Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Interpol trojaner entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 06.04.2014, 15:04   #1
egland
 
Interpol trojaner entfernen - Standard

Interpol trojaner entfernen



Hallo zusammen
Mein Lap Top ist mit dem Interpol trojaner befallen.
Ich habe den FRST-Scan schon durchgeführt und schicke ihn.


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by SYSTEM on MINWINPC on 06-04-2014 15:47:51
Running from D:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-23] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-03-06] (Acer Incorporated)
HKLM\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-09-22] (Acer)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-08-06] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-08-06] (NVIDIA Corporation)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [821768 2008-07-01] (Dritek System Inc.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [CLMLServer] - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
HKLM\...\Run: [PlayMovie] - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-05-12] (Acer Corp.)
HKLM\...\Run: [Acer Assist Launcher] - C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-10-08] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Michael\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [4240760 2010-11-09] (Microsoft Corporation)
HKU\Michael\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Michael\...\Run: [Yontoo Desktop] - "C:\Users\Michael\AppData\Roaming\Yontoo\YontooDesktop.exe"
HKU\Michael\...\Run: [YtwgPack] - regsvr32.exe C:\Users\Michael\AppData\Local\YtwgPack\SMCLIENT.DLL <===== ATTENTION
HKU\Michael\...\Run: [syshost32] - C:\Users\Michael\AppData\Local\{918ACB89-7E1F-FA39-E448-51D4C3E791B0}\syshost.exe [83968 2014-04-05] ()
HKU\Michael\...\Run: [tgnxdthp] - regsvr32.exe "C:\ProgramData\tgnxdthp.dat"
HKU\Michael\...\Run: [Oxudm] - C:\Users\Michael\AppData\Local\Temp\Zekuo\oxudm.exe [643072 2008-12-12] () <===== ATTENTION
HKU\Michael\...\RunOnce: [iag3q] - C:\ProgramData\ujia\ynppd.exe [275456 2014-04-05] (Zone Labs, LLC)
HKU\Michael\...\Winlogon: [Shell] C:\ProgramData\ytfb\oomnsf.exe,explorer.exe <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll => C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll File Not Found

========================== Services (Whitelisted) =================

S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [25856 2008-04-14] (AVerMedia TECHNOLOGIES, Inc.)
S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42880 2008-04-14] (AVerMedia TECHNOLOGIES, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-24] (Microsoft Corporation)
S3 MyPenPro; C:\Windows\System32\Drivers\MyPenPro.sys [44032 2003-04-30] (C Technologies)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-03-29] (Texas Instruments)
S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-27] (Winbond Electronics Corporation)
S1 gcffuosq; \??\C:\Windows\system32\drivers\gcffuosq.sys [X]
S1 hjuihdee; \??\C:\Windows\system32\drivers\hjuihdee.sys [X]
S1 ihicpkrw; \??\C:\Windows\system32\drivers\ihicpkrw.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 jmcdlnbw; \??\C:\Windows\system32\drivers\jmcdlnbw.sys [X]
S1 lfypxjem; \??\C:\Windows\system32\drivers\lfypxjem.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 nxydeqhb; \??\C:\Windows\system32\drivers\nxydeqhb.sys [X]
S1 rahcrppn; \??\C:\Windows\system32\drivers\rahcrppn.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S1 tkzjuyvq; \??\C:\Windows\system32\drivers\tkzjuyvq.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-06 15:45 - 2014-04-06 15:47 - 00000000 ____D () C:\FRST
2014-04-06 00:02 - 2014-04-06 00:02 - 00000000 ____D () C:\Users\Michael\AppData\Local\{44FB4B45-C2BB-414C-BA26-554BC1E53C19}
2014-04-05 23:22 - 2014-04-05 23:57 - 00000000 ____D () C:\ProgramData\xibv
2014-04-05 12:01 - 2014-04-05 12:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\{7A973DC6-7406-4763-AE08-70318BA00AE4}
2014-04-05 11:28 - 2014-04-05 23:57 - 00000000 ____D () C:\ProgramData\xuqsaa
2014-04-05 11:28 - 2014-04-05 23:52 - 00000000 ____D () C:\ProgramData\fmnip
2014-04-05 11:28 - 2014-04-05 11:28 - 00000000 ____D () C:\ProgramData\qqxqud
2014-04-05 09:18 - 2014-04-05 09:18 - 00004275 _____ () C:\Users\Michael\Desktop\out.bin
2014-04-05 09:15 - 2014-04-06 05:04 - 00000000 ____D () C:\ProgramData\gitunx
2014-04-05 09:14 - 2014-04-06 05:04 - 00000000 ____D () C:\ProgramData\pdvy
2014-04-05 09:14 - 2014-04-05 09:15 - 00000000 ____D () C:\ProgramData\jketq
2014-04-05 09:14 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\ytfb
2014-04-05 09:14 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\ujia
2014-04-05 09:04 - 2014-04-05 09:04 - 00001555 _____ () C:\Users\Public\Documents\UNCRYPT_FILES.TXT
2014-04-05 08:55 - 2014-04-05 08:55 - 00001555 _____ () C:\Users\Public\UNCRYPT_FILES.TXT
2014-04-05 08:52 - 2014-04-05 08:52 - 00001555 _____ () C:\Users\Michael\Downloads\UNCRYPT_FILES.TXT
2014-04-05 08:44 - 2014-04-05 08:44 - 00001555 _____ () C:\Users\Michael\Documents\UNCRYPT_FILES.TXT
2014-04-05 08:29 - 2014-04-05 08:29 - 00001555 _____ () C:\Users\Michael\UNCRYPT_FILES.TXT
2014-04-05 08:29 - 2014-04-05 08:29 - 00001555 _____ () C:\Users\Michael\AppData\Local\UNCRYPT_FILES.TXT
2014-04-05 08:25 - 2014-04-05 08:28 - 00001555 _____ () C:\ProgramData\UNCRYPT_FILES.TXT
2014-04-05 08:00 - 2014-04-05 08:25 - 00382096 _____ () C:\ProgramData\tgnxdthp.dat
2014-04-05 08:00 - 2014-04-05 08:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{918ACB89-7E1F-FA39-E448-51D4C3E791B0}
2014-04-05 07:59 - 2014-04-06 05:04 - 00000000 ____D () C:\ProgramData\wwlcd
2014-03-17 00:04 - 2014-04-05 00:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\{63546E52-6521-4408-B3D9-8B32FC93385D}
2014-03-16 10:57 - 2014-03-16 10:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\{83EACAA2-7562-4F7A-B0DC-7188D5BE77FE}
2014-03-15 23:03 - 2014-02-22 21:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-15 23:03 - 2014-02-22 21:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-15 23:03 - 2014-02-22 21:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-15 23:03 - 2014-02-22 21:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-15 23:03 - 2014-02-22 21:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-03-15 23:03 - 2014-02-22 21:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-03-15 23:03 - 2014-02-22 21:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-03-15 23:03 - 2014-02-22 21:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-15 23:03 - 2014-02-22 21:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-15 23:03 - 2014-02-22 21:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-03-15 23:03 - 2014-02-22 21:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-15 23:03 - 2014-02-22 21:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-03-15 23:03 - 2014-02-22 21:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-15 23:03 - 2014-02-22 21:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-03-15 23:03 - 2014-02-22 21:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-15 23:02 - 2014-02-22 21:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-14 22:47 - 2014-02-07 02:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-14 22:47 - 2014-02-03 02:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-14 22:47 - 2014-01-29 23:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2014-03-14 22:46 - 2013-11-12 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-03-11 06:38 - 2014-04-05 08:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\YtwgPack
2014-03-10 00:19 - 2014-03-15 22:56 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D5CDA79D-C65D-4103-9AA0-006C1A5F22E9}
2014-03-09 06:17 - 2014-04-05 08:24 - 95028440 ____T () C:\ProgramData\qbnqatlf.fee
2014-03-08 23:42 - 2014-03-08 23:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\{2CC84866-1594-4EC0-B211-AA284EE49218}
2014-03-08 01:00 - 2014-03-08 01:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{120399DE-04AA-4A04-82AF-5B44359E608F}

