habe diesen post gefunden http://www.trojaner-board.de/132035-...ml#post1026550 und binb nun nach diesem vorgegangen.

ich hab den scan mit frst schon durchgeührt

Erster scan:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by SYSTEM on MININT-A1IG1QV on 21-03-2014 16:24:52
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16395880 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [262912 2009-08-20] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] - C:\Program Files (x86)\Video Web Camera\traybar.exe [600688 2009-10-01] (Chicony)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-01] (Dritek System Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\PackardBell\run_PackardBel
HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\PackardBell\run_PackardBel
HKU\Jenni\...\Run: [Akamai NetSession Interface] - C:\Users\Jenni\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)
HKU\Jenni\...\Run: [Spotify Web Helper] - C:\Users\Jenni\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd)
HKU\Jenni\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Jenni\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=f45a006ca92847d29577d16f6b811e1a-0d2c6ae7cd0fdc05a335f8b48cb960b3d5b15849 /CMPID=1213b
HKU\Jenni\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20728480 2014-01-14] (Skype Technologies S.A.)
HKU\Jenni\...\Run: [Steam] - C:\me programme\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\Jenni\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Jenni\...\Policies\Explorer: [DisallowRun] 1
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-03] (Conduit)
AppInit_DLLs:  C:\PROGRA~3\WebTouch\WEBTOU~1.DLL => C:\ProgramData\WebTouch\WebTouch_x64.dll [4247040 2013-12-30] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit)
AppInit_DLLs-x32:  c:\progra~3\webtouch\webtouch.dll => "c:\progra~3\webtouch\webtouch.dll" File Not Found
Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0j6gdi7.lnk
ShortcutTarget: 0j6gdi7.lnk -> C:\ProgramData\7idg6j0.gsa ()
Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Jenni\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Services (Whitelisted) =================

S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-07-19] (Perfect World Entertainment Inc)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-23] (AVG Technologies CZ, s.r.o.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [397176 2012-08-16] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-08-16] (BlueStack Systems, Inc.)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit)
S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
S2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720 2009-08-20] (NewTech Infosystems, Inc.)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-30] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
S2 Winmgmt; C:\ProgramData\0j6gdi7.faa [332532 2014-03-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-09-30] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-09] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [74616 2012-08-16] (BlueStack Systems)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-21 16:24 - 2014-03-21 16:24 - 00000000 ____D () C:\FRST
2014-03-20 16:18 - 2014-03-21 06:40 - 95027928 ____T () C:\ProgramData\0j6gdi7.bbr
2014-03-20 16:18 - 2014-03-20 16:18 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\0j6gdi7.faa
2014-03-20 16:18 - 2014-03-20 16:18 - 00110592 _____ () C:\ProgramData\7idg6j0.gsa
2014-03-19 17:50 - 2014-03-19 17:50 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-19 17:49 - 2014-03-19 17:49 - 00283192 _____ (Mozilla) C:\Users\Jenni\Downloads\Firefox Setup Stub 28.0.exe
2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 _____ () C:\autoexec.bat
2014-03-19 17:15 - 2014-03-19 17:39 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-13 16:10 - 2014-02-28 22:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-13 16:10 - 2014-02-28 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-13 16:10 - 2014-02-28 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-03-13 16:10 - 2014-02-28 20:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-13 16:10 - 2014-02-28 20:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-03-13 16:10 - 2014-02-28 20:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-03-13 16:10 - 2014-02-28 20:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-13 16:10 - 2014-02-28 20:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-03-13 16:10 - 2014-02-28 20:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-13 16:10 - 2014-02-28 20:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-03-13 16:10 - 2014-02-28 20:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-03-13 16:10 - 2014-02-28 20:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-03-13 16:10 - 2014-02-28 20:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 16:10 - 2014-02-28 20:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-13 16:10 - 2014-02-28 20:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-03-13 16:10 - 2014-02-28 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 16:10 - 2014-02-28 20:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-03-13 16:10 - 2014-02-28 19:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-13 16:10 - 2014-02-28 19:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 16:10 - 2014-02-28 19:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 16:10 - 2014-02-28 19:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 16:10 - 2014-02-28 19:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 16:10 - 2014-02-28 19:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 16:10 - 2014-02-28 19:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-13 16:10 - 2014-02-28 19:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 16:10 - 2014-02-28 19:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 16:10 - 2014-02-28 19:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 16:10 - 2014-02-28 19:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-03-13 16:10 - 2014-02-28 19:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-13 16:10 - 2014-02-28 19:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 16:10 - 2014-02-28 19:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 16:10 - 2014-02-28 19:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-13 16:10 - 2014-02-28 19:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 16:10 - 2014-02-28 19:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 16:10 - 2014-02-28 18:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 16:10 - 2014-02-28 18:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-13 16:10 - 2014-02-28 18:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 16:10 - 2014-02-28 18:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 16:10 - 2014-02-28 18:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-03-13 16:10 - 2014-02-28 18:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 16:08 - 2014-02-06 17:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-13 16:08 - 2014-01-28 18:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2014-03-13 16:08 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 16:08 - 2014-01-27 18:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2014-03-13 16:03 - 2014-02-03 18:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-03-13 16:03 - 2014-02-03 18:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-13 16:03 - 2014-02-03 18:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 16:03 - 2014-02-03 18:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-12 08:59 - 2014-03-12 08:59 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-06 08:24 - 2014-03-06 08:24 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect
2014-03-02 12:35 - 2014-03-02 12:35 - 00006144 ____H () C:\Users\Jenni\Desktop\photothumb.db
2014-02-28 07:34 - 2014-02-28 07:34 - 00000000 ____D () C:\Windows\de
2014-02-28 07:28 - 2014-02-28 07:28 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-28 07:21 - 2014-02-28 07:21 - 00000360 _____ () C:\Windows\DirectX.log
2014-02-28 07:15 - 2014-02-28 07:57 - 00000000 ____D () C:\Users\Jenni\AppData\Local\Windows Live
2014-02-28 07:04 - 2014-02-28 07:04 - 01245376 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-web.exe
2014-02-28 06:58 - 2014-02-28 07:02 - 142602520 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-all_16.4.3508.0205.exe
2014-02-28 05:28 - 2014-02-28 05:28 - 00000000 ____D () C:\Users\Jenni\Documents\PC Speed Maximizer
2014-02-28 05:24 - 2014-02-28 05:24 - 00000000 ____D () C:\Users\Jenni\Documents\Optimizer Pro
2014-02-28 05:22 - 2014-03-06 08:25 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-02-28 05:22 - 2014-02-28 07:56 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-02-28 05:22 - 2014-02-28 06:43 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-02-28 05:22 - 2014-02-28 05:35 - 00000000 ____D () C:\Fraps
2014-02-28 05:22 - 2014-02-28 05:23 - 00000000 ____D () C:\Users\Jenni\AppData\Local\SearchProtect
2014-02-28 05:22 - 2014-02-28 05:22 - 00000574 _____ () C:\Users\Public\Desktop\Fraps.lnk
2014-02-28 05:21 - 2014-02-28 05:21 - 00000000 ____D () C:\Users\Jenni\Downloads\Fraps_TSV14W5RV
2014-02-28 05:19 - 2014-02-28 05:19 - 00657576 _____ (Conduit) C:\Users\Jenni\Downloads\Fraps_TSV14W5RV.exe
2014-02-22 06:26 - 2014-03-21 06:10 - 00156100 _____ () C:\Windows\PFRO.log
2014-02-20 16:22 - 2014-02-20 16:43 - 00000000 ____D () C:\ProgramData\TTuBeAdblocKeR
2014-02-20 16:22 - 2014-02-20 16:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-20 16:22 - 2014-02-20 16:22 - 00000000 ____D () C:\ProgramData\dkpdnlnenoabajepnpjajmmeegcmcjhh
2014-02-19 12:19 - 2014-02-22 18:00 - 00016255 _____ () C:\Users\Jenni\Desktop\Gildenübersicht.xlsx
2014-02-19 10:47 - 2014-02-19 12:17 - 00015914 _____ () C:\Users\Jenni\Downloads\Gildenübersicht.xlsx
2014-02-19 09:38 - 2014-02-19 09:38 - 00005878 _____ () C:\Users\Jenni\Downloads\Mitgliederliste Vespera.ods

