Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 08.07.2013, 09:21   #1
Tankwart
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Hallo zusammen,

habe hier einen Rechner mit einem GVU Trojaner darauf.

Ich hoff mir kann jemand helfen, diverse Rescue Discs finden nichts.

Hier das Logfile von Farbar Recov.:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 08-07-2013 10:03:44
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\" [24576 2009-05-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enumn /alertsn /notificationsn /fln /frn /appDatan /tmcpn [53248 2009-10-22] (HP)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1573576 2012-10-16] (Ask)
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [DATEV Update-Monitor] "C:\Datev\PROGRAMM\Install\DvInesASDMon.Exe" [288352 2012-08-29] (DATEV eG)
HKLM-x32\...\Run: [AgentMonitor] O:\LLN\VTech\DownloadManager\System\AgentMonitor.exe [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Gerhard Wagner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-09-03] (Google Inc.)
HKU\Gerhard Wagner\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\GERHAR~1\AppData\Local\Temp\vnujfohxewptajxxp.exe [43008 2013-07-05] (NVIDIA Corporation) <===== ATTENTION
HKU\Gerhard Wagner\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Gerhard Wagner\...\Command Processor: "C:\Users\GERHAR~1\AppData\Local\Temp\vnujfohxewptajxxp.exe" <===== ATTENTION!
Startup: C:\ProgramData\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\Datev\PROGRAMM\BSoffice\service\OfficeDiag.exe (DATEV eG)
Startup: C:\ProgramData\Start Menu\Programs\Startup\CleanupPrintJobs.lnk
ShortcutTarget: CleanupPrintJobs.lnk -> C:\Datev\PROGRAMM\B0001401\CleanupPrintJobs.exe (TODO: <Firmenname>)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\Datev\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