==================== One Month Modified Files and Folders =======

2014-04-06 15:47 - 2014-04-06 15:45 - 00000000 ____D () C:\FRST
2014-04-06 05:17 - 2008-12-08 15:47 - 01367419 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 05:17 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 05:17 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 05:05 - 2008-12-08 11:27 - 00028029 _____ () C:\ProgramData\nvModes.001
2014-04-06 05:05 - 2008-12-08 09:56 - 00000680 _____ () C:\Users\Michael\AppData\Local\d3d9caps.dat
2014-04-06 05:04 - 2014-04-05 09:15 - 00000000 ____D () C:\ProgramData\gitunx
2014-04-06 05:04 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\pdvy
2014-04-06 05:04 - 2014-04-05 07:59 - 00000000 ____D () C:\ProgramData\wwlcd
2014-04-06 05:02 - 2008-01-20 18:47 - 07084078 _____ () C:\Windows\PFRO.log
2014-04-06 00:02 - 2014-04-06 00:02 - 00000000 ____D () C:\Users\Michael\AppData\Local\{44FB4B45-C2BB-414C-BA26-554BC1E53C19}
2014-04-05 23:57 - 2014-04-05 23:22 - 00000000 ____D () C:\ProgramData\xibv
2014-04-05 23:57 - 2014-04-05 11:28 - 00000000 ____D () C:\ProgramData\xuqsaa
2014-04-05 23:57 - 2008-12-08 11:26 - 00028029 _____ () C:\ProgramData\nvModes.dat
2014-04-05 23:52 - 2014-04-05 11:28 - 00000000 ____D () C:\ProgramData\fmnip
2014-04-05 12:01 - 2014-04-05 12:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\{7A973DC6-7406-4763-AE08-70318BA00AE4}
2014-04-05 11:28 - 2014-04-05 11:28 - 00000000 ____D () C:\ProgramData\qqxqud
2014-04-05 09:18 - 2014-04-05 09:18 - 00004275 _____ () C:\Users\Michael\Desktop\out.bin
2014-04-05 09:15 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\jketq
2014-04-05 09:14 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\ytfb
2014-04-05 09:14 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\ujia
2014-04-05 09:12 - 2010-08-28 05:50 - 00000000 ____D () C:\Users\Public\Documents\Projekt 10
2014-04-05 09:12 - 2010-07-07 09:02 - 00000000 ____D () C:\Users\Public\Documents\Steuerfälle
2014-04-05 09:07 - 2010-07-07 09:02 - 00000000 ____D () C:\Users\Public\Documents\Michael Egli
2014-04-05 09:06 - 2010-07-07 09:03 - 00000000 ____D () C:\Users\Public\Documents\d Egli
2014-04-05 09:06 - 2010-07-07 09:03 - 00000000 ____D () C:\Users\Public\Documents\Bilder
2014-04-05 09:05 - 2010-07-07 09:07 - 00000000 ____D () C:\Users\Public\Documents\Andreas
2014-04-05 09:04 - 2014-04-05 09:04 - 00001555 _____ () C:\Users\Public\Documents\UNCRYPT_FILES.TXT
2014-04-05 09:04 - 2010-10-31 09:04 - 06374139 _____ () C:\Users\Public\Documents\MOV03401.MPG
2014-04-05 09:04 - 2010-10-29 07:38 - 00030208 ___SH () C:\Users\Public\Documents\Thumbs.db
2014-04-05 09:04 - 2010-07-07 09:02 - 00017408 _____ () C:\Users\Public\Documents\Abrechnung Neuseeland.xls
2014-04-05 09:04 - 2010-07-07 09:01 - 00052256 _____ () C:\Users\Public\Documents\FIBUSICH.LZX
2014-04-05 09:04 - 2010-07-07 09:00 - 00070016 _____ () C:\Users\Public\Documents\EGLI-EGLI_M10.zip
2014-04-05 09:04 - 2010-03-09 10:02 - 00432702 _____ () C:\Users\Public\Documents\andi.xps
2014-04-05 08:56 - 2010-01-30 12:24 - 00000000 ____D () C:\Users\Public\2010-01-30 Grindelwald
2014-04-05 08:56 - 2009-02-11 11:24 - 00000000 ____D () C:\Users\Public\2009-02-11
2014-04-05 08:56 - 2006-11-02 03:18 - 00000000 ___RD () C:\users\Public
2014-04-05 08:55 - 2014-04-05 08:55 - 00001555 _____ () C:\Users\Public\UNCRYPT_FILES.TXT
2014-04-05 08:53 - 2008-12-08 11:24 - 00000000 ____D () C:\Users\Michael\Documents\Eigene Google Gadgets
2014-04-05 08:52 - 2014-04-05 08:52 - 00001555 _____ () C:\Users\Michael\Downloads\UNCRYPT_FILES.TXT
2014-04-05 08:44 - 2014-04-05 08:44 - 00001555 _____ () C:\Users\Michael\Documents\UNCRYPT_FILES.TXT
2014-04-05 08:44 - 2012-01-22 03:19 - 00516608 ___SH () C:\Users\Michael\Desktop\ehthumbs_vista.db
2014-04-05 08:44 - 2010-10-29 09:13 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2014-04-05 08:43 - 2012-12-05 11:32 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\codeblocks
2014-04-05 08:43 - 2009-11-17 09:15 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\skypePM
2014-04-05 08:40 - 2014-03-11 06:38 - 00000000 ____D () C:\Users\Michael\AppData\Local\YtwgPack
2014-04-05 08:40 - 2010-09-14 10:51 - 00000000 ____D () C:\Users\Michael\AppData\Local\Windows Live
2014-04-05 08:40 - 2009-06-21 09:07 - 00000000 ____D () C:\Users\Michael\AppData\Local\Zattoo
2014-04-05 08:35 - 2009-12-09 20:32 - 00000000 ____D () C:\Users\Michael\AppData\Local\Symantec
2014-04-05 08:35 - 2009-09-16 08:15 - 00000000 ____D () C:\Users\Michael\AppData\Local\Microsoft Help
2014-04-05 08:30 - 2009-09-16 08:16 - 00000000 ____D () C:\Users\Michael\.freemind
2014-04-05 08:30 - 2008-12-08 09:56 - 00000000 ____D () C:\users\Michael
2014-04-05 08:29 - 2014-04-05 08:29 - 00001555 _____ () C:\Users\Michael\UNCRYPT_FILES.TXT
2014-04-05 08:29 - 2014-04-05 08:29 - 00001555 _____ () C:\Users\Michael\AppData\Local\UNCRYPT_FILES.TXT
2014-04-05 08:29 - 2010-06-13 11:03 - 00017920 _____ () C:\Users\Michael\AppData\Local\WebpageIcons.db
2014-04-05 08:28 - 2014-04-05 08:25 - 00001555 _____ () C:\ProgramData\UNCRYPT_FILES.TXT
2014-04-05 08:25 - 2014-04-05 08:00 - 00382096 _____ () C:\ProgramData\tgnxdthp.dat
2014-04-05 08:24 - 2014-03-09 06:17 - 95028440 ____T () C:\ProgramData\qbnqatlf.fee
2014-04-05 08:24 - 2013-10-26 23:14 - 00013112 _____ () C:\ProgramData\8ztdlcar.bxx
2014-04-05 08:16 - 2008-04-18 01:50 - 00000000 ____D () C:\Book
2014-04-05 08:00 - 2014-04-05 08:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{918ACB89-7E1F-FA39-E448-51D4C3E791B0}
2014-04-05 00:04 - 2013-01-20 00:59 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-04-05 00:02 - 2013-01-20 00:58 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-05 00:01 - 2014-03-17 00:04 - 00000000 ____D () C:\Users\Michael\AppData\Local\{63546E52-6521-4408-B3D9-8B32FC93385D}
2014-03-18 23:46 - 2013-08-15 06:19 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-18 23:37 - 2006-11-02 02:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-03-16 10:57 - 2014-03-16 10:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\{83EACAA2-7562-4F7A-B0DC-7188D5BE77FE}
2014-03-16 07:19 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\rescache
2014-03-16 07:02 - 2006-11-02 04:47 - 00345072 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-16 06:59 - 2009-11-06 09:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 22:58 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\de-DE
2014-03-15 22:56 - 2014-03-10 00:19 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D5CDA79D-C65D-4103-9AA0-006C1A5F22E9}
2014-03-14 22:31 - 2013-05-09 03:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-03-14 22:31 - 2011-08-13 21:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-03-10 23:52 - 2012-08-30 13:03 - 00104264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2014-03-09 00:14 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-08 23:42 - 2014-03-08 23:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\{2CC84866-1594-4EC0-B211-AA284EE49218}
2014-03-08 01:17 - 2008-01-20 23:16 - 01543880 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-08 01:00 - 2014-03-08 01:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{120399DE-04AA-4A04-82AF-5B44359E608F}

Files to move or delete:
====================
C:\Users\Michael\AppData\Local\Temp\Zekuo\oxudm.exe
C:\ProgramData\8ztdlcar.bxx
C:\ProgramData\8ztdlcar.fvv
C:\ProgramData\jqfhfr7t.ctrl
C:\ProgramData\qbnqatlf.fee
C:\ProgramData\tgnxdthp.dat
C:\ProgramData\vi0lfvr.odd


Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\10A9.tmp.exe
C:\Users\Michael\AppData\Local\Temp\2sysconf.exe
C:\Users\Michael\AppData\Local\Temp\7315EC.exe
C:\Users\Michael\AppData\Local\Temp\contentDATs.exe
C:\Users\Michael\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Michael\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Michael\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Michael\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Michael\AppData\Local\Temp\h4jhv_2y.dll
C:\Users\Michael\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\lrskyrzp.exe
C:\Users\Michael\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Michael\AppData\Local\Temp\nsk4117.tmp.exe
C:\Users\Michael\AppData\Local\Temp\omzpq2bk.dll
C:\Users\Michael\AppData\Local\Temp\ordsxh0l.dll
C:\Users\Michael\AppData\Local\Temp\pqlh9be-.dll
C:\Users\Michael\AppData\Local\Temp\removeKCL.EXE
C:\Users\Michael\AppData\Local\Temp\removeKTID.EXE
C:\Users\Michael\AppData\Local\Temp\remTIDShortcut.EXE
C:\Users\Michael\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Michael\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Michael\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Michael\AppData\Local\Temp\u1b8phlk.dll
C:\Users\Michael\AppData\Local\Temp\uninstaller.exe
C:\Users\Michael\AppData\Local\Temp\vlc-1.1.4-win32.exe
C:\Users\Michael\AppData\Local\Temp\WindowsXP-KB918997-v6-x86-%s.exe
C:\Users\Michael\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Michael\AppData\Local\Temp\writeLogFile.EXE
C:\Users\Michael\AppData\Local\Temp\WSSetup.exe
C:\Users\Michael\AppData\Local\Temp\Zattoo-Update.exe
C:\Users\Michael\AppData\Local\Temp\zhsB79D.exe
C:\Users\Michael\AppData\Local\Temp\~+JF4605862463364572036.dll
C:\Users\Michael\AppData\Local\Temp\~dmp8974339369928246427.tmp.exe
C:\Users\Michael\AppData\Local\Temp\~tmf5567513159821598138.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-03-09 01:12:37
Restore point made on: 2014-03-10 00:20:31
Restore point made on: 2014-03-11 04:02:27
Restore point made on: 2014-03-14 22:52:16
Restore point made on: 2014-03-15 22:57:24
Restore point made on: 2014-03-17 09:12:33
Restore point made on: 2014-03-18 04:35:43
Restore point made on: 2014-03-18 23:36:14
Restore point made on: 2014-03-22 23:28:59
Restore point made on: 2014-03-26 00:51:09
Restore point made on: 2014-03-29 23:13:48
Restore point made on: 2014-04-04 09:04:11
Restore point made on: 2014-04-05 00:00:56

==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 4090.07 MB
Available physical RAM: 3612.11 MB
Total Pagefile: 3955.55 MB
Available Pagefile: 3788.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.77 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:50.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:1.91 GB) (Free:0.84 GB) FAT
Drive e: (DATA) (Fixed) (Total:144.04 GB) (Free:143.17 GB) NTFS
Drive x: (PQSERVICE) (Fixed) (Total:10 GB) (Free:1.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 83C9BCF7)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 8EC50B8A)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2014-04-06 05:09

==================== End Of Log ============================
         

Könnt ihr mir weiterhelfen??