==================== One Month Modified Files and Folders =======

2014-03-21 16:24 - 2014-03-21 16:24 - 00000000 ____D () C:\FRST
2014-03-21 06:40 - 2014-03-20 16:18 - 95027928 ____T () C:\ProgramData\0j6gdi7.bbr
2014-03-21 06:39 - 2014-02-14 08:26 - 00026880 _____ () C:\Windows\setupact.log
2014-03-21 06:39 - 2013-01-22 08:53 - 00000388 ____H () C:\Windows\Tasks\{5AA22384-1FF1-4676-BA9B-EFBF7EFECE99}.job
2014-03-21 06:39 - 2013-01-13 15:14 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-21 06:39 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-21 06:34 - 2014-02-12 06:34 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\Skype
2014-03-21 06:31 - 2009-11-13 03:02 - 01912246 _____ () C:\Windows\WindowsUpdate.log
2014-03-21 06:30 - 2012-08-27 06:22 - 00000000 ___RD () C:\Users\Jenni\Dropbox
2014-03-21 06:30 - 2012-08-27 06:21 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\Dropbox
2014-03-21 06:14 - 2009-07-13 20:45 - 00017376 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 06:14 - 2009-07-13 20:45 - 00017376 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-21 06:10 - 2014-02-22 06:26 - 00156100 _____ () C:\Windows\PFRO.log
2014-03-21 06:10 - 2012-07-02 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-21 06:08 - 2013-02-04 17:46 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\Spotify
2014-03-21 06:05 - 2013-01-13 15:14 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-21 06:03 - 2014-01-06 13:29 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-21 05:59 - 2012-07-13 12:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-20 16:18 - 2014-03-20 16:18 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\0j6gdi7.faa
2014-03-20 16:18 - 2014-03-20 16:18 - 00110592 _____ () C:\ProgramData\7idg6j0.gsa
2014-03-20 13:03 - 2012-06-24 05:27 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\TS3Client
2014-03-19 17:50 - 2014-03-19 17:50 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-19 17:50 - 2014-02-15 03:05 - 00000000 ____D () C:\Program Files (x86)\mozilla firefox
2014-03-19 17:49 - 2014-03-19 17:49 - 00283192 _____ (Mozilla) C:\Users\Jenni\Downloads\Firefox Setup Stub 28.0.exe
2014-03-19 17:39 - 2014-03-19 17:15 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 _____ () C:\autoexec.bat
2014-03-19 13:58 - 2013-02-04 17:47 - 00000000 ____D () C:\Users\Jenni\AppData\Local\Spotify
2014-03-19 13:50 - 2013-08-15 03:35 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-19 13:46 - 2011-01-30 12:31 - 90015360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-03-17 05:30 - 2012-06-24 05:26 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-03-14 09:47 - 2009-07-13 20:45 - 00370184 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-14 09:45 - 2013-03-13 18:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 09:45 - 2013-03-13 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-13 03:44 - 2014-01-06 13:36 - 00000993 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-12 09:00 - 2012-07-13 12:31 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 09:00 - 2012-06-23 10:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 09:00 - 2011-06-02 08:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 08:59 - 2014-03-12 08:59 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 06:32 - 2013-03-26 03:00 - 00000000 ____D () C:\Users\Jenni\Documents\ABew
2014-03-06 08:25 - 2014-02-28 05:22 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-06 08:24 - 2014-03-06 08:24 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect
2014-03-02 12:35 - 2014-03-02 12:35 - 00006144 ____H () C:\Users\Jenni\Desktop\photothumb.db
2014-02-28 22:05 - 2014-03-13 16:10 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-28 21:17 - 2014-03-13 16:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-28 21:16 - 2014-03-13 16:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-28 20:58 - 2014-03-13 16:10 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-28 20:52 - 2014-03-13 16:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-28 20:51 - 2014-03-13 16:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-28 20:42 - 2014-03-13 16:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-28 20:40 - 2014-03-13 16:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-28 20:37 - 2014-03-13 16:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-28 20:33 - 2014-03-13 16:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-28 20:33 - 2014-03-13 16:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-28 20:32 - 2014-03-13 16:10 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-28 20:30 - 2014-03-13 16:10 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 20:23 - 2014-03-13 16:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-02-28 20:17 - 2014-03-13 16:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-28 20:11 - 2014-03-13 16:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 20:02 - 2014-03-13 16:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-28 19:54 - 2014-03-13 16:10 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-28 19:52 - 2014-03-13 16:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 19:51 - 2014-03-13 16:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 19:47 - 2014-03-13 16:10 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 19:43 - 2014-03-13 16:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 19:43 - 2014-03-13 16:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 19:42 - 2014-03-13 16:10 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-28 19:40 - 2014-03-13 16:10 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 19:38 - 2014-03-13 16:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 19:37 - 2014-03-13 16:10 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 19:35 - 2014-03-13 16:10 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-28 19:18 - 2014-03-13 16:10 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-28 19:16 - 2014-03-13 16:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 19:14 - 2014-03-13 16:10 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 19:10 - 2014-03-13 16:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-28 19:03 - 2014-03-13 16:10 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 19:00 - 2014-03-13 16:10 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 18:57 - 2014-03-13 16:10 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 18:38 - 2014-03-13 16:10 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-28 18:32 - 2014-03-13 16:10 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 18:27 - 2014-03-13 16:10 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 18:25 - 2014-03-13 16:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-28 18:25 - 2014-03-13 16:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 07:57 - 2014-02-28 07:15 - 00000000 ____D () C:\Users\Jenni\AppData\Local\Windows Live
2014-02-28 07:56 - 2014-02-28 05:22 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-02-28 07:56 - 2013-12-22 21:46 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-02-28 07:54 - 2013-01-01 10:20 - 00000000 ____D () C:\Program Files (x86)\Freeciv-2.1.6-gtk2
2014-02-28 07:34 - 2014-02-28 07:34 - 00000000 ____D () C:\Windows\de
2014-02-28 07:32 - 2009-11-13 03:18 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-28 07:28 - 2014-02-28 07:28 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-28 07:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-28 07:21 - 2014-02-28 07:21 - 00000360 _____ () C:\Windows\DirectX.log
2014-02-28 07:04 - 2014-02-28 07:04 - 01245376 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-web.exe
2014-02-28 07:02 - 2014-02-28 06:58 - 142602520 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-all_16.4.3508.0205.exe
2014-02-28 06:43 - 2014-02-28 05:22 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-02-28 05:35 - 2014-02-28 05:22 - 00000000 ____D () C:\Fraps
2014-02-28 05:28 - 2014-02-28 05:28 - 00000000 ____D () C:\Users\Jenni\Documents\PC Speed Maximizer
2014-02-28 05:24 - 2014-02-28 05:24 - 00000000 ____D () C:\Users\Jenni\Documents\Optimizer Pro
2014-02-28 05:23 - 2014-02-28 05:22 - 00000000 ____D () C:\Users\Jenni\AppData\Local\SearchProtect
2014-02-28 05:22 - 2014-02-28 05:22 - 00000574 _____ () C:\Users\Public\Desktop\Fraps.lnk
2014-02-28 05:21 - 2014-02-28 05:21 - 00000000 ____D () C:\Users\Jenni\Downloads\Fraps_TSV14W5RV
2014-02-28 05:19 - 2014-02-28 05:19 - 00657576 _____ (Conduit) C:\Users\Jenni\Downloads\Fraps_TSV14W5RV.exe
2014-02-22 18:00 - 2014-02-19 12:19 - 00016255 _____ () C:\Users\Jenni\Desktop\Gildenübersicht.xlsx
2014-02-20 16:43 - 2014-02-20 16:22 - 00000000 ____D () C:\ProgramData\TTuBeAdblocKeR
2014-02-20 16:22 - 2014-02-20 16:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-20 16:22 - 2014-02-20 16:22 - 00000000 ____D () C:\ProgramData\dkpdnlnenoabajepnpjajmmeegcmcjhh
2014-02-20 16:22 - 2013-12-31 17:40 - 00000000 ____D () C:\ProgramData\b2825e0011eb9fe
2014-02-20 16:22 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\System32\GroupPolicy
2014-02-19 12:19 - 2013-10-26 23:38 - 00000000 ____D () C:\Users\Jenni\Documents\Excel
2014-02-19 12:17 - 2014-02-19 10:47 - 00015914 _____ () C:\Users\Jenni\Downloads\Gildenübersicht.xlsx
2014-02-19 09:38 - 2014-02-19 09:38 - 00005878 _____ () C:\Users\Jenni\Downloads\Mitgliederliste Vespera.ods
2014-02-19 04:04 - 2014-02-18 05:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

Files to move or delete:
====================
C:\Windows\Tasks\{5AA22384-1FF1-4676-BA9B-EFBF7EFECE99}.job


