![]() |
|
Log-Analyse und Auswertung: GVU Trojaner, frst durchgeführt, txt dateiWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() GVU Trojaner, frst durchgeführt, txt datei Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013 Ran by SYSTEM on 08-07-2013 14:03:16 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-13] (IDT, Inc.) HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2010-12-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation) HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [111640 2010-07-23] () HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-12-13] (EasyBits Software AS) HKLM-x32\...\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Plus\TrayServer.exe [90112 2008-08-07] (MAGIX AG) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT [329632 2008-05-22] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.) HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKU\Wiens\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company) HKU\Wiens\...\Run: [Google Update] "C:\Users\Wiens\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-04] (Google Inc.) HKU\Wiens\...\Run: [Facebook Update] "C:\Users\Wiens\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.) HKU\Wiens\...\Run: [MusicManager] "C:\Users\Wiens\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7345664 2013-06-20] (Google Inc.) HKU\Wiens\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.) HKU\Wiens\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Wiens\AppData\Local\Temp\cyaovpqwrsvqdlmwa.exe [47104 2013-07-08] (NVIDIA Corporation) <===== ATTENTION HKU\Wiens\...\Policies\system: [DisableLockWorkstation] 0 HKU\Wiens\...\Policies\system: [DisableChangePassword] 0 HKU\Wiens\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Wiens\...\Command Processor: "C:\Users\Wiens\AppData\Local\Temp\cyaovpqwrsvqdlmwa.exe" <===== ATTENTION! Startup: C:\ProgramData\Start Menu\Programs\Startup\Snapfish PictureMover.lnk ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) Startup: C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk ShortcutTarget: Facebook Messenger.lnk -> (No File) Startup: C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk ShortcutTarget: tbhcn.lnk -> (No File) ==================== Services (Whitelisted) ================= S2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [94208 2008-05-28] (SEIKO EPSON CORPORATION) S2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation) S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) ==================== Drivers (Whitelisted) ==================== S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation) S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-03] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-03] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-17] (Symantec Corporation) S3 ghsmdm; C:\Windows\System32\DRIVERS\ghsmdm.sys [129304 2011-08-15] (ZTE Incorporated) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130705.001\IDSvia64.sys [513184 2013-05-08] (Symantec Corporation) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130705.001\IDSvia64.sys [513184 2013-05-08] (Symantec Corporation) S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\ENG64.SYS [126040 2013-06-03] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\ENG64.SYS [126040 2013-06-03] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\EX64.SYS [2098776 2013-06-03] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\EX64.SYS [2098776 2013-06-03] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation) S0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation) S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x] S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x64\Sandra.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-08 14:03 - 2013-07-08 14:03 - 00000000 ____D C:\FRST 2013-07-08 03:23 - 2013-07-08 03:23 - 00393538 ____A C:\Users\Wiens\AppData\Local\2433f433 2013-07-08 03:23 - 2013-07-08 03:23 - 00393524 ____A C:\ProgramData\2433f433 2013-07-08 03:23 - 2013-07-08 03:23 - 00393459 ____A C:\Users\Wiens\AppData\Roaming\2433f433 2013-07-06 04:14 - 2013-07-06 04:14 - 00000243 ____A C:\Users\Wiens\Downloads\smil (3).xml 2013-07-06 01:49 - 2013-07-06 01:49 - 00000520 ____A C:\Windows\PFRO.log 2013-07-05 09:16 - 2013-07-08 03:46 - 00001243 ____A C:\Windows\setupact.log 2013-07-05 09:16 - 2013-07-05 09:16 - 00000000 ____A C:\Windows\setuperr.log 2013-07-01 22:39 - 2013-07-01 22:39 - 04396440 ____A (Piriform Ltd) C:\Users\Wiens\Downloads\ccsetup403.exe 2013-07-01 21:39 - 2013-07-01 21:39 - 00001126 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk 2013-07-01 21:39 - 2013-07-01 21:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2013-07-01 21:35 - 2013-07-01 21:35 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de (1).exe 2013-07-01 21:33 - 2013-07-01 21:33 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de.exe 2013-06-29 02:01 - 2013-06-29 02:47 - 41891941 ____A C:\Users\Wiens\Downloads\Candy Crush Saga_1.13.1.apk 2013-06-27 02:04 - 2013-06-27 02:04 - 00043631 ____A C:\Users\Wiens\Downloads\Stammbaum Heinrich Wiens.ged 2013-06-27 01:56 - 2013-06-27 01:56 - 00080806 ____A C:\Users\Wiens\Downloads\1m5208_283612g258c70bkc229q1c.ged 2013-06-26 22:31 - 2013-06-27 05:30 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Ahnenblatt 2013-06-26 22:31 - 2013-06-26 22:31 - 00001889 ____A C:\Users\Wiens\Desktop\Ahnenblatt.lnk 2013-06-26 22:31 - 2013-06-26 22:31 - 00000000 ____D C:\Users\Wiens\Documents\Ahnenblatt 2013-06-26 22:31 - 2013-06-26 22:31 - 00000000 ____D C:\Program Files (x86)\Ahnenblatt 2013-06-26 22:23 - 2013-06-26 22:23 - 04707624 ____A (Dirk Boettcher ) C:\Users\Wiens\Downloads\absetup_2.74.exe 2013-06-26 22:21 - 2013-06-26 22:22 - 00000022 ____A C:\Users\Wiens\Downloads\Stammbaum.zip 2013-06-26 07:59 - 2013-06-26 22:16 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-06-26 07:59 - 2013-06-26 07:59 - 00000995 ____A C:\Users\Public\Desktop\PDFCreator.lnk 2013-06-26 07:59 - 2013-06-26 07:59 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\pdfforge 2013-06-26 07:59 - 2013-04-09 05:13 - 00110264 ____A (pdfforge GmbH) C:\Windows\System32\pdfcmon.dll 2013-06-26 07:59 - 2012-05-05 01:54 - 00137000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2013-06-26 07:59 - 2012-05-05 01:54 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2013-06-26 07:59 - 1998-07-06 08:56 - 00125712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2013-06-26 07:59 - 1998-07-06 08:55 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL 2013-06-26 07:36 - 2013-06-26 07:36 - 17502040 ____A (pdfforge GbR) C:\Users\Wiens\Downloads\PDFCreator-1_7_0_setup.exe 2013-06-26 07:17 - 2013-06-26 07:17 - 00264192 ____H C:\Users\Wiens\Downloads\~WRL0005.tmp 2013-06-24 09:46 - 2013-06-24 09:46 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8CBB581C-DC10-422D-93F9-684E4BB05696} 2013-06-21 05:01 - 2013-06-21 05:01 - 00000000 ____D C:\Users\Wiens\AppData\Local\Brand Thunder 2013-06-21 05:00 - 2013-06-21 05:00 - 00331112 ____A C:\Users\Wiens\Downloads\blackhawks_chrome_installer.exe 2013-06-21 00:59 - 2013-06-21 01:00 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8A254666-6FE0-4103-A74F-835517AEB4B9} 2013-06-19 10:02 - 2013-06-20 02:01 - 00000000 ____D C:\Users\Wiens\AppData\Local\{E6F8212E-47D6-4199-966F-66C637356F49} 2013-06-16 23:37 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-16 23:37 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-16 23:37 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-16 23:37 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-16 23:37 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-16 23:37 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-16 23:37 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-16 23:37 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-16 23:37 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-16 23:37 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-16 23:37 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-16 23:37 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 21:08 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 21:08 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 21:08 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 21:08 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 21:08 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 21:08 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 21:08 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 21:08 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 21:08 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 21:08 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 21:08 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 21:08 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 21:08 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 21:08 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-12 21:08 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-12 21:08 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 21:08 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-12 21:08 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 21:08 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-12 06:45 - 2013-06-12 08:23 - 00000000 ____D C:\Users\Wiens\Desktop\Luka Ebay 2013-06-12 02:37 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 02:37 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 02:37 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 02:37 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 02:37 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 02:37 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 02:37 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 02:37 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 02:37 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 02:37 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 02:37 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 02:35 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 