Freundliche Grüsse und vielen Dank

Alt 06.04.2014, 15:07   #2
mort
 
Interpol trojaner entfernen - Standard

Interpol trojaner entfernen





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Ich bedanke mich für deine Geduld
__________________


Alt 06.04.2014, 18:52   #3
mort
 
Interpol trojaner entfernen - Standard

Interpol trojaner entfernen



Hallo, egland und


Ich werde dir bei der Bereinigung des Copmuter helfen.
  • Arbeite meine Anleitungen nacheinander ab.
  • Poste deine Logs in Code-Tags: [code]Hier der inhalt des Logs[/code]
  • Bedenke, dass wir in unserer Freizeit tätig sind. Bekommst du von mir innerhalb von 2 Tagen keine Antwort, schreibe mir eine PM.

Schritt 1

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\Michael\...\Run: [YtwgPack] - regsvr32.exe C:\Users\Michael\AppData\Local\YtwgPack\SMCLIENT.DLL <===== ATTENTION
HKU\Michael\...\Run: [tgnxdthp] - regsvr32.exe "C:\ProgramData\tgnxdthp.dat"
HKU\Michael\...\Run: [Oxudm] - C:\Users\Michael\AppData\Local\Temp\Zekuo\oxudm.exe [643072 2008-12-12] () <===== ATTENTION
HKU\Michael\...\Winlogon: [Shell] C:\ProgramData\ytfb\oomnsf.exe,explorer.exe <==== ATTENTION 
HKU\Michael\...\Run: [syshost32] - C:\Users\Michael\AppData\Local\{918ACB89-7E1F-FA39-E448-51D4C3E791B0}\syshost.exe [83968 2014-04-05] ()
2014-04-05 23:22 - 2014-04-05 23:57 - 00000000 ____D () C:\ProgramData\xibv
2014-04-05 11:28 - 2014-04-05 23:57 - 00000000 ____D () C:\ProgramData\xuqsaa
2014-04-05 11:28 - 2014-04-05 23:52 - 00000000 ____D () C:\ProgramData\fmnip
2014-04-05 11:28 - 2014-04-05 11:28 - 00000000 ____D () C:\ProgramData\qqxqud
2014-04-05 09:15 - 2014-04-06 05:04 - 00000000 ____D () C:\ProgramData\gitunx
2014-04-05 09:14 - 2014-04-06 05:04 - 00000000 ____D () C:\ProgramData\pdvy
2014-04-05 09:14 - 2014-04-05 09:15 - 00000000 ____D () C:\ProgramData\jketq
2014-04-05 09:14 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\ytfb
2014-04-05 09:14 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\ujia
2014-04-05 08:00 - 2014-04-05 08:25 - 00382096 _____ () C:\ProgramData\tgnxdthp.dat
2014-04-05 07:59 - 2014-04-06 05:04 - 00000000 ____D () C:\ProgramData\wwlcd
2014-03-11 06:38 - 2014-04-05 08:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\YtwgPack
2014-04-05 08:25 - 2014-04-05 08:00 - 00382096 _____ () C:\ProgramData\tgnxdthp.dat
2014-04-05 08:24 - 2014-03-09 06:17 - 95028440 ____T () C:\ProgramData\qbnqatlf.fee
2014-04-05 08:24 - 2013-10-26 23:14 - 00013112 _____ () C:\ProgramData\8ztdlcar.bxx
C:\Users\Michael\AppData\Local\Temp\Zekuo
C:\ProgramData\8ztdlcar.fvv
C:\ProgramData\jqfhfr7t.ctrl
C:\ProgramData\tgnxdthp.dat
C:\ProgramData\vi0lfvr.odd
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Wenn dein Computer nach dem Fix wieder normal läuft, starte ihn im normalen Modus und mache so weiter:
Schritt 2


Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________

Alt 06.04.2014, 20:04   #4
egland
 
Interpol trojaner entfernen - Standard

Interpol trojaner entfernen



Vielen Dank für die Hilfe!!

Hier ist die fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by SYSTEM at 2014-04-06 20:49:45 Run:1
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Michael\...\Run: [YtwgPack] - regsvr32.exe C:\Users\Michael\AppData\Local\YtwgPack\SMCLIENT.DLL <===== ATTENTION
HKU\Michael\...\Run: [tgnxdthp] - regsvr32.exe "C:\ProgramData\tgnxdthp.dat"
HKU\Michael\...\Run: [Oxudm] - C:\Users\Michael\AppData\Local\Temp\Zekuo\oxudm.exe [643072 2008-12-12] () <===== ATTENTION
HKU\Michael\...\Winlogon: [Shell] C:\ProgramData\ytfb\oomnsf.exe,explorer.exe <==== ATTENTION 
HKU\Michael\...\Run: [syshost32] - C:\Users\Michael\AppData\Local\{918ACB89-7E1F-FA39-E448-51D4C3E791B0}\syshost.exe [83968 2014-04-05] ()
2014-04-05 23:22 - 2014-04-05 23:57 - 00000000 ____D () C:\ProgramData\xibv
2014-04-05 11:28 - 2014-04-05 23:57 - 00000000 ____D () C:\ProgramData\xuqsaa
2014-04-05 11:28 - 2014-04-05 23:52 - 00000000 ____D () C:\ProgramData\fmnip
2014-04-05 11:28 - 2014-04-05 11:28 - 00000000 ____D () C:\ProgramData\qqxqud
2014-04-05 09:15 - 2014-04-06 05:04 - 00000000 ____D () C:\ProgramData\gitunx
2014-04-05 09:14 - 2014-04-06 05:04 - 00000000 ____D () C:\ProgramData\pdvy
2014-04-05 09:14 - 2014-04-05 09:15 - 00000000 ____D () C:\ProgramData\jketq
2014-04-05 09:14 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\ytfb
2014-04-05 09:14 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\ujia
2014-04-05 08:00 - 2014-04-05 08:25 - 00382096 _____ () C:\ProgramData\tgnxdthp.dat
2014-04-05 07:59 - 2014-04-06 05:04 - 00000000 ____D () C:\ProgramData\wwlcd
2014-03-11 06:38 - 2014-04-05 08:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\YtwgPack
2014-04-05 08:25 - 2014-04-05 08:00 - 00382096 _____ () C:\ProgramData\tgnxdthp.dat
2014-04-05 08:24 - 2014-03-09 06:17 - 95028440 ____T () C:\ProgramData\qbnqatlf.fee
2014-04-05 08:24 - 2013-10-26 23:14 - 00013112 _____ () C:\ProgramData\8ztdlcar.bxx
C:\Users\Michael\AppData\Local\Temp\Zekuo
C:\ProgramData\8ztdlcar.fvv
C:\ProgramData\jqfhfr7t.ctrl
C:\ProgramData\tgnxdthp.dat
C:\ProgramData\vi0lfvr.odd
*****************

HKU\Michael\Software\Microsoft\Windows\CurrentVersion\Run\\YtwgPack => Value deleted successfully.
HKU\Michael\Software\Microsoft\Windows\CurrentVersion\Run\\tgnxdthp => Value deleted successfully.
HKU\Michael\Software\Microsoft\Windows\CurrentVersion\Run\\Oxudm => Value deleted successfully.
HKU\Michael\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Michael\Software\Microsoft\Windows\CurrentVersion\Run\\syshost32 => Value deleted successfully.
C:\ProgramData\xibv => Moved successfully.
C:\ProgramData\xuqsaa => Moved successfully.
C:\ProgramData\fmnip => Moved successfully.
C:\ProgramData\qqxqud => Moved successfully.
C:\ProgramData\gitunx => Moved successfully.
C:\ProgramData\pdvy => Moved successfully.
C:\ProgramData\jketq => Moved successfully.
C:\ProgramData\ytfb => Moved successfully.
C:\ProgramData\ujia => Moved successfully.
C:\ProgramData\tgnxdthp.dat => Moved successfully.
C:\ProgramData\wwlcd => Moved successfully.
C:\Users\Michael\AppData\Local\YtwgPack => Moved successfully.
"C:\ProgramData\tgnxdthp.dat" => File/Directory not found.
C:\ProgramData\qbnqatlf.fee => Moved successfully.
C:\ProgramData\8ztdlcar.bxx => Moved successfully.
C:\Users\Michael\AppData\Local\Temp\Zekuo => Moved successfully.
C:\ProgramData\8ztdlcar.fvv => Moved successfully.
C:\ProgramData\jqfhfr7t.ctrl => Moved successfully.
"C:\ProgramData\tgnxdthp.dat" => File/Directory not found.
C:\ProgramData\vi0lfvr.odd => Moved successfully.