Some content of TEMP:
====================
C:\Users\Jenni\AppData\Local\Temp\nsl4B85.exe
C:\Users\Jenni\AppData\Local\Temp\nsq54C9.exe
C:\Users\Jenni\AppData\Local\Temp\nsr1425.exe
C:\Users\Jenni\AppData\Local\Temp\nsr1B28.exe
C:\Users\Jenni\AppData\Local\Temp\pcspeedmaxsetup.exe
C:\Users\Jenni\AppData\Local\Temp\SHSetup.exe
C:\Users\Jenni\AppData\Local\Temp\SPSetup.exe
C:\Users\Jenni\AppData\Local\Temp\~+JF669828932335508636.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-02-28 07:18:29
Restore point made on: 2014-02-28 07:20:44
Restore point made on: 2014-02-28 07:22:53
Restore point made on: 2014-02-28 07:24:51
Restore point made on: 2014-02-28 07:28:32
Restore point made on: 2014-03-01 04:36:28
Restore point made on: 2014-03-11 12:03:18
Restore point made on: 2014-03-11 13:07:18
Restore point made on: 2014-03-14 05:21:30
Restore point made on: 2014-03-19 13:45:39
Restore point made on: 2014-03-19 17:16:34
Restore point made on: 2014-03-19 17:30:13
Restore point made on: 2014-03-19 17:32:52

==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 4090.93 MB
Available physical RAM: 3355.97 MB
Total Pagefile: 4089.08 MB
Available Pagefile: 3357.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:286.27 GB) (Free:54.46 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:2.49 GB) NTFS
Drive g: () (Removable) (Total:7.49 GB) (Free:7.48 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 97969796)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 0042D5AE)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2014-02-14 09:59

==================== End Of Log ============================
         
und dann den Fix:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by SYSTEM at 2014-03-21 16:39:00 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [x] 
HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.) 
HKU\Jason\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Jason\AppData\Local\Temp\qtwfkjkvgwxcqrffj.exe [55296 2013-07-15] (NVIDIA Corporation) <===== ATTENTION 
HKU\Jason\...\Winlogon: [Shell] cmd.exe [344576 2009-07-13] (Microsoft Corporation) <==== ATTENTION 
HKU\Jason\...\Command Processor: "C:\Users\Jason\AppData\Local\Temp\qtwfkjkvgwxcqrffj.exe" <===== ATTENTION! 
2013-07-15 20:19 - 2013-07-15 20:19 - 01084737 _____ C:\ProgramData\2433f433 
2013-07-15 20:19 - 2013-07-15 20:19 - 01084723 _____ C:\Users\Jason\AppData\Local\2433f433 
2013-07-15 20:19 - 2013-07-15 20:19 - 01084706 _____ C:\Users\Jason\AppData\Roaming\2433f433 
2013-06-28 14:51 - 2013-06-28 14:51 - 00000004 _____ C:\Users\Jason\AppData\Roaming\skype.ini 
C:\Users\Jason\AppData\Local\Temp\qtwfkjkvgwxcqrffj.exe
C:\Windows\Installer\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L 
C:\Windows\Installer\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L\00000004.@ 
C:\Windows\Installer\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L\201d3dde 
C:\Users\Jason\AppData\Local\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L 
C:\Users\Jason\AppData\Roaming\skype.ini 
C:\ProgramData\to_r0tsef.pad 
C:\ProgramData\pmt_0piot.pad 
C:\ProgramData\ldsw_0paos.pad 
C:\ProgramData\79879354.pad 
C:\ProgramData\682757624.pad 
C:\ProgramData\345818429.pad
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator => Value not found.
HKU\Jason\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value not found.
HKU\Jason\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
HKU\Jason\Software\Microsoft\Command Processor\\AutoRun => Value not found.
"C:\ProgramData\2433f433" => File/Directory not found.
"C:\Users\Jason\AppData\Local\2433f433" => File/Directory not found.
"C:\Users\Jason\AppData\Roaming\2433f433" => File/Directory not found.
"C:\Users\Jason\AppData\Roaming\skype.ini" => File/Directory not found.
"C:\Users\Jason\AppData\Local\Temp\qtwfkjkvgwxcqrffj.exe" => File/Directory not found.
"C:\Windows\Installer\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L" => File/Directory not found.
"C:\Windows\Installer\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L\00000004.@" => File/Directory not found.
"C:\Windows\Installer\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L\201d3dde" => File/Directory not found.
"C:\Users\Jason\AppData\Local\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L" => File/Directory not found.
"C:\Users\Jason\AppData\Roaming\skype.ini" => File/Directory not found.
"C:\ProgramData\to_r0tsef.pad" => File/Directory not found.
"C:\ProgramData\pmt_0piot.pad" => File/Directory not found.
"C:\ProgramData\ldsw_0paos.pad" => File/Directory not found.
"C:\ProgramData\79879354.pad" => File/Directory not found.
"C:\ProgramData\682757624.pad" => File/Directory not found.
"C:\ProgramData\345818429.pad" => File/Directory not found.

