| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner - LOG File Analysieren und BereinigenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.07.2013, 18:56
| #1 |
| |  GVU Trojaner - LOG File Analysieren und Bereinigen Hallo Liebes Board, ich habe mir den GVU Trojaner eingefangen und mit Farbars Recovery Scan Tool die Log erstellt. Der Username wurde absichtlich nach erstellung der txt geändert. Vielen Dank für Eure Hilfe. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 07-07-2013 21:34:48
Running from I:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-22] (Microsoft)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-29] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\xxuserxx\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-14] (Google Inc.)
HKU\xxuserxx\...\Run: [AdobeBridge] [x]
Startup: C:\Users\xxuserxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-26] (Adobe Systems)
S3 Appinfo; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224 2013-01-16] ()
S2 DcomLaunch; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Dnscache; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 gpsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 KtmRm; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 pla; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-12] ()
S2 RpcSs; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 W32Time; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)
S3 WerSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S3 mfeavfk01; No ImagePath
S3 PCDSRVC{6368CD8C-4B9A13B6-06020200}_0; \??\c:\users\admini~1\appdata\local\temp\mdlhfumq3q8y\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\DriverTurbo
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-01 12:34 - 2013-07-01 12:35 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\PC-FAX TX
2013-07-01 12:09 - 2013-07-04 16:33 - 00000000 ____D C:\Users\xxuserxx\Downloads\mflpro
2013-07-01 12:01 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\xxuserxx\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\xxuserxx\FK1703_130629_153429.zip
2013-06-28 23:06 - 2013-07-03 22:20 - 00000000 ____D C:\Users\xxuserxx\Desktop\scout
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\xxuserxx\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\xxuserxx\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\xxuserxx\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp
2013-06-07 03:43 - 2013-06-07 03:43 - 00183147 ____A C:\Users\xxuserxx\FK1703_130607_134336.zip
2013-06-07 00:37 - 2013-07-04 18:24 - 00000000 ____D C:\Users\xxuserxx\Desktop\Mibbel
==================== One Month Modified Files and Folders =======
2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-05 14:00 - 2012-08-14 12:15 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-05 14:00 - 2012-08-14 07:10 - 00000000 ____D C:\users\xxuserxx
2013-07-05 14:00 - 2011-01-28 08:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-05 14:00 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-05 13:59 - 2013-05-16 20:27 - 00000000 ____D C:\Program Files (x86)\FRITZ!BoxPrint
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-11 08:23 - 00000000 ____D C:\Program Files (x86)\Brother
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iPod
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 13:59 - 2013-03-02 05:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-05 13:59 - 2013-02-17 00:51 - 00000000 ____D C:\Program Files (x86)\hdvidcodec.com
2013-07-05 13:59 - 2013-02-07 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-05 13:59 - 2013-01-29 20:30 - 00000000 ____D C:\Users\xxuserxx\Desktop\Unfall
2013-07-05 13:59 - 2013-01-26 02:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\ProgramData\Norton
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2013-07-05 13:59 - 2013-01-18 06:07 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-07-05 13:59 - 2013-01-18 04:32 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-05 13:59 - 2013-01-15 18:02 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-05 13:59 - 2013-01-14 12:55 - 00000000 ____D C:\Program Files (x86)\SQL Anywhere 11
2013-07-05 13:59 - 2012-12-01 00:57 - 00000000 ____D C:\Program Files (x86)\PowerDataRecovery
2013-07-05 13:59 - 2012-11-11 04:07 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Vistaprint Fotobücher
2013-07-05 13:59 - 2012-10-29 09:48 - 00000000 ____D C:\Program Files (x86)\GoforFiles
2013-07-05 13:59 - 2012-10-12 03:32 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\Spotify
2013-07-05 13:59 - 2012-09-24 21:37 - 00000000 ____D C:\Program Files (x86)\svnet
2013-07-05 13:59 - 2012-09-17 06:14 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Bonjour
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-05 13:59 - 2012-08-17 23:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-07-05 13:59 - 2012-08-17 23:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-07-05 13:59 - 2012-08-17 05:07 - 00000000 ____D C:\Program Files\GIMP 2
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files\WinRAR