S2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation)
S3 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-02] (DATEV eG)
S2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-13] (DATEV eG)
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
S2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
S2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4586760 2013-03-13] (StorageCraft Technology Corporation)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S2 StorageCraft ImageReady; C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe [4408000 2013-03-13] ()
S2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [94984 2013-03-13] (StorageCraft Technology Corporation)
S3 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
S2 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
S3 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
S3 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-12] (CSR, plc)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130702.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130702.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130705.002\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130705.002\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130705.002\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130705.002\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [117000 2013-03-13] (StorageCraft Technology Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
S0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [283400 2013-03-13] (StorageCraft Technology Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-01] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
S0 dmboot;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-08 10:03 - 2013-07-08 10:03 - 00000000 ____D C:\FRST
2013-07-05 23:51 - 2013-07-06 00:59 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-07-05 12:05 - 2013-07-05 12:05 - 00163073 ____A C:\ProgramData\2433f433
2013-07-05 12:05 - 2013-07-05 12:05 - 00163062 ____A C:\Users\Gerhard Wagner\AppData\Local\2433f433
2013-07-05 12:05 - 2013-07-05 12:05 - 00163008 ____A C:\Users\Gerhard Wagner\AppData\Roaming\2433f433
2013-06-28 08:27 - 2013-06-28 08:27 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (3).zip
2013-06-24 06:10 - 2013-06-24 06:10 - 00000010 ____A C:\Users\Gerhard Wagner\Desktop\Neues Textdokument (2).txt
2013-06-24 05:54 - 2013-06-24 06:53 - 00000000 ____D C:\Users\Gerhard Wagner\Downloads\mailpv
2013-06-24 05:54 - 2012-05-04 15:24 - 00015842 ____A C:\Users\Gerhard Wagner\Downloads\mailpv.chm
2013-06-24 05:54 - 2012-05-04 15:24 - 00011877 ____A C:\Users\Gerhard Wagner\Downloads\readme.txt
2013-06-24 05:53 - 2013-06-24 05:53 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (4).zip
2013-06-24 05:52 - 2013-06-24 05:52 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (2).zip
2013-06-24 05:52 - 2013-06-24 05:52 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (1).zip
2013-06-24 05:06 - 2013-06-24 05:05 - 00375970 ____A C:\Users\Gerhard Wagner\Downloads\FRITZ.Box Fon WLAN 7390 84.05.52_24.06.13_1505.export
2013-06-24 00:57 - 2013-06-29 11:55 - 00000000 ____D C:\Users\Gerhard Wagner\Desktop\downgrade fritzbox
2013-06-24 00:44 - 2013-06-24 00:44 - 00077608 ____A C:\Users\Gerhard Wagner\Downloads\Setup.exe
2013-06-24 00:37 - 2013-06-24 00:37 - 15800320 ____A C:\Users\Gerhard Wagner\Downloads\FRITZ.Box_Fon_WLAN_7390.AnnexB.84.05.52.image
2013-06-13 02:44 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 02:44 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 02:44 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 02:44 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 02:44 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 02:44 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 02:44 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-13 02:44 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-13 02:44 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-13 02:44 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-13 02:44 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-13 02:44 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 01:17 - 2013-06-13 01:17 - 00275320 ____A C:\Windows\Minidump\061313-5881-01.dmp
2013-06-13 00:49 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 00:49 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 00:49 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 00:49 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 00:49 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 00:49 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 00:49 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 00:49 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 00:49 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 00:49 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 00:49 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 00:49 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 00:49 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 00:49 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 00:49 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 00:49 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 00:49 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 00:49 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 00:49 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 12:31 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 12:31 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 12:31 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 12:31 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 12:31 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 12:31 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 12:31 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 12:31 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 12:31 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 12:31 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 12:31 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 12:31 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 12:31 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 12:31 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-08 10:03 - 2013-07-08 10:03 - 00000000 ____D C:\FRST
2013-07-07 23:52 - 2013-03-08 02:59 - 00006470 ____A C:\Windows\setupact.log
2013-07-07 23:52 - 2012-03-06 09:14 - 01660679 ____A C:\Windows\WindowsUpdate.log
2013-07-07 23:52 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 23:50 - 2012-03-06 18:09 - 00762792 ____A C:\Windows\System32\perfh007.dat
2013-07-07 23:50 - 2012-03-06 18:09 - 00173498 ____A C:\Windows\System32\perfc007.dat
2013-07-07 23:50 - 2009-07-13 21:13 - 01799866 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-07 23:47 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-07 23:47 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-07 23:28 - 2009-07-13 20:45 - 00367816 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-07 22:15 - 2012-09-03 00:21 - 00001122 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-06 06:54 - 2013-03-07 19:13 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-07-06 00:59 - 2013-07-05 23:51 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-07-05 12:08 - 2012-04-22 21:00 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-05 12:07 - 2012-09-03 00:21 - 00001126 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-05 12:05 - 2013-07-05 12:05 - 00163073 ____A C:\ProgramData\2433f433
2013-07-05 12:05 - 2013-07-05 12:05 - 00163062 ____A C:\Users\Gerhard Wagner\AppData\Local\2433f433
2013-07-05 12:05 - 2013-07-05 12:05 - 00163008 ____A C:\Users\Gerhard Wagner\AppData\Roaming\2433f433
2013-07-04 03:39 - 2010-11-20 19:47 - 00074674 ____A C:\Windows\PFRO.log
2013-07-01 12:46 - 2012-11-27 06:16 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-06-29 11:55 - 2013-06-24 00:57 - 00000000 ____D C:\Users\Gerhard Wagner\Desktop\downgrade fritzbox
2013-06-29 11:54 - 2012-12-19 07:16 - 00000000 ____D C:\Users\Gerhard Wagner\AppData\Local\FRITZ!
2013-06-28 08:27 - 2013-06-28 08:27 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (3).zip
2013-06-24 10:40 - 2012-09-03 00:21 - 00000000 ____D C:\Users\Gerhard Wagner\AppData\Local\Google
2013-06-24 06:53 - 2013-06-24 05:54 - 00000000 ____D C:\Users\Gerhard Wagner\Downloads\mailpv
2013-06-24 06:10 - 2013-06-24 06:10 - 00000010 ____A C:\Users\Gerhard Wagner\Desktop\Neues Textdokument (2).txt
2013-06-24 05:53 - 2013-06-24 05:53 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (4).zip
2013-06-24 05:52 - 2013-06-24 05:52 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (2).zip
2013-06-24 05:52 - 2013-06-24 05:52 - 00014224 ____A C:\Users\Gerhard Wagner\Downloads\mailpv (1).zip
2013-06-24 05:05 - 2013-06-24 05:06 - 00375970 ____A C:\Users\Gerhard Wagner\Downloads\FRITZ.Box Fon WLAN 7390 84.05.52_24.06.13_1505.export
2013-06-24 00:44 - 2013-06-24 00:44 - 00077608 ____A C:\Users\Gerhard Wagner\Downloads\Setup.exe
2013-06-24 00:37 - 2013-06-24 00:37 - 15800320 ____A C:\Users\Gerhard Wagner\Downloads\FRITZ.Box_Fon_WLAN_7390.AnnexB.84.05.52.image
2013-06-21 03:08 - 2012-09-03 00:21 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-19 11:29 - 2012-03-07 06:49 - 00000000 ____D C:\ProgramData\Norton
2013-06-19 11:24 - 2013-05-19 09:03 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-06-18 12:20 - 2012-03-07 05:30 - 01776824 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-18 05:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-13 09:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:04 - 2012-09-03 11:05 - 00002669 ____A C:\Users\Public\Desktop\TAXMAN 2012 spezial.lnk
2013-06-13 05:08 - 2012-04-22 21:00 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 05:08 - 2012-03-07 05:43 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-13 01:17 - 2013-06-13 01:17 - 00275320 ____A C:\Windows\Minidump\061313-5881-01.dmp
2013-06-13 01:17 - 2013-04-23 11:56 - 614690721 ____A C:\Windows\MEMORY.DMP
2013-06-13 01:17 - 2013-04-23 11:56 - 00000000 ____D C:\Windows\Minidump
2013-06-13 00:56 - 2009-07-13 21:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-13 00:50 - 2009-07-13 18:34 - 00000534 ____A C:\Windows\win.ini
2013-06-13 00:49 - 2012-04-22 06:47 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 11:36 - 2013-03-13 00:30 - 00001090 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-06-08 06:08 - 2013-06-13 02:44 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 06:07 - 2013-06-13 02:44 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 06:06 - 2013-06-13 02:44 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 06:06 - 2013-06-13 02:44 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 06:06 - 2013-06-13 02:44 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 04:28 - 2013-06-13 02:44 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 03:42 - 2013-06-13 02:44 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 03:40 - 2013-06-13 02:44 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 03:40 - 2013-06-13 02:44 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 03:40 - 2013-06-13 02:44 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 03:40 - 2013-06-13 02:44 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 03:13 - 2013-06-13 02:44 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Files to move or delete:
====================
C:\ProgramData\1813545.bat
C:\ProgramData\1813545.pad
C:\ProgramData\1813545.reg