==== End of Fixlog ====
         
es geht immer noch nicht. woran liegt es?
könnte bitte jmd helfen

Alt 21.03.2014, 17:25   #2
schrauber
/// the machine
/// TB-Ausbilder
 

bundestrojaner, abges. modus nicht möglich - Standard

bundestrojaner, abges. modus nicht möglich



wer hat den fix gebaut? Frisches FRST log bitte.
__________________

__________________

Alt 22.03.2014, 12:25   #3
Leviathan091
 
bundestrojaner, abges. modus nicht möglich - Standard

bundestrojaner, abges. modus nicht möglich



der fix wurde von jmd hier im Forum gepostet, bei einem beitrag (finde ich gerade nicht mehr, schon zuviel nachgesehn)
frst log=der erste scan? den nochmal durchführen?
das wäre der scan dann nochmal, von gerade eben:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by SYSTEM on MININT-6K5KKCD on 21-03-2014 17:49:38
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16395880 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [262912 2009-08-20] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] - C:\Program Files (x86)\Video Web Camera\traybar.exe [600688 2009-10-01] (Chicony)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-01] (Dritek System Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\PackardBell\run_PackardBel
HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\PackardBell\run_PackardBel
HKU\Jenni\...\Run: [Akamai NetSession Interface] - C:\Users\Jenni\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)
HKU\Jenni\...\Run: [Spotify Web Helper] - C:\Users\Jenni\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd)
HKU\Jenni\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Jenni\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=f45a006ca92847d29577d16f6b811e1a-0d2c6ae7cd0fdc05a335f8b48cb960b3d5b15849 /CMPID=1213b
HKU\Jenni\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20728480 2014-01-14] (Skype Technologies S.A.)
HKU\Jenni\...\Run: [Steam] - C:\me programme\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\Jenni\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Jenni\...\Policies\Explorer: [DisallowRun] 1
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-03] (Conduit)
AppInit_DLLs:  C:\PROGRA~3\WebTouch\WEBTOU~1.DLL => C:\ProgramData\WebTouch\WebTouch_x64.dll [4247040 2013-12-30] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit)
AppInit_DLLs-x32:  c:\progra~3\webtouch\webtouch.dll => "c:\progra~3\webtouch\webtouch.dll" File Not Found
Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0j6gdi7.lnk
ShortcutTarget: 0j6gdi7.lnk -> C:\ProgramData\7idg6j0.gsa ()
Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Jenni\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Services (Whitelisted) =================

S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-07-19] (Perfect World Entertainment Inc)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-23] (AVG Technologies CZ, s.r.o.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [397176 2012-08-16] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-08-16] (BlueStack Systems, Inc.)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit)
S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
S2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720 2009-08-20] (NewTech Infosystems, Inc.)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-30] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
S2 Winmgmt; C:\ProgramData\0j6gdi7.faa [332532 2014-03-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-09-30] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-09] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [74616 2012-08-16] (BlueStack Systems)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-21 16:24 - 2014-03-21 17:49 - 00000000 ____D () C:\FRST
2014-03-20 16:18 - 2014-03-21 07:44 - 95027928 ____T () C:\ProgramData\0j6gdi7.bbr
2014-03-20 16:18 - 2014-03-20 16:18 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\0j6gdi7.faa
2014-03-20 16:18 - 2014-03-20 16:18 - 00110592 _____ () C:\ProgramData\7idg6j0.gsa
2014-03-19 17:50 - 2014-03-19 17:50 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-19 17:49 - 2014-03-19 17:49 - 00283192 _____ (Mozilla) C:\Users\Jenni\Downloads\Firefox Setup Stub 28.0.exe
2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 _____ () C:\autoexec.bat
2014-03-19 17:15 - 2014-03-19 17:39 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-13 16:10 - 2014-02-28 22:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-13 16:10 - 2014-02-28 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-13 16:10 - 2014-02-28 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-03-13 16:10 - 2014-02-28 20:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-13 16:10 - 2014-02-28 20:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-03-13 16:10 - 2014-02-28 20:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-03-13 16:10 - 2014-02-28 20:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-13 16:10 - 2014-02-28 20:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-03-13 16:10 - 2014-02-28 20:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-13 16:10 - 2014-02-28 20:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-03-13 16:10 - 2014-02-28 20:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-03-13 