==== End of Fixlog ====
         
und hier die FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by SYSTEM on MINWINPC on 06-04-2014 21:00:48
Running from D:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-23] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-03-06] (Acer Incorporated)
HKLM\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-09-22] (Acer)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-08-06] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-08-06] (NVIDIA Corporation)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [821768 2008-07-01] (Dritek System Inc.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [CLMLServer] - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
HKLM\...\Run: [PlayMovie] - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-05-12] (Acer Corp.)
HKLM\...\Run: [Acer Assist Launcher] - C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-10-08] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Michael\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [4240760 2010-11-09] (Microsoft Corporation)
HKU\Michael\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Michael\...\Run: [Yontoo Desktop] - "C:\Users\Michael\AppData\Roaming\Yontoo\YontooDesktop.exe"
AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll => C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll File Not Found

========================== Services (Whitelisted) =================

S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [25856 2008-04-14] (AVerMedia TECHNOLOGIES, Inc.)
S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42880 2008-04-14] (AVerMedia TECHNOLOGIES, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-24] (Microsoft Corporation)
S3 MyPenPro; C:\Windows\System32\Drivers\MyPenPro.sys [44032 2003-04-30] (C Technologies)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-03-29] (Texas Instruments)
S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-27] (Winbond Electronics Corporation)
S1 gcffuosq; \??\C:\Windows\system32\drivers\gcffuosq.sys [X]
S1 hjuihdee; \??\C:\Windows\system32\drivers\hjuihdee.sys [X]
S1 ihicpkrw; \??\C:\Windows\system32\drivers\ihicpkrw.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 jmcdlnbw; \??\C:\Windows\system32\drivers\jmcdlnbw.sys [X]
S1 lfypxjem; \??\C:\Windows\system32\drivers\lfypxjem.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 nxydeqhb; \??\C:\Windows\system32\drivers\nxydeqhb.sys [X]
S1 rahcrppn; \??\C:\Windows\system32\drivers\rahcrppn.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S1 tkzjuyvq; \??\C:\Windows\system32\drivers\tkzjuyvq.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-06 15:45 - 2014-04-06 20:49 - 00000000 ____D () C:\FRST
2014-04-06 00:02 - 2014-04-06 00:02 - 00000000 ____D () C:\Users\Michael\AppData\Local\{44FB4B45-C2BB-414C-BA26-554BC1E53C19}
2014-04-05 12:01 - 2014-04-05 12:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\{7A973DC6-7406-4763-AE08-70318BA00AE4}
2014-04-05 09:18 - 2014-04-05 09:18 - 00004275 _____ () C:\Users\Michael\Desktop\out.bin
2014-04-05 09:04 - 2014-04-05 09:04 - 00001555 _____ () C:\Users\Public\Documents\UNCRYPT_FILES.TXT
2014-04-05 08:55 - 2014-04-05 08:55 - 00001555 _____ () C:\Users\Public\UNCRYPT_FILES.TXT
2014-04-05 08:52 - 2014-04-05 08:52 - 00001555 _____ () C:\Users\Michael\Downloads\UNCRYPT_FILES.TXT
2014-04-05 08:44 - 2014-04-05 08:44 - 00001555 _____ () C:\Users\Michael\Documents\UNCRYPT_FILES.TXT
2014-04-05 08:29 - 2014-04-05 08:29 - 00001555 _____ () C:\Users\Michael\UNCRYPT_FILES.TXT
2014-04-05 08:29 - 2014-04-05 08:29 - 00001555 _____ () C:\Users\Michael\AppData\Local\UNCRYPT_FILES.TXT
2014-04-05 08:25 - 2014-04-05 08:28 - 00001555 _____ () C:\ProgramData\UNCRYPT_FILES.TXT
2014-04-05 08:00 - 2014-04-05 08:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{918ACB89-7E1F-FA39-E448-51D4C3E791B0}
2014-03-17 00:04 - 2014-04-05 00:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\{63546E52-6521-4408-B3D9-8B32FC93385D}
2014-03-16 10:57 - 2014-03-16 10:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\{83EACAA2-7562-4F7A-B0DC-7188D5BE77FE}
2014-03-15 23:03 - 2014-02-22 21:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-15 23:03 - 2014-02-22 21:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-15 23:03 - 2014-02-22 21:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-15 23:03 - 2014-02-22 21:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-15 23:03 - 2014-02-22 21:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-03-15 23:03 - 2014-02-22 21:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-03-15 23:03 - 2014-02-22 21:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-03-15 23:03 - 2014-02-22 21:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-15 23:03 - 2014-02-22 21:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-15 23:03 - 2014-02-22 21:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-03-15 23:03 - 2014-02-22 21:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-15 23:03 - 2014-02-22 21:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-03-15 23:03 - 2014-02-22 21:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-15 23:03 - 2014-02-22 21:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-03-15 23:03 - 2014-02-22 21:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-15 23:02 - 2014-02-22 21:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-14 22:47 - 2014-02-07 02:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-14 22:47 - 2014-02-03 02:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-14 22:47 - 2014-01-29 23:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2014-03-14 22:46 - 2013-11-12 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-03-10 00:19 - 2014-03-15 22:56 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D5CDA79D-C65D-4103-9AA0-006C1A5F22E9}
2014-03-08 23:42 - 2014-03-08 23:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\{2CC84866-1594-4EC0-B211-AA284EE49218}
2014-03-08 01:00 - 2014-03-08 01:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{120399DE-04AA-4A04-82AF-5B44359E608F}

==================== One Month Modified Files and Folders =======

2014-04-06 20:49 - 2014-04-06 15:45 - 00000000 ____D () C:\FRST
2014-04-06 10:58 - 2008-12-08 15:47 - 01382634 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 10:58 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 10:58 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 10:56 - 2008-12-08 11:27 - 00028029 _____ () C:\ProgramData\nvModes.001
2014-04-06 10:51 - 2008-01-20 18:47 - 07084622 _____ () C:\Windows\PFRO.log
2014-04-06 05:56 - 2008-12-08 09:56 - 00000680 _____ () C:\Users\Michael\AppData\Local\d3d9caps.dat
2014-04-06 00:02 - 2014-04-06 00:02 - 00000000 ____D () C:\Users\Michael\AppData\Local\{44FB4B45-C2BB-414C-BA26-554BC1E53C19}
2014-04-05 23:57 - 2008-12-08 11:26 - 00028029 _____ () C:\ProgramData\nvModes.dat
2014-04-05 12:01 - 2014-04-05 12:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\{7A973DC6-7406-4763-AE08-70318BA00AE4}
2014-04-05 09:18 - 2014-04-05 09:18 - 00004275 _____ () C:\Users\Michael\Desktop\out.bin
2014-04-05 09:12 - 2010-08-28 05:50 - 00000000 ____D () C:\Users\Public\Documents\Projekt 10
2014-04-05 09:12 - 2010-07-07 09:02 - 00000000 ____D () C:\Users\Public\Documents\Steuerfälle
2014-04-05 09:07 - 2010-07-07 09:02 - 00000000 ____D () C:\Users\Public\Documents\Michael Egli
2014-04-05 09:06 - 2010-07-07 09:03 - 00000000 ____D () C:\Users\Public\Documents\d Egli
2014-04-05 09:06 - 2010-07-07 09:03 - 00000000 ____D () C:\Users\Public\Documents\Bilder
2014-04-05 09:05 - 2010-07-07 09:07 - 00000000 ____D () C:\Users\Public\Documents\Andreas
2014-04-05 09:04 - 2014-04-05 09:04 - 00001555 _____ () C:\Users\Public\Documents\UNCRYPT_FILES.TXT
2014-04-05 09:04 - 2010-10-31 09:04 - 06374139 _____ () C:\Users\Public\Documents\MOV03401.MPG
2014-04-05 09:04 - 2010-10-29 07:38 - 00030208 ___SH () C:\Users\Public\Documents\Thumbs.db
2014-04-05 09:04 - 2010-07-07 09:02 - 00017408 _____ () C:\Users\Public\Documents\Abrechnung Neuseeland.xls
2014-04-05 09:04 - 2010-07-07 09:01 - 00052256 _____ () C:\Users\Public\Documents\FIBUSICH.LZX
2014-04-05 09:04 - 2010-07-07 09:00 - 00070016 _____ () C:\Users\Public\Documents\EGLI-EGLI_M10.zip
2014-04-05 09:04 - 2010-03-09 10:02 - 00432702 _____ () C:\Users\Public\Documents\andi.xps
2014-04-05 08:56 - 2010-01-30 12:24 - 00000000 ____D () C:\Users\Public\2010-01-30 Grindelwald
2014-04-05 08:56 - 2009-02-11 11:24 - 00000000 ____D () C:\Users\Public\2009-02-11
2014-04-05 08:56 - 2006-11-02 03:18 - 00000000 ___RD () C:\users\Public
2014-04-05 08:55 - 2014-04-05 08:55 - 00001555 _____ () C:\Users\Public\UNCRYPT_FILES.TXT
2014-04-05 08:53 - 2008-12-08 11:24 - 00000000 ____D () C:\Users\Michael\Documents\Eigene Google Gadgets
2014-04-05 08:52 - 2014-04-05 08:52 - 00001555 _____ () C:\Users\Michael\Downloads\UNCRYPT_FILES.TXT
2014-04-05 08:44 - 2014-04-05 08:44 - 00001555 _____ () C:\Users\Michael\Documents\UNCRYPT_FILES.TXT
2014-04-05 08:44 - 2012-01-22 03:19 - 00516608 ___SH () C:\Users\Michael\Desktop\ehthumbs_vista.db
2014-04-05 08:44 - 2010-10-29 09:13 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2014-04-05 08:43 - 2012-12-05 11:32 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\codeblocks
2014-04-05 08:43 - 2009-11-17 09:15 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\skypePM
2014-04-05 08:40 - 2010-09-14 10:51 - 00000000 ____D () C:\Users\Michael\AppData\Local\Windows Live
2014-04-05 08:40 - 2009-06-21 09:07 - 00000000 ____D () C:\Users\Michael\AppData\Local\Zattoo
2014-04-05 08:35 - 2009-12-09 20:32 - 00000000 ____D () C:\Users\Michael\AppData\Local\Symantec
2014-04-05 08:35 - 2009-09-16 08:15 - 00000000 ____D () C:\Users\Michael\AppData\Local\Microsoft Help
2014-04-05 08:30 - 2009-09-16 08:16 - 00000000 ____D () C:\Users\Michael\.freemind
2014-04-05 08:30 - 2008-12-08 09:56 - 00000000 ____D () C:\users\Michael
2014-04-05 08:29 - 2014-04-05 08:29 - 00001555 _____ () C:\Users\Michael\UNCRYPT_FILES.TXT
2014-04-05 08:29 - 2014-04-05 08:29 - 00001555 _____ () C:\Users\Michael\AppData\Local\UNCRYPT_FILES.TXT
2014-04-05 08:29 - 2010-06-13 11:03 - 00017920 _____ () C:\Users\Michael\AppData\Local\WebpageIcons.db
2014-04-05 08:28 - 2014-04-05 08:25 - 00001555 _____ () C:\ProgramData\UNCRYPT_FILES.TXT
2014-04-05 08:16 - 2008-04-18 01:50 - 00000000 ____D () C:\Book
2014-04-05 08:00 - 2014-04-05 08:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{918ACB89-7E1F-FA39-E448-51D4C3E791B0}
2014-04-05 00:04 - 2013-01-20 00:59 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-04-05 00:02 - 2013-01-20 00:58 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-05 00:01 - 2014-03-17 00:04 - 00000000 ____D () C:\Users\Michael\AppData\Local\{63546E52-6521-4408-B3D9-8B32FC93385D}
2014-03-18 23:46 - 2013-08-15 06:19 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-18 23:37 - 2006-11-02 02:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-03-16 10:57 - 2014-03-16 10:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\{83EACAA2-7562-4F7A-B0DC-7188D5BE77FE}
2014-03-16 07:19 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\rescache
2014-03-16 07:02 - 2006-11-02 04:47 - 00345072 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-16 06:59 - 2009-11-06 09:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 22:58 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\de-DE
2014-03-15 22:56 - 2014-03-10 00:19 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D5CDA79D-C65D-4103-9AA0-006C1A5F22E9}
2014-03-14 22:31 - 2013-05-09 03:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-03-14 22:31 - 2011-08-13 21:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-03-10 23:52 - 2012-08-30 13:03 - 00104264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2014-03-09 00:14 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-08 23:42 - 2014-03-08 23:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\{2CC84866-1594-4EC0-B211-AA284EE49218}
2014-03-08 01:17 - 2008-01-20 23:16 - 01543880 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-08 01:00 - 2014-03-08 01:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{120399DE-04AA-4A04-82AF-5B44359E608F}

Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\10A9.tmp.exe
C:\Users\Michael\AppData\Local\Temp\2sysconf.exe
C:\Users\Michael\AppData\Local\Temp\7315EC.exe
C:\Users\Michael\AppData\Local\Temp\contentDATs.exe
C:\Users\Michael\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Michael\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Michael\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Michael\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Michael\AppData\Local\Temp\h4jhv_2y.dll
C:\Users\Michael\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\lrskyrzp.exe
C:\Users\Michael\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Michael\AppData\Local\Temp\nsk4117.tmp.exe
C:\Users\Michael\AppData\Local\Temp\omzpq2bk.dll
C:\Users\Michael\AppData\Local\Temp\ordsxh0l.dll
C:\Users\Michael\AppData\Local\Temp\pqlh9be-.dll
C:\Users\Michael\AppData\Local\Temp\removeKCL.EXE
C:\Users\Michael\AppData\Local\Temp\removeKTID.EXE
C:\Users\Michael\AppData\Local\Temp\remTIDShortcut.EXE
C:\Users\Michael\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Michael\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Michael\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Michael\AppData\Local\Temp\u1b8phlk.dll
C:\Users\Michael\AppData\Local\Temp\uninstaller.exe
C:\Users\Michael\AppData\Local\Temp\vlc-1.1.4-win32.exe
C:\Users\Michael\AppData\Local\Temp\WindowsXP-KB918997-v6-x86-%s.exe
C:\Users\Michael\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Michael\AppData\Local\Temp\writeLogFile.EXE
C:\Users\Michael\AppData\Local\Temp\WSSetup.exe
C:\Users\Michael\AppData\Local\Temp\Zattoo-Update.exe
C:\Users\Michael\AppData\Local\Temp\zhsB79D.exe
C:\Users\Michael\AppData\Local\Temp\~+JF4605862463364572036.dll
C:\Users\Michael\AppData\Local\Temp\~dmp8974339369928246427.tmp.exe
C:\Users\Michael\AppData\Local\Temp\~tmf5567513159821598138.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-03-09 01:12:37
Restore point made on: 2014-03-10 00:20:31
Restore point made on: 2014-03-11 04:02:27
Restore point made on: 2014-03-14 22:52:16
Restore point made on: 2014-03-15 22:57:24
Restore point made on: 2014-03-17 09:12:33
Restore point made on: 2014-03-18 04:35:43
Restore point made on: 2014-03-18 23:36:14
Restore point made on: 2014-03-22 23:28:59
Restore point made on: 2014-03-26 00:51:09
Restore point made on: 2014-03-29 23:13:48
Restore point made on: 2014-04-04 09:04:11
Restore point made on: 2014-04-05 00:00:56

==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 4090.07 MB
Available physical RAM: 3612.36 MB
Total Pagefile: 3955.55 MB
Available Pagefile: 3793.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.39 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:50.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:1.91 GB) (Free:0.84 GB) FAT
Drive e: (DATA) (Fixed) (Total:144.04 GB) (Free:143.17 GB) NTFS
Drive x: (PQSERVICE) (Fixed) (Total:10 GB) (Free:1.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 83C9BCF7)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 8EC50B8A)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2014-04-06 10:59

==================== End Of Log ============================
         
--- --- ---

Alt 06.04.2014, 20:11   #5
mort
 
Interpol trojaner entfernen - Standard

Interpol trojaner entfernen



Zitat:
Wenn dein Computer nach dem Fix wieder normal läuft, starte ihn im normalen Modus
Ist der Interpol-Trojaner nun weg? Wenn ja, dann mache ein FRST-Log im normalen Modus. Wenn nicht, teile mir das bitte mit.


Alt 06.04.2014, 20:31   #6
egland
 
Interpol trojaner entfernen - Standard

Interpol trojaner entfernen



Ja der trojaner ist nun weg...
Wie kann ich das im normal modus machen?

Alt 06.04.2014, 20:34   #7
mort
 
Interpol trojaner entfernen - Standard

Interpol trojaner entfernen



Entschuldigung, der Baustein oben ist falsch. Und sind hier irgendwo "verschlüsselte" Dateien?

Schritt 1

Verschiebe FRST vom USB-Stick auf den Desktop.
  • Starte dann FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

Geändert von mort (06.04.2014 um 20:42 Uhr)

Alt 06.04.2014, 20:45   #8
egland
 
Interpol trojaner entfernen - Standard

Interpol trojaner entfernen



Muss ich das wieder in der reperaturoption durchführe

Alt 06.04.2014, 20:49   #9
mort
 
Interpol trojaner entfernen - Standard

Interpol trojaner entfernen



Den Computer ganz normal ohne Reperaturoptionen und Safemode starten.

Alt 07.04.2014, 12:11   #10
egland
 
Interpol trojaner entfernen - Standard

Interpol trojaner entfernen



Hier sind sie:

FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Michael (administrator) on EGLI on 07-04-2014 13:04:54
Running from C:\Users\Michael\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
() C:\Windows\PLFSetI.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-23] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-03-07] (Acer Incorporated)
HKLM\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-09-23] (Acer)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-08-07] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-08-07] (NVIDIA Corporation)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [821768 2008-07-02] (Dritek System Inc.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [CLMLServer] - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
HKLM\...\Run: [PlayMovie] - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-05-12] (Acer Corp.)
HKLM\...\Run: [Acer Assist Launcher] - C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-20] ()
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-10-08] (Apple Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1302810509-2473466976-1264621361-1000\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-1302810509-2473466976-1264621361-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1302810509-2473466976-1264621361-1000\...\Run: [Yontoo Desktop] - "C:\Users\Michael\AppData\Roaming\Yontoo\YontooDesktop.exe"
HKU\S-1-5-21-1302810509-2473466976-1264621361-1000\...\MountPoints2: {ede9a373-d05b-11dd-8f97-00238b313104} - F:\LaunchU3.exe
AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll => C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll File Not Found

==================== Internet (Whitelisted) ====================

ProxyServer: :
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&s=2&o=vp32&d=1208&m=aspire_7730g
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={81732C20-B877-11E2-9096-00238B313104}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&s=2&o=vp32&d=1208&m=aspire_7730g
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={81732C20-B877-11E2-9096-00238B313104}
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={81732C20-B877-11E2-9096-00238B313104}
SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={81732C20-B877-11E2-9096-00238B313104}&crg=3.1010000.10011&st=23
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={81732C20-B877-11E2-9096-00238B313104}&crg=3.1010000.10011&st=23
SearchScopes: HKCU - {F5D96886-5714-427E-BAB1-4F06A90BD2A1} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.127.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\l2zxsu7f.default
FF user.js: detected! => C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\l2zxsu7f.default\user.js
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://www.bing.com/search?FORM=IEFM1&q=
FF NetworkProxy: "ftp", ":"
FF NetworkProxy: "gopher", ":"
FF NetworkProxy: "http", ":"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", ":"
FF NetworkProxy: "ssl", ":"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\l2zxsu7f.default\searchplugins\SweetIM Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\l2zxsu7f.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-05-09]
FF Extension: Windows Update Control Panel - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\l2zxsu7f.default\Extensions\{CFB53721-F2AF-95AB-FF9F-CF16DD1EF26E} [2014-03-11]
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\l2zxsu7f.default\Extensions\hdvc@hdvc.com.xpi [2013-04-17]
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\l2zxsu7f.default\Extensions\m2k@m2kdownloader.com.xpi [2013-04-08]
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\l2zxsu7f.default\Extensions\putlockerdownloader3@putlockerdownloader.com.xpi [2013-04-11]
FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2011-01-13]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2011-01-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-06-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [koalekbhpbggkcfhkkbolikjoaobbppi] - C:\Program Files\PutLockerDownloader\PutLockerDownloader10.crx [2013-04-11]
CHR HKLM\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx [2013-04-17]
CHR HKLM\...\Chrome\Extension: [lbbbdmbjkgojacipgefbifkiebpcdjhn] - C:\Program Files\Movie2KDownloader.com\m2kDownloader10.crx [2013-04-08]