02:35 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 02:35 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 02:35 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 02:35 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 02:35 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-12 02:34 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 02:34 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll ==================== One Month Modified Files and Folders ======= 2013-07-08 14:03 - 2013-07-08 14:03 - 00000000 ____D C:\FRST 2013-07-08 03:50 - 2013-01-27 11:18 - 01312585 ____A C:\Windows\WindowsUpdate.log 2013-07-08 03:47 - 2011-04-04 10:33 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-08 03:46 - 2013-07-05 09:16 - 00001243 ____A C:\Windows\setupact.log 2013-07-08 03:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-08 03:30 - 2011-09-03 22:16 - 00001116 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001Core.job 2013-07-08 03:25 - 2011-04-04 10:33 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-08 03:23 - 2013-07-08 03:23 - 00393538 ____A C:\Users\Wiens\AppData\Local\2433f433 2013-07-08 03:23 - 2013-07-08 03:23 - 00393524 ____A C:\ProgramData\2433f433 2013-07-08 03:23 - 2013-07-08 03:23 - 00393459 ____A C:\Users\Wiens\AppData\Roaming\2433f433 2013-07-08 03:23 - 2011-03-25 12:06 - 00000000 ____D C:\Users\Wiens\Documents\Youcam 2013-07-08 03:18 - 2011-07-27 14:48 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001UA.job 2013-07-08 03:18 - 2011-01-09 16:49 - 41104322 ____A C:\Windows\System32\perfh007.dat 2013-07-08 03:18 - 2011-01-09 16:49 - 13348256 ____A C:\Windows\System32\perfc007.dat 2013-07-08 03:18 - 2009-07-13 21:13 - 00005426 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-08 03:16 - 2012-07-27 10:14 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\BrowserCompanion 2013-07-08 03:16 - 2012-05-25 03:37 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-08 03:16 - 2011-09-03 22:16 - 00001138 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001UA.job 2013-07-08 03:16 - 2011-03-28 13:10 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Skype 2013-07-07 10:18 - 2011-07-27 14:48 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001Core.job 2013-07-07 05:33 - 2011-11-20 09:17 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-07-07 05:33 - 2011-03-27 07:37 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-07-06 04:30 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-06 04:30 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-06 04:23 - 2011-07-13 13:03 - 00000000 ___RD C:\Users\Wiens\Dropbox 2013-07-06 04:23 - 2011-07-13 13:02 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Dropbox 2013-07-06 04:14 - 2013-07-06 04:14 - 00000243 ____A C:\Users\Wiens\Downloads\smil (3).xml 2013-07-06 01:50 - 2013-02-10 13:53 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForWiens.job 2013-07-06 01:50 - 2009-07-13 20:45 - 00407864 ____A C:\Windows\System32\FNTCACHE.DAT 2013-07-06 01:49 - 2013-07-06 01:49 - 00000520 ____A C:\Windows\PFRO.log 2013-07-05 09:16 - 2013-07-05 09:16 - 00000000 ____A C:\Windows\setuperr.log 2013-07-04 21:48 - 2011-03-28 09:45 - 00000000 ____D C:\Users\Wiens\AppData\Local\CrashDumps 2013-07-03 06:13 - 2011-03-25 10:46 - 00114104 ____A C:\Users\Wiens\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-03 02:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-07-01 22:40 - 2011-04-04 10:34 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk 2013-07-01 22:40 - 2011-04-04 10:34 - 00000000 ____D C:\Program Files\CCleaner 2013-07-01 22:39 - 2013-07-01 22:39 - 04396440 ____A (Piriform Ltd) C:\Users\Wiens\Downloads\ccsetup403.exe 2013-07-01 21:39 - 2013-07-01 21:39 - 00001126 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk 2013-07-01 21:39 - 2013-07-01 21:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2013-07-01 21:35 - 2013-07-01 21:35 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de (1).exe 2013-07-01 21:33 - 2013-07-01 21:33 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de.exe 2013-06-30 14:47 - 2011-03-28 13:10 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-30 14:47 - 2011-03-28 13:10 - 00000000 ____D C:\ProgramData\Skype 2013-06-30 14:45 - 2009-09-06 16:40 - 00000000 ____D C:\SwSetup 2013-06-29 02:47 - 2013-06-29 02:01 - 41891941 ____A C:\Users\Wiens\Downloads\Candy Crush Saga_1.13.1.apk 2013-06-28 00:09 - 2011-03-28 12:48 - 00000000 ____D C:\Users\Wiens\Documents\CSL Junioren 2013-06-27 20:36 - 2012-04-09 20:04 - 00000000 ____D C:\Users\Wiens\Documents\Camp 2012 2013-06-27 10:43 - 2011-03-25 13:26 - 00000000 ____D C:\Users\Wiens\AppData\Local\Microsoft Games 2013-06-27 05:30 - 2013-06-26 22:31 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Ahnenblatt 2013-06-27 02:04 - 2013-06-27 02:04 - 00043631 ____A C:\Users\Wiens\Downloads\Stammbaum Heinrich Wiens.ged 2013-06-27 01:56 - 2013-06-27 01:56 - 00080806 ____A C:\Users\Wiens\Downloads\1m5208_283612g258c70bkc229q1c.ged 2013-06-26 22:31 - 2013-06-26 22:31 - 00001889 ____A C:\Users\Wiens\Desktop\Ahnenblatt.lnk 2013-06-26 22:31 - 2013-06-26 22:31 - 00000000 ____D C:\Users\Wiens\Documents\Ahnenblatt 2013-06-26 22:31 - 2013-06-26 22:31 - 00000000 ____D C:\Program Files (x86)\Ahnenblatt 2013-06-26 22:23 - 2013-06-26 22:23 - 04707624 ____A (Dirk Boettcher ) C:\Users\Wiens\Downloads\absetup_2.74.exe 2013-06-26 22:22 - 2013-06-26 22:21 - 00000022 ____A C:\Users\Wiens\Downloads\Stammbaum.zip 2013-06-26 22:16 - 2013-06-26 07:59 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-06-26 07:59 - 2013-06-26 07:59 - 00000995 ____A C:\Users\Public\Desktop\PDFCreator.lnk 2013-06-26 07:59 - 2013-06-26 07:59 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\pdfforge 2013-06-26 07:36 - 2013-06-26 07:36 - 17502040 ____A (pdfforge GbR) C:\Users\Wiens\Downloads\PDFCreator-1_7_0_setup.exe 2013-06-26 07:35 - 2013-02-23 13:48 - 00000000 ____D C:\Users\Wiens\Documents\CSL Jugend 2013-06-26 07:17 - 2013-06-26 07:17 - 00264192 ____H C:\Users\Wiens\Downloads\~WRL0005.tmp 2013-06-24 09:46 - 2013-06-24 09:46 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8CBB581C-DC10-422D-93F9-684E4BB05696} 2013-06-23 04:21 - 2013-05-08 11:19 - 00002505 ____A C:\Users\Public\Desktop\Norton Internet Security CBE.lnk 2013-06-23 04:21 - 2013-05-08 11:18 - 00000000 ____D C:\Windows\System32\Drivers\NISx64 2013-06-21 05:11 - 2013-06-21 05:01 - 00000000 ____D C:\Users\Wiens\AppData\Local\Brand Thunder 2013-06-21 05:00 - 2013-06-21 05:00 - 00331112 ____A C:\Users\Wiens\Downloads\blackhawks_chrome_installer.exe 2013-06-21 01:00 - 2013-06-21 00:59 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8A254666-6FE0-4103-A74F-835517AEB4B9} 2013-06-20 02:01 - 2013-06-19 10:02 - 00000000 ____D C:\Users\Wiens\AppData\Local\{E6F8212E-47D6-4199-966F-66C637356F49} 2013-06-19 02:15 - 2013-05-08 11:19 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS 2013-06-19 02:15 - 2013-05-08 11:19 - 00007631 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT 2013-06-17 11:49 - 2009-09-06 17:57 - 00000000 ____D C:\Windows\Panther 2013-06-16 04:51 - 2012-12-15 11:23 - 00000342 ____A C:\Windows\Tasks\HPCeeScheduleForWIENS-HP$.job 2013-06-13 06:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-06-12 21:09 - 2011-05-15 19:53 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 08:23 - 2013-06-12 06:45 - 00000000 ____D C:\Users\Wiens\Desktop\Luka Ebay 2013-06-11 23:03 - 2012-05-25 03:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-11 23:03 - 2011-08-31 14:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-09 08:38 - 2011-09-04 11:00 - 00001017 ____A C:\Users\Wiens\Desktop\Dropbox.lnk 2013-06-08 06:08 - 2013-06-16 23:37 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 06:07 - 2013-06-16 23:37 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 06:06 - 2013-06-16 23:37 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 06:06 - 2013-06-16 23:37 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 06:06 - 2013-06-16 23:37 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 04:28 - 2013-06-16 23:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 03:42 - 2013-06-16 23:37 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 03:40 - 2013-06-16 23:37 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 03:40 - 2013-06-16 23:37 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 03:40 - 2013-06-16 23:37 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 03:40 - 2013-06-16 23:37 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 03:13 - 2013-06-16 23:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb Files to move or delete: ==================== C:\Users\Wiens\ccsetup305.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-06-12 21:07:06 Restore point made on: 2013-06-13 20:47:28 Restore point made on: 2013-06-16 23:37:04 Restore point made on: 2013-06-26 02:37:34 Restore point made on: 2013-06-30 14:38:56 Restore point made on: 2013-06-30 14:40:11 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3893.86 MB Available physical RAM: 3141.64 MB Total Pagefile: 3892.01 MB Available Pagefile: 3137.66 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:450.93 GB) (Free:259.2 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] Drive e: (RECOVERY) (Fixed) (Total:14.53 GB) (Free:1.79 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4) Drive h: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT32 (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FBCCF9BA) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=2 GB) - (Type=0B) LastRegBack: 2013-07-03 09:45 ==================== End Of Log ============================ |
Themen zu GVU Trojaner, frst durchgeführt, txt datei |
adobe, adobe flash player, association, ccsetup, desktop, explorer, farbar, farbar recovery scan tool, flash player, frst.txt, frst64.exe durchgeführt, google, gvu - trojaner, helper, home, launch, log, microsoft, nvidia, pdf, registry, scan, security, services.exe, software, svchost.exe, symantec, system, temp, trojaner, usb, winlogon, winlogon.exe |