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2013-07-05 13:59 - 2012-08-17 05:02 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-05 13:59 - 2012-08-14 12:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-05 13:59 - 2012-08-09 23:43 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-05 13:59 - 2011-01-28 08:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-05 13:59 - 2011-01-28 08:05 - 00000000 ____D C:\ProgramData\oem
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec Shredder
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2013-07-05 13:59 - 2011-01-28 07:57 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLockerSuite
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\ProgramData\McAfee
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\mcafee.com
2013-07-05 13:59 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-05 13:58 - 2013-01-14 21:45 - 00000000 ____D C:\EuroKass
2013-07-05 13:58 - 2012-10-02 22:02 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2013-07-05 13:58 - 2011-01-28 07:37 - 00000000 ___HD C:\OEM
2013-07-05 13:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-05 13:42 - 2013-01-26 02:50 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\Mozilla
2013-07-05 13:42 - 2012-08-18 00:39 - 00000000 ____D C:\Users\xxuserxx\xxuserxx
2013-07-05 13:41 - 2012-08-17 05:02 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Adobe
2013-07-05 13:41 - 2012-08-14 12:16 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Google
2013-07-05 13:40 - 2013-01-14 11:49 - 00000000 ____D C:\ProgramData\Lexware
2013-07-05 13:40 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files\mcafee
2013-07-05 13:38 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-05 13:37 - 2011-01-28 07:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 18:24 - 2013-06-07 00:37 - 00000000 ____D C:\Users\xxuserxx\Desktop\Mibbel
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:34 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\PC-FAX TX
2013-07-04 16:33 - 2013-07-01 12:09 - 00000000 ____D C:\Users\xxuserxx\Downloads\mflpro
2013-07-04 16:33 - 2013-07-01 12:01 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-04 00:01 - 2013-05-27 07:32 - 00000000 ____D C:\Users\xxuserxx\Documents\Mein Steuer-Sparbuch Heute
2013-07-03 22:20 - 2013-06-28 23:06 - 00000000 ____D C:\Users\xxuserxx\Desktop\scout
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\xxuserxx\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\xxuserxx\FK1703_130629_153429.zip
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\xxuserxx\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\xxuserxx\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\xxuserxx\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp
2013-06-07 03:43 - 2013-06-07 03:43 - 00183147 ____A C:\Users\xxuserxx\FK1703_130607_134336.zip
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-27 07:23:59
Restore point made on: 2013-05-31 17:00:34
Restore point made on: 2013-06-26 17:00:43
Restore point made on: 2013-06-29 09:17:39
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 6135.11 MB
Available physical RAM: 5308.68 MB
Total Pagefile: 6133.26 MB
Available Pagefile: 5296.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:688.11 GB) (Free:583.6 GB) NTFS (Disk=0 Partition=3)
Drive e: (DATA) (Fixed) (Total:688.55 GB) (Free:669.42 GB) NTFS (Disk=0 Partition=4)
Drive f: (PQSERVICE) (Fixed) (Total:20.51 GB) (Free:8.57 GB) NTFS (Disk=0 Partition=1)
Drive g: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive i: (OTLPE) (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: DE653B78)
Partition 1: (Not Active) - (Size=21 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=688 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=689 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 0217934C)
Partition 1: (Active) - (Size=4 GB) - (Type=06)
LastRegBack: 2013-07-01 10:44
==================== End Of Log ============================
|
|
07.07.2013, 20:30
| #2 |
| /// the machine /// TB-Ausbilder    | GVU Trojaner - LOG File Analysieren und Bereinigen hi,
__________________Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter c:\users\administrator\appdata\local\temp\*.*
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ |
|
07.07.2013, 21:02
| #3 |
| | GVU Trojaner - LOG File Analysieren und Bereinigen Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013
__________________Ran by SYSTEM at 2013-07-07 23:58:22 Run:2 Running from I:\ Boot Mode: Recovery ============================================== "c:\users\administrator\appdata\local\temp\*.*" => Could not move. ==== End of Fixlog ==== |
|
08.07.2013, 07:26
| #4 |
| /// the machine /// TB-Ausbilder | GVU Trojaner - LOG File Analysieren und Bereinigen Poste bitte mal ein frisches FRST Log aus der Recovery.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.07.2013, 18:30
| #5 |
| | GVU Trojaner - LOG File Analysieren und BereinigenFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 08-07-2013 21:13:23
Running from H:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-22] (Microsoft)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-29] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\xxuserxx\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-14] (Google Inc.)