========================== Services (Whitelisted) =================

R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [25856 2008-04-15] (AVerMedia TECHNOLOGIES, Inc.)
S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42880 2008-04-15] (AVerMedia TECHNOLOGIES, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 MyPenPro; C:\Windows\System32\Drivers\MyPenPro.sys [44032 2003-04-30] (C Technologies)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-03-29] (Texas Instruments)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S1 gcffuosq; \??\C:\Windows\system32\drivers\gcffuosq.sys [X]
S1 hjuihdee; \??\C:\Windows\system32\drivers\hjuihdee.sys [X]
S1 ihicpkrw; \??\C:\Windows\system32\drivers\ihicpkrw.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 jmcdlnbw; \??\C:\Windows\system32\drivers\jmcdlnbw.sys [X]
S1 lfypxjem; \??\C:\Windows\system32\drivers\lfypxjem.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 nxydeqhb; \??\C:\Windows\system32\drivers\nxydeqhb.sys [X]
S1 rahcrppn; \??\C:\Windows\system32\drivers\rahcrppn.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S1 tkzjuyvq; \??\C:\Windows\system32\drivers\tkzjuyvq.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 13:04 - 2014-04-07 13:06 - 00018621 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-04-07 13:04 - 2014-04-06 15:33 - 01145856 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe
2014-04-07 13:00 - 2014-04-07 13:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{1421074E-85D3-449F-9EC0-D5E05458A9C6}
2014-04-07 01:45 - 2014-04-07 13:04 - 00000000 ____D () C:\FRST
2014-04-06 21:15 - 2014-04-06 21:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-06 21:15 - 2014-04-06 21:15 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-06 21:15 - 2014-04-06 21:13 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-06 21:14 - 2014-04-06 21:14 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-06 21:14 - 2014-04-06 21:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-06 21:14 - 2014-04-06 21:13 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-06 10:02 - 2014-04-06 10:02 - 00000000 ____D () C:\Users\Michael\AppData\Local\{44FB4B45-C2BB-414C-BA26-554BC1E53C19}
2014-04-05 22:01 - 2014-04-05 22:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\{7A973DC6-7406-4763-AE08-70318BA00AE4}
2014-04-05 19:18 - 2014-04-05 19:18 - 00004275 _____ () C:\Users\Michael\Desktop\out.bin
2014-04-05 19:04 - 2014-04-05 19:04 - 00001555 _____ () C:\Users\Public\Documents\UNCRYPT_FILES.TXT
2014-04-05 18:55 - 2014-04-05 18:55 - 00001555 _____ () C:\Users\Public\UNCRYPT_FILES.TXT
2014-04-05 18:52 - 2014-04-05 18:52 - 00001555 _____ () C:\Users\Michael\Downloads\UNCRYPT_FILES.TXT
2014-04-05 18:29 - 2014-04-05 18:29 - 00001555 _____ () C:\Users\Michael\UNCRYPT_FILES.TXT
2014-04-05 18:29 - 2014-04-05 18:29 - 00001555 _____ () C:\Users\Michael\AppData\Local\UNCRYPT_FILES.TXT
2014-04-05 18:25 - 2014-04-05 18:28 - 00001555 _____ () C:\ProgramData\UNCRYPT_FILES.TXT
2014-04-05 18:00 - 2014-04-05 18:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{918ACB89-7E1F-FA39-E448-51D4C3E791B0}
2014-03-17 10:04 - 2014-04-05 10:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\{63546E52-6521-4408-B3D9-8B32FC93385D}
2014-03-16 20:57 - 2014-03-16 20:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\{83EACAA2-7562-4F7A-B0DC-7188D5BE77FE}
2014-03-16 09:03 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 09:03 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 09:03 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 09:03 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 09:03 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 09:03 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-16 09:03 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 09:03 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 09:03 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 09:03 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-16 09:03 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 09:03 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-16 09:03 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-16 09:03 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-16 09:03 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 09:02 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-15 08:47 - 2014-02-07 12:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-15 08:47 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-15 08:47 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-15 08:46 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-10 10:19 - 2014-03-16 08:56 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D5CDA79D-C65D-4103-9AA0-006C1A5F22E9}
2014-03-09 09:42 - 2014-03-09 09:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\{2CC84866-1594-4EC0-B211-AA284EE49218}
2014-03-08 11:00 - 2014-03-08 11:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{120399DE-04AA-4A04-82AF-5B44359E608F}

==================== One Month Modified Files and Folders =======

2014-04-07 13:06 - 2014-04-07 13:04 - 00018621 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-04-07 13:06 - 2008-12-09 01:47 - 01434702 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 13:04 - 2014-04-07 01:45 - 00000000 ____D () C:\FRST
2014-04-07 13:04 - 2006-11-02 14:52 - 00127553 _____ () C:\Windows\setupact.log
2014-04-07 13:00 - 2014-04-07 13:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{1421074E-85D3-449F-9EC0-D5E05458A9C6}
2014-04-07 12:58 - 2008-12-08 21:27 - 00028029 _____ () C:\ProgramData\nvModes.001
2014-04-07 12:58 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 12:58 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 12:57 - 2008-01-21 04:47 - 07381346 _____ () C:\Windows\PFRO.log
2014-04-07 12:57 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 21:22 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-06 21:20 - 2008-12-25 21:55 - 00018944 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-06 21:17 - 2013-05-09 13:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-06 21:15 - 2014-04-06 21:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-06 21:15 - 2014-04-06 21:15 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-06 21:14 - 2014-04-06 21:14 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-06 21:13 - 2014-04-06 21:15 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-06 21:13 - 2014-04-06 21:14 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-06 21:13 - 2014-04-06 21:14 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-06 21:13 - 2010-06-21 21:14 - 00000000 ____D () C:\Program Files\Java
2014-04-06 15:56 - 2008-12-08 19:56 - 00000680 _____ () C:\Users\Michael\AppData\Local\d3d9caps.dat
2014-04-06 15:33 - 2014-04-07 13:04 - 01145856 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe
2014-04-06 10:02 - 2014-04-06 10:02 - 00000000 ____D () C:\Users\Michael\AppData\Local\{44FB4B45-C2BB-414C-BA26-554BC1E53C19}
2014-04-06 09:57 - 2008-12-08 21:26 - 00028029 _____ () C:\ProgramData\nvModes.dat
2014-04-05 22:01 - 2014-04-05 22:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\{7A973DC6-7406-4763-AE08-70318BA00AE4}
2014-04-05 19:18 - 2014-04-05 19:18 - 00004275 _____ () C:\Users\Michael\Desktop\out.bin
2014-04-05 19:12 - 2010-08-28 15:50 - 00000000 ____D () C:\Users\Public\Documents\Projekt 10
2014-04-05 19:12 - 2010-07-07 19:02 - 00000000 ____D () C:\Users\Public\Documents\Steuerfälle
2014-04-05 19:07 - 2010-07-07 19:02 - 00000000 ____D () C:\Users\Public\Documents\Michael Egli
2014-04-05 19:06 - 2010-07-07 19:03 - 00000000 ____D () C:\Users\Public\Documents\d Egli
2014-04-05 19:06 - 2010-07-07 19:03 - 00000000 ____D () C:\Users\Public\Documents\Bilder
2014-04-05 19:05 - 2010-07-07 19:07 - 00000000 ____D () C:\Users\Public\Documents\Andreas
2014-04-05 19:04 - 2014-04-05 19:04 - 00001555 _____ () C:\Users\Public\Documents\UNCRYPT_FILES.TXT
2014-04-05 19:04 - 2010-10-31 19:04 - 06374139 _____ () C:\Users\Public\Documents\MOV03401.MPG
2014-04-05 19:04 - 2010-10-29 17:38 - 00030208 ___SH () C:\Users\Public\Documents\Thumbs.db
2014-04-05 19:04 - 2010-07-07 19:02 - 00017408 _____ () C:\Users\Public\Documents\Abrechnung Neuseeland.xls
2014-04-05 19:04 - 2010-07-07 19:01 - 00052256 _____ () C:\Users\Public\Documents\FIBUSICH.LZX
2014-04-05 19:04 - 2010-07-07 19:00 - 00070016 _____ () C:\Users\Public\Documents\EGLI-EGLI_M10.zip
2014-04-05 19:04 - 2010-03-09 20:02 - 00432702 _____ () C:\Users\Public\Documents\andi.xps
2014-04-05 18:56 - 2010-01-30 22:24 - 00000000 ____D () C:\Users\Public\2010-01-30 Grindelwald
2014-04-05 18:56 - 2009-02-11 21:24 - 00000000 ____D () C:\Users\Public\2009-02-11
2014-04-05 18:56 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-04-05 18:55 - 2014-04-05 18:55 - 00001555 _____ () C:\Users\Public\UNCRYPT_FILES.TXT
2014-04-05 18:52 - 2014-04-05 18:52 - 00001555 _____ () C:\Users\Michael\Downloads\UNCRYPT_FILES.TXT
2014-04-05 18:44 - 2012-01-22 13:19 - 00516608 ___SH () C:\Users\Michael\Desktop\ehthumbs_vista.db
2014-04-05 18:44 - 2010-10-29 19:13 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2014-04-05 18:43 - 2012-12-05 21:32 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\codeblocks
2014-04-05 18:43 - 2009-11-17 19:15 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\skypePM
2014-04-05 18:40 - 2010-09-14 20:51 - 00000000 ____D () C:\Users\Michael\AppData\Local\Windows Live
2014-04-05 18:40 - 2009-06-21 19:07 - 00000000 ____D () C:\Users\Michael\AppData\Local\Zattoo
2014-04-05 18:35 - 2009-12-10 06:32 - 00000000 ____D () C:\Users\Michael\AppData\Local\Symantec
2014-04-05 18:35 - 2009-09-16 18:15 - 00000000 ____D () C:\Users\Michael\AppData\Local\Microsoft Help
2014-04-05 18:30 - 2009-09-16 18:16 - 00000000 ____D () C:\Users\Michael\.freemind
2014-04-05 18:30 - 2008-12-08 19:56 - 00000000 ____D () C:\Users\Michael
2014-04-05 18:29 - 2014-04-05 18:29 - 00001555 _____ () C:\Users\Michael\UNCRYPT_FILES.TXT
2014-04-05 18:29 - 2014-04-05 18:29 - 00001555 _____ () C:\Users\Michael\AppData\Local\UNCRYPT_FILES.TXT
2014-04-05 18:29 - 2010-06-13 21:03 - 00017920 _____ () C:\Users\Michael\AppData\Local\WebpageIcons.db
2014-04-05 18:28 - 2014-04-05 18:25 - 00001555 _____ () C:\ProgramData\UNCRYPT_FILES.TXT
2014-04-05 18:16 - 2008-04-18 11:50 - 00000000 ____D () C:\Book
2014-04-05 18:00 - 2014-04-05 18:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{918ACB89-7E1F-FA39-E448-51D4C3E791B0}
2014-04-05 10:04 - 2013-01-20 10:59 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-04-05 10:02 - 2013-01-20 10:58 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-05 10:01 - 2014-03-17 10:04 - 00000000 ____D () C:\Users\Michael\AppData\Local\{63546E52-6521-4408-B3D9-8B32FC93385D}
2014-03-19 09:46 - 2013-08-15 16:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 09:37 - 2006-11-02 12:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-16 20:57 - 2014-03-16 20:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\{83EACAA2-7562-4F7A-B0DC-7188D5BE77FE}
2014-03-16 17:19 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-03-16 17:02 - 2006-11-02 14:47 - 00345072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-16 16:59 - 2009-11-06 19:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 08:58 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-16 08:56 - 2014-03-10 10:19 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D5CDA79D-C65D-4103-9AA0-006C1A5F22E9}
2014-03-15 08:31 - 2013-05-09 13:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-15 08:31 - 2011-08-14 07:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 09:52 - 2012-08-30 23:03 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2014-03-09 10:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-09 09:42 - 2014-03-09 09:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\{2CC84866-1594-4EC0-B211-AA284EE49218}
2014-03-08 11:17 - 2008-01-21 09:16 - 01543880 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-08 11:00 - 2014-03-08 11:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\{120399DE-04AA-4A04-82AF-5B44359E608F}

Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\10A9.tmp.exe
C:\Users\Michael\AppData\Local\Temp\2sysconf.exe
C:\Users\Michael\AppData\Local\Temp\7315EC.exe
C:\Users\Michael\AppData\Local\Temp\contentDATs.exe
C:\Users\Michael\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Michael\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Michael\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Michael\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Michael\AppData\Local\Temp\h4jhv_2y.dll
C:\Users\Michael\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Michael\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\lrskyrzp.exe
C:\Users\Michael\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Michael\AppData\Local\Temp\nsk4117.tmp.exe
C:\Users\Michael\AppData\Local\Temp\omzpq2bk.dll
C:\Users\Michael\AppData\Local\Temp\ordsxh0l.dll
C:\Users\Michael\AppData\Local\Temp\pqlh9be-.dll
C:\Users\Michael\AppData\Local\Temp\removeKCL.EXE
C:\Users\Michael\AppData\Local\Temp\removeKTID.EXE
C:\Users\Michael\AppData\Local\Temp\remTIDShortcut.EXE
C:\Users\Michael\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Michael\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Michael\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Michael\AppData\Local\Temp\u1b8phlk.dll
C:\Users\Michael\AppData\Local\Temp\uninstaller.exe
C:\Users\Michael\AppData\Local\Temp\vlc-1.1.4-win32.exe
C:\Users\Michael\AppData\Local\Temp\WindowsXP-KB918997-v6-x86-%s.exe
C:\Users\Michael\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Michael\AppData\Local\Temp\writeLogFile.EXE
C:\Users\Michael\AppData\Local\Temp\WSSetup.exe
C:\Users\Michael\AppData\Local\Temp\Zattoo-Update.exe
C:\Users\Michael\AppData\Local\Temp\zhsB79D.exe
C:\Users\Michael\AppData\Local\Temp\~+JF4605862463364572036.dll
C:\Users\Michael\AppData\Local\Temp\~dmp8974339369928246427.tmp.exe
C:\Users\Michael\AppData\Local\Temp\~tmf5567513159821598138.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-07 13:04

==================== End Of Log ============================
         
--- --- ---


und Adddition.txt:¨

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Michael at 2014-04-07 13:07:31
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Incorporated)
Acer Crystal Eye Webcam 2.0.8 (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.0.8 - SuYin)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 3.0.3007 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3060 - Egis Inc.)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3006 - Acer Incorporated)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3008 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.12.0506 - Acer Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.5.3 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.3 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVerMedia A310 (MiniCard, DVB-T) 1.1.0.27 (HKLM\...\AVerMedia A310 (MiniCard, DVB-T)) (Version: 1.1.0.27 - AVerMedia TECHNOLOGIES, Inc.)
Azada (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version:  - Oberon Media)
Backspin Billiards (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version:  - Oberon Media)
Big Kahuna Reef (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version:  - Oberon Media)
Bing Bar (HKLM\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{A64A5576-D862-44F8-89DC-2B17FCC9B86E}) (Version: 11.11.03 - Broadcom Corporation)
CodeBlocks (HKCU\...\CodeBlocks) (Version: 10.05 - The Code::Blocks Team)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{35C0A1E4-D02A-412C-841F-266DBB116ABB}) (Version: 12.02.0000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest Solitaire (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version:  - Oberon Media)
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.10.04 - JMicron Technology Corp.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version:  - Oberon Media)
Mahjongg Artifacts (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version:  - Oberon Media)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}) (Version: 3.1.4.0 - Apple Inc.)
Mozilla Firefox (3.6.8) (HKLM\...\Mozilla Firefox (3.6.8)) (Version: 3.6.8 (de) - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 1.1.4 (HKLM\...\VLC media player) (Version: 1.1.4 - VideoLAN)
Winbond CIR Device Drivers (HKLM\...\{10F498FF-5392-4DF3-8F73-FE172A9F3800}) (Version: 7.60.1012 - Winbond Electronics Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zattoo 3.3.4 Beta (HKLM\...\Zattoo) (Version: 3.3.4 Beta - Zattoo Inc.)
Zattoo4 4.0.5 (HKLM\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0BA73F85-F6B7-49DF-B7CD-D0A5BC6D5ED2} - System32\Tasks\4872 => Wscript.exe C:\Users\Michael\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4721699C-A3BA-4625-86B9-440C0F62931D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Egli => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {48636069-4D0D-44C3-84D1-CA882628C062} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {53F54C74-E276-41BE-83BB-257EE61E39C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15] (Adobe Systems Incorporated)
Task: {6B08C0AD-559F-44F5-A285-F38F304FB66D} - System32\Tasks\Acer\Acer Assist\New Message Check - Michael => C:\Program Files\Acer\Acer Assist\AcerAssist.exe [2007-11-20] (Acer Incorporated)
Task: {908AE2E5-1DB8-419F-B926-B047C4110F44} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {919B1E61-4FF0-4C40-B824-8196AC9FE367} - System32\Tasks\{5228D1AF-9563-468F-82C8-AFFA06AC33A5} => C:\Program Files\Skype\Phone\Skype.exe
Task: {D474794B-C6AE-4928-B5C3-F9E3C49E5252} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-10-16 16:57 - 2008-10-16 16:57 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2008-04-18 10:52 - 2008-03-21 13:22 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-04-18 10:52 - 2008-04-18 10:52 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3006.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-04-18 10:52 - 2008-04-18 10:52 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-04-18 10:52 - 2008-04-18 10:52 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
2008-04-18 10:52 - 2008-04-18 10:52 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3006.0__672b450de5a7e94a\Framework.Host.dll
2008-04-18 10:52 - 2008-04-18 10:52 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3006.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-04-18 10:59 - 2008-03-07 03:35 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eAudio\eAudioSrvPlugin.dll
2008-04-18 10:57 - 2008-05-26 15:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2008-04-18 10:57 - 2008-05-26 15:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2008-04-18 10:57 - 2008-05-26 15:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2008-04-18 10:57 - 2008-05-26 15:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2008-03-04 23:38 - 2008-03-04 23:38 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-04-18 11:50 - 2007-12-06 16:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-04-18 11:50 - 2007-11-27 15:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-12-08 20:38 - 2007-10-23 11:56 - 00200704 _____ () C:\Windows\PLFSetI.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:C95B63DA

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2014 08:57:30 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 3f8
Anfangszeit: 01cf51c9468ab893
Zeitpunkt der Beendigung: 19

Error: (04/06/2014 05:19:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4837014

Error: (04/06/2014 05:19:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4837014

Error: (04/06/2014 05:19:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2014 05:19:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4819963

Error: (04/06/2014 05:19:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4819963

Error: (04/06/2014 05:19:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2014 03:57:10 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung regsvr32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b3c7, fehlerhaftes Modul SMCLIENT.DLL, Version 0.0.0.0, Zeitstempel 0x52ab4d59, Ausnahmecode 0xc0000005, Fehleroffset 0x00001039,
Prozess-ID 0x7d8, Anwendungsstartzeit regsvr32.exe0.

