Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner, frst durchgeführt, txt datei

GVU Trojaner, frst durchgeführt, txt datei


Log-Analyse und Auswertung: GVU Trojaner, frst durchgeführt, txt datei

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 08.07.2013, 13:22   #1
schapa
 
GVU Trojaner, frst durchgeführt, txt datei - Standard

GVU Trojaner, frst durchgeführt, txt datei


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 08-07-2013 14:03:16
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-13] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2010-12-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [111640 2010-07-23] ()
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-12-13] (EasyBits Software AS)
HKLM-x32\...\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Plus\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT [329632 2008-05-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKU\Wiens\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\Wiens\...\Run: [Google Update] "C:\Users\Wiens\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-04] (Google Inc.)
HKU\Wiens\...\Run: [Facebook Update] "C:\Users\Wiens\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Wiens\...\Run: [MusicManager] "C:\Users\Wiens\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7345664 2013-06-20] (Google Inc.)
HKU\Wiens\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\Wiens\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Wiens\AppData\Local\Temp\cyaovpqwrsvqdlmwa.exe [47104 2013-07-08] (NVIDIA Corporation) <===== ATTENTION
HKU\Wiens\...\Policies\system: [DisableLockWorkstation] 0
HKU\Wiens\...\Policies\system: [DisableChangePassword] 0
HKU\Wiens\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Wiens\...\Command Processor: "C:\Users\Wiens\AppData\Local\Temp\cyaovpqwrsvqdlmwa.exe" <===== ATTENTION!
Startup: C:\ProgramData\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> (No File)
Startup: C:\Users\Wiens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
ShortcutTarget: tbhcn.lnk -> (No File)