16:10 - 2014-02-28 20:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-03-13 16:10 - 2014-02-28 20:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 16:10 - 2014-02-28 20:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-13 16:10 - 2014-02-28 20:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-03-13 16:10 - 2014-02-28 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 16:10 - 2014-02-28 20:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-03-13 16:10 - 2014-02-28 19:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-13 16:10 - 2014-02-28 19:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 16:10 - 2014-02-28 19:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 16:10 - 2014-02-28 19:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 16:10 - 2014-02-28 19:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 16:10 - 2014-02-28 19:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 16:10 - 2014-02-28 19:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-13 16:10 - 2014-02-28 19:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 16:10 - 2014-02-28 19:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 16:10 - 2014-02-28 19:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 16:10 - 2014-02-28 19:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-03-13 16:10 - 2014-02-28 19:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-13 16:10 - 2014-02-28 19:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 16:10 - 2014-02-28 19:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 16:10 - 2014-02-28 19:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-13 16:10 - 2014-02-28 19:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 16:10 - 2014-02-28 19:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 16:10 - 2014-02-28 18:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 16:10 - 2014-02-28 18:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-13 16:10 - 2014-02-28 18:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 16:10 - 2014-02-28 18:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 16:10 - 2014-02-28 18:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-03-13 16:10 - 2014-02-28 18:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 16:08 - 2014-02-06 17:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-13 16:08 - 2014-01-28 18:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2014-03-13 16:08 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 16:08 - 2014-01-27 18:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2014-03-13 16:03 - 2014-02-03 18:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-03-13 16:03 - 2014-02-03 18:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-13 16:03 - 2014-02-03 18:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 16:03 - 2014-02-03 18:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-12 08:59 - 2014-03-12 08:59 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-06 08:24 - 2014-03-06 08:24 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect
2014-03-02 12:35 - 2014-03-02 12:35 - 00006144 ____H () C:\Users\Jenni\Desktop\photothumb.db
2014-02-28 07:34 - 2014-02-28 07:34 - 00000000 ____D () C:\Windows\de
2014-02-28 07:28 - 2014-02-28 07:28 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-28 07:21 - 2014-02-28 07:21 - 00000360 _____ () C:\Windows\DirectX.log
2014-02-28 07:15 - 2014-02-28 07:57 - 00000000 ____D () C:\Users\Jenni\AppData\Local\Windows Live
2014-02-28 07:04 - 2014-02-28 07:04 - 01245376 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-web.exe
2014-02-28 06:58 - 2014-02-28 07:02 - 142602520 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-all_16.4.3508.0205.exe
2014-02-28 05:28 - 2014-02-28 05:28 - 00000000 ____D () C:\Users\Jenni\Documents\PC Speed Maximizer
2014-02-28 05:24 - 2014-02-28 05:24 - 00000000 ____D () C:\Users\Jenni\Documents\Optimizer Pro
2014-02-28 05:22 - 2014-03-06 08:25 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-02-28 05:22 - 2014-02-28 07:56 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-02-28 05:22 - 2014-02-28 06:43 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-02-28 05:22 - 2014-02-28 05:35 - 00000000 ____D () C:\Fraps
2014-02-28 05:22 - 2014-02-28 05:23 - 00000000 ____D () C:\Users\Jenni\AppData\Local\SearchProtect
2014-02-28 05:22 - 2014-02-28 05:22 - 00000574 _____ () C:\Users\Public\Desktop\Fraps.lnk
2014-02-28 05:21 - 2014-02-28 05:21 - 00000000 ____D () C:\Users\Jenni\Downloads\Fraps_TSV14W5RV
2014-02-28 05:19 - 2014-02-28 05:19 - 00657576 _____ (Conduit) C:\Users\Jenni\Downloads\Fraps_TSV14W5RV.exe
2014-02-22 06:26 - 2014-03-21 06:10 - 00156100 _____ () C:\Windows\PFRO.log
2014-02-20 16:22 - 2014-02-20 16:43 - 00000000 ____D () C:\ProgramData\TTuBeAdblocKeR
2014-02-20 16:22 - 2014-02-20 16:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-20 16:22 - 2014-02-20 16:22 - 00000000 ____D () C:\ProgramData\dkpdnlnenoabajepnpjajmmeegcmcjhh
2014-02-19 12:19 - 2014-02-22 18:00 - 00016255 _____ () C:\Users\Jenni\Desktop\Gildenübersicht.xlsx
2014-02-19 10:47 - 2014-02-19 12:17 - 00015914 _____ () C:\Users\Jenni\Downloads\Gildenübersicht.xlsx
2014-02-19 09:38 - 2014-02-19 09:38 - 00005878 _____ () C:\Users\Jenni\Downloads\Mitgliederliste Vespera.ods