HKU\xxuserxx\...\Run: [AdobeBridge] [x]
Startup: C:\Users\xxuserxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-26] (Adobe Systems)
S3 Appinfo; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224 2013-01-16] ()
S2 DcomLaunch; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Dnscache; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 gpsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 KtmRm; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 pla; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-12] ()
S2 RpcSs; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 W32Time; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)
S3 WerSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S3 mfeavfk01; No ImagePath
S3 PCDSRVC{6368CD8C-4B9A13B6-06020200}_0; \??\c:\users\admini~1\appdata\local\temp\mdlhfumq3q8y\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-07 15:32 - 2013-07-07 15:32 - 00000067 ____A C:\.directory
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\DriverTurbo
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-01 12:34 - 2013-07-04 16:33 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\PC-FAX TX
2013-07-01 12:09 - 2013-07-04 16:33 - 00000000 ____D C:\Users\xxuserxx\Downloads\mflpro
2013-07-01 12:01 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\xxuserxx\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\xxuserxx\FK1703_130629_153429.zip
2013-06-28 23:06 - 2013-07-03 22:20 - 00000000 ____D C:\Users\xxuserxx\Desktop\scout
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\xxuserxx\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\xxuserxx\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\xxuserxx\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp
==================== One Month Modified Files and Folders =======
2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-07 15:32 - 2013-07-07 15:32 - 00000067 ____A C:\.directory
2013-07-05 14:00 - 2012-08-14 12:15 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-05 14:00 - 2012-08-14 07:10 - 00000000 ____D C:\users\xxuserxx
2013-07-05 14:00 - 2011-01-28 08:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-05 14:00 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-05 13:59 - 2013-05-16 20:27 - 00000000 ____D C:\Program Files (x86)\FRITZ!BoxPrint
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-11 08:23 - 00000000 ____D C:\Program Files (x86)\Brother
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iPod
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 13:59 - 2013-03-02 05:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-05 13:59 - 2013-02-17 00:51 - 00000000 ____D C:\Program Files (x86)\hdvidcodec.com
2013-07-05 13:59 - 2013-02-07 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-05 13:59 - 2013-01-29 20:30 - 00000000 ____D C:\Users\xxuserxx\Desktop\Unfall
2013-07-05 13:59 - 2013-01-26 02:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\ProgramData\Norton
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2013-07-05 13:59 - 2013-01-18 06:07 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-07-05 13:59 - 2013-01-18 04:32 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-05 13:59 - 2013-01-15 18:02 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-05 13:59 - 2013-01-14 12:55 - 00000000 ____D C:\Program Files (x86)\SQL Anywhere 11
2013-07-05 13:59 - 2012-12-01 00:57 - 00000000 ____D C:\Program Files (x86)\PowerDataRecovery
2013-07-05 13:59 - 2012-11-11 04:07 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Vistaprint Fotobücher
2013-07-05 13:59 - 2012-10-29 09:48 - 00000000 ____D C:\Program Files (x86)\GoforFiles
2013-07-05 13:59 - 2012-10-12 03:32 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\Spotify
2013-07-05 13:59 - 2012-09-24 21:37 - 00000000 ____D C:\Program Files (x86)\svnet
2013-07-05 13:59 - 2012-09-17 06:14 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Bonjour
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-05 13:59 - 2012-08-17 23:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-07-05 13:59 - 2012-08-17 23:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-07-05 13:59 - 2012-08-17 05:07 - 00000000 ____D C:\Program Files\GIMP 2
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files\WinRAR
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2013-07-05 13:59 - 2012-08-17 05:02 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-05 13:59 - 2012-08-14 12:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-05 13:59 - 2012-08-09 23:43 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-05 13:59 - 2011-01-28 08:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-05 13:59 - 2011-01-28 08:05 - 00000000 ____D C:\ProgramData\oem
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec Shredder
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2013-07-05 13:59 - 2011-01-28 07:57 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLockerSuite
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\ProgramData\McAfee
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\mcafee.com
2013-07-05 13:59 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-05 13:58 - 2013-01-14 21:45 - 00000000 ____D C:\EuroKass