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 8174.45 MB
Available physical RAM: 7138.95 MB
Total Pagefile: 8172.64 MB
Available Pagefile: 7158.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:51.63 GB) NTFS (Disk=1 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:465.72 GB) (Free:420.19 GB) NTFS (Disk=0 Partition=2)
Drive e: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=1 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive f: (W7SP1_PROFESSIONAL) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:7.6 GB) (Free:7.6 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: D5136530)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: D1DC332E)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 8 GB) (Disk ID: 4EAB0811)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)


LastRegBack: 2013-07-03 05:40

==================== End Of Log ============================

 

Themen zu GVU Trojaner entfernen
adobe, adobe flash player, association, desktop, entfernen, explorer, farbar, farbar recovery scan tool, flash player, frst.txt, google, kaspersky, logfile, minidump, monitor.exe, nvidia, programm, registry, security, server, services.exe, software, svchost.exe, symantec, system, temp, trojaner, usb, vista, winlogon.exe, wlan




Ähnliche Themen: GVU Trojaner entfernen


  1. Babylon toolbar entfernen, BrowserCompanion entfernen, DealPly entfernen, GinyasBrowserCompanions entfernen
    Log-Analyse und Auswertung - 17.12.2014 (9)
  2. GVU Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (13)
  3. GVU Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (4)
  4. GVU-Trojaner. Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (2)
  5. GUV Trojaner 2.07 entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.10.2012 (6)
  6. Windows Uptdate Trojaner "Neuer Verschlüsselung Trojaner" Verschlüsseung entfernen, WIE?
    Plagegeister aller Art und deren Bekämpfung - 19.10.2012 (3)
  7. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (3)
  8. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Mülltonne - 04.08.2012 (1)
  9. Live Security Platinum-Trojaner, Verschlüsselungs-Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  10. BKA Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (5)
  11. GVU-Trojaner v2.04 entfernen (Windows XP) Trojaner mit Urheberrechtsverletzung
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (1)
  12. wie BKA trojaner entfernen?!
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (2)
  13. BKA-Trojaner entfernen
    Log-Analyse und Auswertung - 23.07.2011 (6)
  14. Trojaner Kozy - desktop schwarz daten weg - wie kann ich den trojaner entfernen?
    Log-Analyse und Auswertung - 30.04.2011 (1)
  15. Trojaner TR/crypt.xpack.gen u. win32.dnschanger entfernen entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.02.2009 (14)
  16. Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.10.2008 (1)
  17. Trojaner entfernen...
    Plagegeister aller Art und deren Bekämpfung - 10.01.2007 (3)

Zum Thema GVU Trojaner entfernen - Hallo zusammen, habe hier einen Rechner mit einem GVU Trojaner darauf. Ich hoff mir kann jemand helfen, diverse Rescue Discs finden nichts. Hier das Logfile von Farbar Recov.: Scan result - GVU Trojaner entfernen...
Archiv
Du betrachtest: GVU Trojaner entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.