==================== One Month Modified Files and Folders =======

2014-03-21 17:49 - 2014-03-21 16:24 - 00000000 ____D () C:\FRST
2014-03-21 08:20 - 2012-07-13 12:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-21 08:20 - 2009-11-13 03:02 - 01921363 _____ () C:\Windows\WindowsUpdate.log
2014-03-21 07:50 - 2009-07-13 20:45 - 00017376 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 07:50 - 2009-07-13 20:45 - 00017376 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-21 07:45 - 2014-02-12 06:34 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\Skype
2014-03-21 07:45 - 2012-08-27 06:21 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\Dropbox
2014-03-21 07:44 - 2014-03-20 16:18 - 95027928 ____T () C:\ProgramData\0j6gdi7.bbr
2014-03-21 07:43 - 2013-01-22 08:53 - 00000388 ____H () C:\Windows\Tasks\{5AA22384-1FF1-4676-BA9B-EFBF7EFECE99}.job
2014-03-21 07:43 - 2013-01-13 15:14 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-21 07:42 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-21 07:41 - 2014-02-14 08:26 - 00026936 _____ () C:\Windows\setupact.log
2014-03-21 06:30 - 2012-08-27 06:22 - 00000000 ___RD () C:\Users\Jenni\Dropbox
2014-03-21 06:10 - 2014-02-22 06:26 - 00156100 _____ () C:\Windows\PFRO.log
2014-03-21 06:10 - 2012-07-02 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-21 06:08 - 2013-02-04 17:46 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\Spotify
2014-03-21 06:05 - 2013-01-13 15:14 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-21 06:03 - 2014-01-06 13:29 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-20 16:18 - 2014-03-20 16:18 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\0j6gdi7.faa
2014-03-20 16:18 - 2014-03-20 16:18 - 00110592 _____ () C:\ProgramData\7idg6j0.gsa
2014-03-20 13:03 - 2012-06-24 05:27 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\TS3Client
2014-03-19 17:50 - 2014-03-19 17:50 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-19 17:50 - 2014-02-15 03:05 - 00000000 ____D () C:\Program Files (x86)\mozilla firefox
2014-03-19 17:49 - 2014-03-19 17:49 - 00283192 _____ (Mozilla) C:\Users\Jenni\Downloads\Firefox Setup Stub 28.0.exe
2014-03-19 17:39 - 2014-03-19 17:15 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 _____ () C:\autoexec.bat
2014-03-19 13:58 - 2013-02-04 17:47 - 00000000 ____D () C:\Users\Jenni\AppData\Local\Spotify
2014-03-19 13:50 - 2013-08-15 03:35 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-19 13:46 - 2011-01-30 12:31 - 90015360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-03-17 05:30 - 2012-06-24 05:26 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-03-14 09:47 - 2009-07-13 20:45 - 00370184 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-14 09:45 - 2013-03-13 18:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 09:45 - 2013-03-13 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-13 03:44 - 2014-01-06 13:36 - 00000993 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-12 09:00 - 2012-07-13 12:31 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 09:00 - 2012-06-23 10:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 09:00 - 2011-06-02 08:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 08:59 - 2014-03-12 08:59 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 06:32 - 2013-03-26 03:00 - 00000000 ____D () C:\Users\Jenni\Documents\ABew
2014-03-06 08:25 - 2014-02-28 05:22 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-06 08:24 - 2014-03-06 08:24 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect
2014-03-02 12:35 - 2014-03-02 12:35 - 00006144 ____H () C:\Users\Jenni\Desktop\photothumb.db
2014-02-28 22:05 - 2014-03-13 16:10 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-28 21:17 - 2014-03-13 16:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-28 21:16 - 2014-03-13 16:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-28 20:58 - 2014-03-13 16:10 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-28 20:52 - 2014-03-13 16:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-28 20:51 - 2014-03-13 16:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-28 20:42 - 2014-03-13 16:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-28 20:40 - 2014-03-13 16:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-28 20:37 - 2014-03-13 16:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-28 20:33 - 2014-03-13 16:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-28 20:33 - 2014-03-13 16:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-28 20:32 - 2014-03-13 16:10 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-28 20:30 - 2014-03-13 16:10 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 20:23 - 2014-03-13 16:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-02-28 20:17 - 