2013-07-05 13:58 - 2012-10-02 22:02 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2013-07-05 13:58 - 2011-01-28 07:37 - 00000000 ___HD C:\OEM
2013-07-05 13:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-05 13:42 - 2013-01-26 02:50 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\Mozilla
2013-07-05 13:42 - 2012-08-18 00:39 - 00000000 ____D C:\Users\xxuserxx\xxuserxx
2013-07-05 13:41 - 2012-08-17 05:02 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Adobe
2013-07-05 13:41 - 2012-08-14 12:16 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Google
2013-07-05 13:40 - 2013-01-14 11:49 - 00000000 ____D C:\ProgramData\Lexware
2013-07-05 13:40 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files\mcafee
2013-07-05 13:38 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-05 13:37 - 2011-01-28 07:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 18:24 - 2013-06-07 00:37 - 00000000 ____D C:\Users\xxuserxx\Desktop\Mibbel
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:34 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\PC-FAX TX
2013-07-04 16:33 - 2013-07-01 12:09 - 00000000 ____D C:\Users\xxuserxx\Downloads\mflpro
2013-07-04 16:33 - 2013-07-01 12:01 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-04 00:01 - 2013-05-27 07:32 - 00000000 ____D C:\Users\xxuserxx\Documents\Mein Steuer-Sparbuch Heute
2013-07-03 22:20 - 2013-06-28 23:06 - 00000000 ____D C:\Users\xxuserxx\Desktop\scout
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\xxuserxx\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\xxuserxx\FK1703_130629_153429.zip
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\xxuserxx\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\xxuserxx\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\xxuserxx\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-27 07:23:59
Restore point made on: 2013-05-31 17:00:34
Restore point made on: 2013-06-26 17:00:43
Restore point made on: 2013-06-29 09:17:39
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 6135.11 MB
Available physical RAM: 5307.96 MB
Total Pagefile: 6133.26 MB
Available Pagefile: 5296.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:688.11 GB) (Free:583.43 GB) NTFS (Disk=0 Partition=3)
Drive e: (DATA) (Fixed) (Total:688.55 GB) (Free:669.42 GB) NTFS (Disk=0 Partition=4)
Drive f: (PQSERVICE) (Fixed) (Total:20.51 GB) (Free:8.57 GB) NTFS (Disk=0 Partition=1)
Drive g: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive h: (OTLPE) (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: DE653B78)
Partition 1: (Not Active) - (Size=21 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=688 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=689 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 0217934C)
Partition 1: (Active) - (Size=4 GB) - (Type=06)
LastRegBack: 2013-07-01 10:44
==================== End Of Log ============================
|
|
08.07.2013, 18:34
| #6 |
| /// the machine /// TB-Ausbilder | GVU Trojaner - LOG File Analysieren und Bereinigen Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S3 W32Time; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)
S3 PCDSRVC{6368CD8C-4B9A13B6-06020200}_0; \??\c:\users\admini~1\appdata\local\temp\mdlhfumq3q8y\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
c:\users\admini~1\appdata\local\temp\mdlhfumq3q8y
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ --> GVU Trojaner - LOG File Analysieren und Bereinigen |
|
08.07.2013, 18:48
| #7 |
| | GVU Trojaner - LOG File Analysieren und Bereinigen FIXLOG Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013
Ran by SYSTEM at 2013-07-08 21:45:48 Run:7
Running from J:\
Boot Mode: Recovery
==============================================
W32Time => Service not found.
WajamUpdater => Service not found.
PCDSRVC{6368CD8C-4B9A13B6-06020200}_0 => Service not found.
"c:\users\admini~1\appdata\local\temp\mdlhfumq3q8y" => File/Directory not found.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 08-07-2013 21:45:56
Running from J:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-22] (Microsoft)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-29] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Putzmunter\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-14] (Google Inc.)
HKU\Putzmunter\...\Run: [AdobeBridge] [x]
Startup: C:\Users\Putzmunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-26] (Adobe Systems)
S3 Appinfo; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224 2013-01-16] ()
S2 DcomLaunch; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Dnscache; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 gpsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 KtmRm; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 pla; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-12] ()
S2 RpcSs; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 WerSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S3 mfeavfk01; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-07 15:32 - 2013-07-07 15:32 - 00000067 ____A C:\.directory
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\DriverTurbo
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-01 12:34 - 2013-07-04 16:33 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\PC-FAX TX