Error: (04/06/2014 03:56:52 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel 0x4cd2e07b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x016326c4,
Prozess-ID 0x190, Anwendungsstartzeit taskeng.exe0.

Error: (04/06/2014 03:06:04 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung eAudio.exe, Version 3.0.3007.0, Zeitstempel 0x47d047aa, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x036b26c4,
Prozess-ID 0xf94, Anwendungsstartzeit eAudio.exe0.


System errors:
=============
Error: (04/07/2014 00:59:11 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/06/2014 09:04:18 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/06/2014 08:58:05 PM) (Source: PlugPlayManager) (User: )
Description: Fehler beim Schreiben auf die serverseitige Installationspipe

Error: (04/06/2014 08:52:58 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/06/2014 08:51:44 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 06.04.2014 um 20:47:14 unerwartet heruntergefahren.

Error: (04/06/2014 03:54:55 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/06/2014 03:03:55 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/06/2014 10:45:24 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/06/2014 10:41:15 AM) (Source: DCOM) (User: )
Description: {E70C92A9-4BFD-11D1-8A95-00C04FB951F3}

Error: (04/06/2014 10:39:17 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (09/12/2012 05:55:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/12/2012 05:55:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/12/2012 05:54:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/12/2012 05:54:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 223 seconds with 180 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-10-16 08:39:46.039
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 08:39:45.384
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 08:39:44.698
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 08:39:44.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 08:39:26.181
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 08:39:25.494
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 08:39:24.808
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 08:39:24.121
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 08:39:23.279
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 08:39:22.608
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 40%
Total physical RAM: 3065.94 MB
Available physical RAM: 1809.42 MB
Total Pagefile: 6334.68 MB
Available Pagefile: 4913.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.3 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:63.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:143.17 GB) NTFS
Drive f: () (Removable) (Total:1.91 GB) (Free:0.84 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 83C9BCF7)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 8EC50B8A)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================
         

Alt 07.04.2014, 19:54   #11
mort
 
Interpol trojaner entfernen - Standard

Interpol trojaner entfernen



Sind irgendwelche Dateien verschlüsselt? Wir werden erstmal das grobe löschen und mal schauen was mit einem Dienst los ist.

Schritt 1

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 2

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



Alt 08.04.2014, 14:42   #12
egland
 
Interpol trojaner entfernen - Standard

Interpol trojaner entfernen



Nein, ich habe keine verschlüsselten Daten.
Hier ist die Combofix:

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 14-04-08.01 - Michael 08.04.2014  15:10:02.1.2 - x86
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1C7
c:\programdata\1C7\{B106F91A-2E24-427E-B34A-18D2777DDD61}.swf
c:\programdata\NVIDIA
c:\programdata\NVIDIA\NvApps.xml
c:\programdata\NVIDIA\NvStarted
c:\programdata\Roaming
c:\users\Michael\AppData\Roaming\.#
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-08 bis 2014-04-08  ))))))))))))))))))))))))))))))
.
.
2014-04-08 13:26 . 2014-04-08 13:26	62576	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{381788B6-4A49-4FEA-A956-881FFBDAD7C8}\offreg.dll
2014-04-06 23:45 . 2014-04-07 11:08	--------	d-----w-	C:\FRST
2014-04-06 19:15 . 2014-04-06 19:15	--------	d-----w-	c:\programdata\Oracle
2014-04-06 19:15 . 2014-04-06 19:15	--------	d-----w-	c:\program files\Common Files\Java
2014-04-06 19:14 . 2014-04-06 19:14	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-04-06 19:09 . 2014-03-07 04:35	7969936	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{381788B6-4A49-4FEA-A956-881FFBDAD7C8}\mpengine.dll
2014-04-06 13:14 . 2014-03-07 04:35	7969936	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-05 16:00 . 2014-04-05 16:00	--------	d-----w-	c:\users\Michael\AppData\Local\{918ACB89-7E1F-FA39-E448-51D4C3E791B0}
2014-04-04 17:09 . 2014-02-23 08:23	765968	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D6D03CB-3EF5-43C4-8FA1-86263EC674E6}\gapaengine.dll
2014-03-15 06:47 . 2014-02-07 10:38	2050560	----a-w-	c:\windows\system32\win32k.sys
2014-03-15 06:47 . 2014-02-03 10:37	505344	----a-w-	c:\windows\system32\qedit.dll
2014-03-15 06:47 . 2014-01-30 07:46	876032	----a-w-	c:\windows\system32\wer.dll
2014-03-15 06:46 . 2013-11-13 00:30	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-15 06:31 . 2013-05-09 11:58	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-03-15 06:31 . 2011-08-14 05:46	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 07:52 . 2012-08-30 21:03	104264	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-23 08:23 . 2013-03-14 07:54	765968	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-24 23:19 . 2014-01-24 23:19	231960	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32 . 2010-01-08 07:16	231584	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 92704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-02 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2008-04-15 25856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-09 06:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.ch/
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={81732C20-B877-11E2-9096-00238B313104}
uInternet Settings,ProxyOverride = *.local
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\l2zxsu7f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Yontoo Desktop - c:\users\Michael\AppData\Roaming\Yontoo\YontooDesktop.exe
HKLM-Run-CLMLServer - c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard
AddRemove-CodeBlocks - c:\users\Michael\Desktop\CodeBlocks\uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(336)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\program files\Microsoft Security Client\NisSrv.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-08  15:33:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-04-08 13:33
.
Vor Suchlauf: 13 Verzeichnis(se), 69'542'498'304 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 71'645'749'248 Bytes frei
.
- - End Of File - - C8EF984A1BFE8582BF41911264BD35F3
         
--- --- --- 7BA4C7EA1EF33A92F5F01BE63EDACB6A
Hier ist die FSS.txt:
Code:
ATTFilter
Farbar Service Scanner Version: 25-02-2014
Ran by Michael (administrator) on 08-04-2014 at 15:41:20
Running from "C:\Users\Michael\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-14 16:38] - [2013-07-05 05:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         

Alt 08.04.2014, 17:22   #13
mort
 
Interpol trojaner entfernen - Standard

Interpol trojaner entfernen



Machen wir noch ein paar Kontrollscans und schauen ob es das war.

Schritt 1

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Schritt 2


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Alt 11.04.2014, 18:18   #14
mort
 
Interpol trojaner entfernen - Standard

Interpol trojaner entfernen



Hallo,
benötigst Du noch weiterhin Hilfe?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Antwort

Themen zu Interpol trojaner entfernen
acer, adobe, association, crypt, defender, desktop, download, entfernen, explorer, explorer.exe, google, home, launch, messenger, microsoft, nvidia, popup, registry, rundll, services.exe, svchost.exe, system, temp, trojaner, vista, winlogon, winlogon.exe




Ähnliche Themen: Interpol trojaner entfernen


  1. Interpol-Virus Windows 8.1 entfernen bitte für Dummies!!!!
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (7)
  2. Interpol Trojaner
    Log-Analyse und Auswertung - 21.10.2014 (25)
  3. GUV/Interpol-Trojaner Win 7/32 Bit
    Log-Analyse und Auswertung - 21.04.2014 (10)
  4. Interpol hat zugeschlagen! Interpol Troyaner/Virus legt Rechner Lahm!
    Log-Analyse und Auswertung - 30.03.2014 (7)
  5. Trojaner Interpol Win XP - trotz abgesicherten Modus kein Zugriff - Standard AW: Trojaner Interpol Win XP - trotz abgesicherten Modus kein
    Log-Analyse und Auswertung - 18.02.2014 (18)
  6. Interpol/BKA Trojaner
    Log-Analyse und Auswertung - 07.01.2014 (11)
  7. Interpol Trojaner mit Kaspersky Rescue Disk 10 entfernen geht nicht.
    Log-Analyse und Auswertung - 21.12.2013 (15)
  8. Interpol Trojaner läßt sich nicht entfernen...
    Log-Analyse und Auswertung - 03.12.2013 (3)
  9. Interpol Trojaner von Rechner entfernen
    Log-Analyse und Auswertung - 27.11.2013 (12)
  10. GVU Interpol Trojaner entfernen?
    Log-Analyse und Auswertung - 26.11.2013 (5)
  11. Interpol Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.11.2013 (14)
  12. gvu interpol trojaner entfernen, bitte um hilfe
    Log-Analyse und Auswertung - 17.11.2013 (4)
  13. GVU-Interpol-BKA-Trojaner
    Log-Analyse und Auswertung - 01.11.2013 (17)
  14. GVU, Interpol Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.10.2013 (15)
  15. Interpol-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (9)
  16. Interpol / GVU Trojaner entfernen! ... BITTE UM HILFE
    Log-Analyse und Auswertung - 15.10.2013 (7)
  17. Interpol trojaner
    Log-Analyse und Auswertung - 27.05.2013 (13)

Zum Thema Interpol trojaner entfernen - Hallo zusammen Mein Lap Top ist mit dem Interpol trojaner befallen. Ich habe den FRST-Scan schon durchgeführt und schicke ihn. Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery - Interpol trojaner entfernen...
Archiv
Du betrachtest: Interpol trojaner entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.