2014-03-13 16:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-28 20:11 - 2014-03-13 16:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 20:02 - 2014-03-13 16:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-28 19:54 - 2014-03-13 16:10 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-28 19:52 - 2014-03-13 16:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 19:51 - 2014-03-13 16:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 19:47 - 2014-03-13 16:10 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 19:43 - 2014-03-13 16:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 19:43 - 2014-03-13 16:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 19:42 - 2014-03-13 16:10 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-28 19:40 - 2014-03-13 16:10 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 19:38 - 2014-03-13 16:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 19:37 - 2014-03-13 16:10 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 19:35 - 2014-03-13 16:10 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-28 19:18 - 2014-03-13 16:10 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-28 19:16 - 2014-03-13 16:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 19:14 - 2014-03-13 16:10 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 19:10 - 2014-03-13 16:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-28 19:03 - 2014-03-13 16:10 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 19:00 - 2014-03-13 16:10 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 18:57 - 2014-03-13 16:10 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 18:38 - 2014-03-13 16:10 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-28 18:32 - 2014-03-13 16:10 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 18:27 - 2014-03-13 16:10 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 18:25 - 2014-03-13 16:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-28 18:25 - 2014-03-13 16:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 07:57 - 2014-02-28 07:15 - 00000000 ____D () C:\Users\Jenni\AppData\Local\Windows Live
2014-02-28 07:56 - 2014-02-28 05:22 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-02-28 07:56 - 2013-12-22 21:46 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-02-28 07:54 - 2013-01-01 10:20 - 00000000 ____D () C:\Program Files (x86)\Freeciv-2.1.6-gtk2
2014-02-28 07:34 - 2014-02-28 07:34 - 00000000 ____D () C:\Windows\de
2014-02-28 07:32 - 2009-11-13 03:18 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-28 07:28 - 2014-02-28 07:28 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-28 07:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-28 07:21 - 2014-02-28 07:21 - 00000360 _____ () C:\Windows\DirectX.log
2014-02-28 07:04 - 2014-02-28 07:04 - 01245376 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-web.exe
2014-02-28 07:02 - 2014-02-28 06:58 - 142602520 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-all_16.4.3508.0205.exe
2014-02-28 06:43 - 2014-02-28 05:22 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-02-28 05:35 - 2014-02-28 05:22 - 00000000 ____D () C:\Fraps
2014-02-28 05:28 - 2014-02-28 05:28 - 00000000 ____D () C:\Users\Jenni\Documents\PC Speed Maximizer
2014-02-28 05:24 - 2014-02-28 05:24 - 00000000 ____D () C:\Users\Jenni\Documents\Optimizer Pro
2014-02-28 05:23 - 2014-02-28 05:22 - 00000000 ____D () C:\Users\Jenni\AppData\Local\SearchProtect
2014-02-28 05:22 - 2014-02-28 05:22 - 00000574 _____ () C:\Users\Public\Desktop\Fraps.lnk
2014-02-28 05:21 - 2014-02-28 05:21 - 00000000 ____D () C:\Users\Jenni\Downloads\Fraps_TSV14W5RV
2014-02-28 05:19 - 2014-02-28 05:19 - 00657576 _____ (Conduit) C:\Users\Jenni\Downloads\Fraps_TSV14W5RV.exe
2014-02-22 18:00 - 2014-02-19 12:19 - 00016255 _____ () C:\Users\Jenni\Desktop\Gildenübersicht.xlsx
2014-02-20 16:43 - 2014-02-20 16:22 - 00000000 ____D () C:\ProgramData\TTuBeAdblocKeR
2014-02-20 16:22 - 2014-02-20 16:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-20 16:22 - 2014-02-20 16:22 - 00000000 ____D () C:\ProgramData\dkpdnlnenoabajepnpjajmmeegcmcjhh
2014-02-20 16:22 - 2013-12-31 17:40 - 00000000 ____D () C:\ProgramData\b2825e0011eb9fe
2014-02-20 16:22 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\System32\GroupPolicy
2014-02-19 12:19 - 2013-10-26 23:38 - 00000000 ____D () C:\Users\Jenni\Documents\Excel
2014-02-19 12:17 - 2014-02-19 10:47 - 00015914 _____ () C:\Users\Jenni\Downloads\Gildenübersicht.xlsx
2014-02-19 09:38 - 2014-02-19 09:38 - 00005878 _____ () C:\Users\Jenni\Downloads\Mitgliederliste Vespera.ods
2014-02-19 04:04 - 2014-02-18 05:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

Files to move or delete:
====================
C:\Windows\Tasks\{5AA22384-1FF1-4676-BA9B-EFBF7EFECE99}.job