2013-07-01 12:09 - 2013-07-04 16:33 - 00000000 ____D C:\Users\Putzmunter\Downloads\mflpro
2013-07-01 12:01 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\Putzmunter\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\Putzmunter\FK1703_130629_153429.zip
2013-06-28 23:06 - 2013-07-03 22:20 - 00000000 ____D C:\Users\Putzmunter\Desktop\scout
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\Putzmunter\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\Putzmunter\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\Putzmunter\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp
==================== One Month Modified Files and Folders =======
2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-07 15:32 - 2013-07-07 15:32 - 00000067 ____A C:\.directory
2013-07-05 14:00 - 2012-08-14 12:15 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-05 14:00 - 2012-08-14 07:10 - 00000000 ____D C:\users\Putzmunter
2013-07-05 14:00 - 2011-01-28 08:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-05 14:00 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-05 13:59 - 2013-05-16 20:27 - 00000000 ____D C:\Program Files (x86)\FRITZ!BoxPrint
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-11 08:23 - 00000000 ____D C:\Program Files (x86)\Brother
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iPod
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 13:59 - 2013-03-02 05:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-05 13:59 - 2013-02-17 00:51 - 00000000 ____D C:\Program Files (x86)\hdvidcodec.com
2013-07-05 13:59 - 2013-02-07 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-05 13:59 - 2013-01-29 20:30 - 00000000 ____D C:\Users\Putzmunter\Desktop\Unfall
2013-07-05 13:59 - 2013-01-26 02:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\ProgramData\Norton
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2013-07-05 13:59 - 2013-01-18 06:07 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-07-05 13:59 - 2013-01-18 04:32 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-05 13:59 - 2013-01-15 18:02 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-05 13:59 - 2013-01-14 12:55 - 00000000 ____D C:\Program Files (x86)\SQL Anywhere 11
2013-07-05 13:59 - 2012-12-01 00:57 - 00000000 ____D C:\Program Files (x86)\PowerDataRecovery
2013-07-05 13:59 - 2012-11-11 04:07 - 00000000 ____D C:\Users\Putzmunter\AppData\Local\Vistaprint Fotobücher
2013-07-05 13:59 - 2012-10-29 09:48 - 00000000 ____D C:\Program Files (x86)\GoforFiles
2013-07-05 13:59 - 2012-10-12 03:32 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\Spotify
2013-07-05 13:59 - 2012-09-24 21:37 - 00000000 ____D C:\Program Files (x86)\svnet
2013-07-05 13:59 - 2012-09-17 06:14 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Bonjour
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-05 13:59 - 2012-08-17 23:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-07-05 13:59 - 2012-08-17 23:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-07-05 13:59 - 2012-08-17 05:07 - 00000000 ____D C:\Program Files\GIMP 2
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files\WinRAR
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2013-07-05 13:59 - 2012-08-17 05:02 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-05 13:59 - 2012-08-14 12:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-05 13:59 - 2012-08-09 23:43 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-05 13:59 - 2011-01-28 08:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-05 13:59 - 2011-01-28 08:05 - 00000000 ____D C:\ProgramData\oem
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec Shredder
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2013-07-05 13:59 - 2011-01-28 07:57 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLockerSuite
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\ProgramData\McAfee
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\mcafee.com
2013-07-05 13:59 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-05 13:58 - 2013-01-14 21:45 - 00000000 ____D C:\EuroKass
2013-07-05 13:58 - 2012-10-02 22:02 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2013-07-05 13:58 - 2011-01-28 07:37 - 00000000 ___HD C:\OEM
2013-07-05 13:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-05 13:42 - 2013-01-26 02:50 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\Mozilla
2013-07-05 13:42 - 2012-08-18 00:39 - 00000000 ____D C:\Users\Putzmunter\putzmunter
2013-07-05 13:41 - 2012-08-17 05:02 - 00000000 ____D C:\Users\Putzmunter\AppData\Local\Adobe
2013-07-05 13:41 - 2012-08-14 12:16 - 00000000 ____D C:\Users\Putzmunter\AppData\Local\Google
2013-07-05 13:40 - 2013-01-14 11:49 - 00000000 ____D C:\ProgramData\Lexware
2013-07-05 13:40 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files\mcafee
2013-07-05 13:38 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-05 13:37 - 2011-01-28 07:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 18:24 - 2013-06-07 00:37 - 00000000 ____D C:\Users\Putzmunter\Desktop\Mibbel
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:34 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\PC-FAX TX