==================== Services (Whitelisted) =================

S2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [94208 2008-05-28] (SEIKO EPSON CORPORATION)
S2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-03] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-03] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-17] (Symantec Corporation)
S3 ghsmdm; C:\Windows\System32\DRIVERS\ghsmdm.sys [129304 2011-08-15] (ZTE Incorporated)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130705.001\IDSvia64.sys [513184 2013-05-08] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130705.001\IDSvia64.sys [513184 2013-05-08] (Symantec Corporation)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\ENG64.SYS [126040 2013-06-03] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\ENG64.SYS [126040 2013-06-03] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\EX64.SYS [2098776 2013-06-03] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130707.005\EX64.SYS [2098776 2013-06-03] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x64\Sandra.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-08 14:03 - 2013-07-08 14:03 - 00000000 ____D C:\FRST
2013-07-08 03:23 - 2013-07-08 03:23 - 00393538 ____A C:\Users\Wiens\AppData\Local\2433f433
2013-07-08 03:23 - 2013-07-08 03:23 - 00393524 ____A C:\ProgramData\2433f433
2013-07-08 03:23 - 2013-07-08 03:23 - 00393459 ____A C:\Users\Wiens\AppData\Roaming\2433f433
2013-07-06 04:14 - 2013-07-06 04:14 - 00000243 ____A C:\Users\Wiens\Downloads\smil (3).xml
2013-07-06 01:49 - 2013-07-06 01:49 - 00000520 ____A C:\Windows\PFRO.log
2013-07-05 09:16 - 2013-07-08 03:46 - 00001243 ____A C:\Windows\setupact.log
2013-07-05 09:16 - 2013-07-05 09:16 - 00000000 ____A C:\Windows\setuperr.log
2013-07-01 22:39 - 2013-07-01 22:39 - 04396440 ____A (Piriform Ltd) C:\Users\Wiens\Downloads\ccsetup403.exe
2013-07-01 21:39 - 2013-07-01 21:39 - 00001126 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-07-01 21:39 - 2013-07-01 21:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-07-01 21:35 - 2013-07-01 21:35 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de (1).exe
2013-07-01 21:33 - 2013-07-01 21:33 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de.exe
2013-06-29 02:01 - 2013-06-29 02:47 - 41891941 ____A C:\Users\Wiens\Downloads\Candy Crush Saga_1.13.1.apk
2013-06-27 02:04 - 2013-06-27 02:04 - 00043631 ____A C:\Users\Wiens\Downloads\Stammbaum Heinrich Wiens.ged
2013-06-27 01:56 - 2013-06-27 01:56 - 00080806 ____A C:\Users\Wiens\Downloads\1m5208_283612g258c70bkc229q1c.ged
2013-06-26 22:31 - 2013-06-27 05:30 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Ahnenblatt
2013-06-26 22:31 - 2013-06-26 22:31 - 00001889 ____A C:\Users\Wiens\Desktop\Ahnenblatt.lnk
2013-06-26 22:31 - 2013-06-26 22:31 - 00000000 ____D C:\Users\Wiens\Documents\Ahnenblatt
2013-06-26 22:31 - 2013-06-26 22:31 - 00000000 ____D C:\Program Files (x86)\Ahnenblatt
2013-06-26 22:23 - 2013-06-26 22:23 - 04707624 ____A (Dirk Boettcher ) C:\Users\Wiens\Downloads\absetup_2.74.exe
2013-06-26 22:21 - 2013-06-26 22:22 - 00000022 ____A C:\Users\Wiens\Downloads\Stammbaum.zip
2013-06-26 07:59 - 2013-06-26 22:16 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-06-26 07:59 - 2013-06-26 07:59 - 00000995 ____A C:\Users\Public\Desktop\PDFCreator.lnk
2013-06-26 07:59 - 2013-06-26 07:59 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\pdfforge
2013-06-26 07:59 - 2013-04-09 05:13 - 00110264 ____A (pdfforge GmbH) C:\Windows\System32\pdfcmon.dll
2013-06-26 07:59 - 2012-05-05 01:54 - 00137000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-06-26 07:59 - 2012-05-05 01:54 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-06-26 07:59 - 1998-07-06 08:56 - 00125712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-06-26 07:59 - 1998-07-06 08:55 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-06-26 07:36 - 2013-06-26 07:36 - 17502040 ____A (pdfforge GbR) C:\Users\Wiens\Downloads\PDFCreator-1_7_0_setup.exe
2013-06-26 07:17 - 2013-06-26 07:17 - 00264192 ____H C:\Users\Wiens\Downloads\~WRL0005.tmp
2013-06-24 09:46 - 2013-06-24 09:46 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8CBB581C-DC10-422D-93F9-684E4BB05696}
2013-06-21 05:01 - 2013-06-21 05:01 - 00000000 ____D C:\Users\Wiens\AppData\Local\Brand Thunder
2013-06-21 05:00 - 2013-06-21 05:00 - 00331112 ____A C:\Users\Wiens\Downloads\blackhawks_chrome_installer.exe
2013-06-21 00:59 - 2013-06-21 01:00 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8A254666-6FE0-4103-A74F-835517AEB4B9}
2013-06-19 10:02 - 2013-06-20 02:01 - 00000000 ____D C:\Users\Wiens\AppData\Local\{E6F8212E-47D6-4199-966F-66C637356F49}
2013-06-16 23:37 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 23:37 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 23:37 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 23:37 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 23:37 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 23:37 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 23:37 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 23:37 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 23:37 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 23:37 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 23:37 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 23:37 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 21:08 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 21:08 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 21:08 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 21:08 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 21:08 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 21:08 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 21:08 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 21:08 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 21:08 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 21:08 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 21:08 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 21:08 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 21:08 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 21:08 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 21:08 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 21:08 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 21:08 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 21:08 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 21:08 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 06:45 - 2013-06-12 08:23 - 00000000 ____D C:\Users\Wiens\Desktop\Luka Ebay