Some content of TEMP:
====================
C:\Users\Jenni\AppData\Local\Temp\nsl4B85.exe
C:\Users\Jenni\AppData\Local\Temp\nsq54C9.exe
C:\Users\Jenni\AppData\Local\Temp\nsr1425.exe
C:\Users\Jenni\AppData\Local\Temp\nsr1B28.exe
C:\Users\Jenni\AppData\Local\Temp\pcspeedmaxsetup.exe
C:\Users\Jenni\AppData\Local\Temp\SHSetup.exe
C:\Users\Jenni\AppData\Local\Temp\SPSetup.exe
C:\Users\Jenni\AppData\Local\Temp\~+JF669828932335508636.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-02-28 07:18:29
Restore point made on: 2014-02-28 07:20:44
Restore point made on: 2014-02-28 07:22:53
Restore point made on: 2014-02-28 07:24:51
Restore point made on: 2014-02-28 07:28:32
Restore point made on: 2014-03-01 04:36:28
Restore point made on: 2014-03-11 12:03:18
Restore point made on: 2014-03-11 13:07:18
Restore point made on: 2014-03-14 05:21:30
Restore point made on: 2014-03-19 13:45:39
Restore point made on: 2014-03-19 17:16:34
Restore point made on: 2014-03-19 17:30:13
Restore point made on: 2014-03-19 17:32:52

==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 4090.93 MB
Available physical RAM: 3360.9 MB
Total Pagefile: 4089.08 MB
Available Pagefile: 3351.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:286.27 GB) (Free:54.46 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:2.49 GB) NTFS
Drive g: () (Removable) (Total:7.49 GB) (Free:7.48 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 97969796)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 0042D5AE)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2014-02-14 09:59

==================== End Of Log ============================
         
--- --- ---

--- --- ---


danke, hab jetzt hilfe gefunden
__________________

Geändert von Leviathan091 (21.03.2014 um 17:52 Uhr)

Alt 23.03.2014, 10:50   #4
schrauber
/// the machine
/// TB-Ausbilder
 

bundestrojaner, abges. modus nicht möglich - Standard

bundestrojaner, abges. modus nicht möglich



Du kannst doch nit einfach irgend nen FIx ausprobieren der für einen andern Rechner gebaut wurde


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\Jenni\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0j6gdi7.lnk
ShortcutTarget: 0j6gdi7.lnk -> C:\ProgramData\7idg6j0.gsa ()
S2 Winmgmt; C:\ProgramData\0j6gdi7.faa [332532 2014-03-20] (Microsoft Corporation)
2014-03-20 16:18 - 2014-03-21 07:44 - 95027928 ____T () C:\ProgramData\0j6gdi7.bbr
2014-03-20 16:18 - 2014-03-20 16:18 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\0j6gdi7.faa
2014-03-20 16:18 - 2014-03-20 16:18 - 00110592 _____ () C:\ProgramData\7idg6j0.gsa
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu bundestrojaner, abges. modus nicht möglich
adobe, adobe flash player, akamai, association, autorun, avg, bluestacks, desktop, download, explorer, fixlog, flash player, helper, home, microsoft, mozilla, nvidia, packard bell, programme, registry, services.exe, software, spotify web helper, svchost.exe, system, teamspeak, temp, trojaner, vista, winlogon.exe




Ähnliche Themen: bundestrojaner, abges. modus nicht möglich


  1. Windows 7 - Bundestrojaner jedoch abgesichertet Modus möglich
    Log-Analyse und Auswertung - 01.02.2015 (7)
  2. Windows XP Kommt nicht in den abges. Modus und neue USB-Tastatur verursacht Blue Screen.
    Plagegeister aller Art und deren Bekämpfung - 22.12.2014 (5)
  3. Windows 7: BKA Trojaner - Sperrbildschirm - abges. Modus startet nicht
    Log-Analyse und Auswertung - 11.06.2014 (3)
  4. Bundestrojaner GVU, Version unbekant, starten in Wind. XP Abges Mod möglich
    Log-Analyse und Auswertung - 25.02.2014 (13)
  5. Win XP Bundestrojaner, abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 14.12.2013 (9)
  6. Win XP: Bundestrojaner/GVU - weißer Bildschirm - abgesicherter Modus nur als Administrator möglich
    Log-Analyse und Auswertung - 03.09.2013 (11)
  7. Win XP: Bundestrojaner + abgesicherter Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 16.08.2013 (15)
  8. Win XP: Bundestrojaner - weißer Bildschirm - abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 15.08.2013 (17)
  9. Win7 GVU Trojaner / abges. Modus geht nicht / frst64 scan liegt vor
    Log-Analyse und Auswertung - 21.07.2013 (9)
  10. Bundestrojaner + abgesicherter Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (25)
  11. Bundestrojaner, Abges. Modus mit Eingabeaufforderung funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (25)
  12. Bundestrojaner - abgesicherter Modus mit Netzwerktreibern nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 04.05.2013 (19)
  13. GVU Trojaner Win XP kein start im abges. Modus möglich.
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (17)
  14. Probleme durch 'Bundesministerium'-Trojaner - OTL startet nicht (abges. Modus)
    Plagegeister aller Art und deren Bekämpfung - 25.12.2012 (26)
  15. Mich hats auch erwischt:( BUNDESTROJANER kein Abgesicherter Modus möglich
    Log-Analyse und Auswertung - 29.03.2012 (17)
  16. BUNDESTROJANER kein Abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (3)
  17. BKA-Trojaner, Security Disc erfolglos, abges.Modus auch befallen, Syst-Reperatur funkt. nicht...
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (2)

Zum Thema bundestrojaner, abges. modus nicht möglich - hallo, ich habe mir blöderweise den Bundes(GVU) trojaner eingefangen. ich komme auch nicht mehr in den abgesicherten modus, wenn ich es auswähle, lädt er bis zu einem gewissen punkt und - bundestrojaner, abges. modus nicht möglich...
Archiv
Du betrachtest: bundestrojaner, abges. modus nicht möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.