2013-07-04 16:33 - 2013-07-01 12:09 - 00000000 ____D C:\Users\Putzmunter\Downloads\mflpro
2013-07-04 16:33 - 2013-07-01 12:01 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-04 00:01 - 2013-05-27 07:32 - 00000000 ____D C:\Users\Putzmunter\Documents\Mein Steuer-Sparbuch Heute
2013-07-03 22:20 - 2013-06-28 23:06 - 00000000 ____D C:\Users\Putzmunter\Desktop\scout
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\Putzmunter\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\Putzmunter\FK1703_130629_153429.zip
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\Putzmunter\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\Putzmunter\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\Putzmunter\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-27 07:23:59
Restore point made on: 2013-05-31 17:00:34
Restore point made on: 2013-06-26 17:00:43
Restore point made on: 2013-06-29 09:17:39
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 6135.11 MB
Available physical RAM: 5309.66 MB
Total Pagefile: 6133.26 MB
Available Pagefile: 5298.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:688.11 GB) (Free:583.43 GB) NTFS (Disk=0 Partition=3)
Drive e: (DATA) (Fixed) (Total:688.55 GB) (Free:669.42 GB) NTFS (Disk=0 Partition=4)
Drive f: (PQSERVICE) (Fixed) (Total:20.51 GB) (Free:8.57 GB) NTFS (Disk=0 Partition=1)
Drive g: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive j: (OTLPE) (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT (Disk=3 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: DE653B78)
Partition 1: (Not Active) - (Size=21 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=688 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=689 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 4 GB) (Disk ID: 0217934C)
Partition 1: (Active) - (Size=4 GB) - (Type=06)
LastRegBack: 2013-07-01 10:44
==================== End Of Log ============================
--- --- --- ICh habe mir gerade mal den Bluescreen genauer angesehen. Als fehlercode kommt am Ende 12A Laut Google ist das das LanguagePack. Hat das eine tiefere bedeutung oder ist das bei dem Trojaner unwichtig. |
|
08.07.2013, 21:09
| #8 |
| /// the machine /// TB-Ausbilder | GVU Trojaner - LOG File Analysieren und Bereinigen Poste mal den kompletten Bluescreen Inhalt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.07.2013, 17:52
| #9 |
| | GVU Trojaner - LOG File Analysieren und Bereinigen Kann sein das ich eine Null zuviel drin habe  Code:
ATTFilter A problem has been detected and windows has denn shut down to
prevent damage to your computer.
Windows did not find any installed, licensed language packs for the system
defauls UI language.
If this is the first time you,ve seen this Stop error screen, restart your computer.
If this screen appears again, follow these steps:
Chekc to make sure any new hardware or software is properly installed.
If problems continue, disable or remove any newly installed hardware or software.
Disable BIOS memory options such as cahing or shadowing. If you need to use Safe
Mde to remove or disable components, restart your computer, press F8 to select
Advaned Startup Options, and then select safe mode.
Technical Information:
*** STOP: 0x0000012A (0x0000000000000001,0x0000000000000046,
0x0000000000000000,0x00000000000000000)
|
|
14.07.2013, 19:03
| #10 |
| /// the machine /// TB-Ausbilder | GVU Trojaner - LOG File Analysieren und Bereinigen Startreparatur von der WIndows DVD machen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.07.2013, 19:54
| #11 |
| | GVU Trojaner - LOG File Analysieren und Bereinigen leider habe ich grade die windows dvd nicht da, und hier ist nur ein rechner mit ner recovery partion. Somit habe ich die reparatur nicht von dvd sondern vom system aus gestartet. Leider erfolglos. INFO: Problemereignisname: StartupRepairOffline Problemsignatur 01: 6.1.7600.16385 Problemsignatur 02: 6.1.7600.16385 Problemsignatur 03: unknown Problemsignatur 04: 21200057 Problemsignatur 05: AutoFailover Problemsignatur 06: 9 Problemsignatur 07: NoRootCause6.1.7600.2.0.0.256.1 Gebietsschema-ID: 1031 |
|
14.07.2013, 21:38
| #12 |
| /// the machine /// TB-Ausbilder | GVU Trojaner - LOG File Analysieren und Bereinigen Kannst die DVD organisieren?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.07.2013, 17:06
| #13 |
| | GVU Trojaner - LOG File Analysieren und Bereinigen Ja. Werde ich heute abend testen. |
|
15.07.2013, 19:16
| #14 |
| /// the machine /// TB-Ausbilder | GVU Trojaner - LOG File Analysieren und Bereinigen ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.07.2013, 19:07
| #15 |
| | GVU Trojaner - LOG File Analysieren und Bereinigen Hat auch nicht geklappt. Rechner ist nun formatiert. Ich dank dir für deine tatkräftige Unterstützung. Aber ich denke so war es der beste weg. Thread closed |
|
| Themen zu GVU Trojaner - LOG File Analysieren und Bereinigen |
| .dll, association, desktop, explorer, farbar recovery scan tool, farbars recovery, file, frst.txt, google, home, hotkey, installation, log, log file, microsoft, mozilla, pmmupdate.exe, realtek, registry, scan, security, services.exe, siteadvisor, software, svchost.exe, symantec, system, temp, trojaner, visual studio, winlogon.exe |
Linear-Darstellung