2013-06-12 02:37 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 02:37 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 02:37 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 02:37 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 02:37 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 02:37 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 02:37 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 02:37 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 02:37 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 02:37 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 02:37 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 02:35 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 02:35 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 02:35 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 02:35 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 02:35 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 02:35 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 02:34 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 02:34 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-08 14:03 - 2013-07-08 14:03 - 00000000 ____D C:\FRST
2013-07-08 03:50 - 2013-01-27 11:18 - 01312585 ____A C:\Windows\WindowsUpdate.log
2013-07-08 03:47 - 2011-04-04 10:33 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-08 03:46 - 2013-07-05 09:16 - 00001243 ____A C:\Windows\setupact.log
2013-07-08 03:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 03:30 - 2011-09-03 22:16 - 00001116 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001Core.job
2013-07-08 03:25 - 2011-04-04 10:33 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-08 03:23 - 2013-07-08 03:23 - 00393538 ____A C:\Users\Wiens\AppData\Local\2433f433
2013-07-08 03:23 - 2013-07-08 03:23 - 00393524 ____A C:\ProgramData\2433f433
2013-07-08 03:23 - 2013-07-08 03:23 - 00393459 ____A C:\Users\Wiens\AppData\Roaming\2433f433
2013-07-08 03:23 - 2011-03-25 12:06 - 00000000 ____D C:\Users\Wiens\Documents\Youcam
2013-07-08 03:18 - 2011-07-27 14:48 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001UA.job
2013-07-08 03:18 - 2011-01-09 16:49 - 41104322 ____A C:\Windows\System32\perfh007.dat
2013-07-08 03:18 - 2011-01-09 16:49 - 13348256 ____A C:\Windows\System32\perfc007.dat
2013-07-08 03:18 - 2009-07-13 21:13 - 00005426 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-08 03:16 - 2012-07-27 10:14 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\BrowserCompanion
2013-07-08 03:16 - 2012-05-25 03:37 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-08 03:16 - 2011-09-03 22:16 - 00001138 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001UA.job
2013-07-08 03:16 - 2011-03-28 13:10 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Skype
2013-07-07 10:18 - 2011-07-27 14:48 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701580033-1802787508-3007128120-1001Core.job
2013-07-07 05:33 - 2011-11-20 09:17 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-07 05:33 - 2011-03-27 07:37 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-07-06 04:30 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-06 04:30 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-06 04:23 - 2011-07-13 13:03 - 00000000 ___RD C:\Users\Wiens\Dropbox
2013-07-06 04:23 - 2011-07-13 13:02 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Dropbox
2013-07-06 04:14 - 2013-07-06 04:14 - 00000243 ____A C:\Users\Wiens\Downloads\smil (3).xml
2013-07-06 01:50 - 2013-02-10 13:53 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForWiens.job
2013-07-06 01:50 - 2009-07-13 20:45 - 00407864 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-06 01:49 - 2013-07-06 01:49 - 00000520 ____A C:\Windows\PFRO.log
2013-07-05 09:16 - 2013-07-05 09:16 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 21:48 - 2011-03-28 09:45 - 00000000 ____D C:\Users\Wiens\AppData\Local\CrashDumps
2013-07-03 06:13 - 2011-03-25 10:46 - 00114104 ____A C:\Users\Wiens\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-03 02:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-01 22:40 - 2011-04-04 10:34 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-07-01 22:40 - 2011-04-04 10:34 - 00000000 ____D C:\Program Files\CCleaner
2013-07-01 22:39 - 2013-07-01 22:39 - 04396440 ____A (Piriform Ltd) C:\Users\Wiens\Downloads\ccsetup403.exe
2013-07-01 21:39 - 2013-07-01 21:39 - 00001126 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-07-01 21:39 - 2013-07-01 21:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-07-01 21:35 - 2013-07-01 21:35 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de (1).exe
2013-07-01 21:33 - 2013-07-01 21:33 - 05140064 ____A (TeamViewer GmbH) C:\Users\Wiens\Downloads\TeamViewer_Setup_de.exe
2013-06-30 14:47 - 2011-03-28 13:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-30 14:47 - 2011-03-28 13:10 - 00000000 ____D C:\ProgramData\Skype
2013-06-30 14:45 - 2009-09-06 16:40 - 00000000 ____D C:\SwSetup
2013-06-29 02:47 - 2013-06-29 02:01 - 41891941 ____A C:\Users\Wiens\Downloads\Candy Crush Saga_1.13.1.apk
2013-06-28 00:09 - 2011-03-28 12:48 - 00000000 ____D C:\Users\Wiens\Documents\CSL Junioren
2013-06-27 20:36 - 2012-04-09 20:04 - 00000000 ____D C:\Users\Wiens\Documents\Camp 2012
2013-06-27 10:43 - 2011-03-25 13:26 - 00000000 ____D C:\Users\Wiens\AppData\Local\Microsoft Games
2013-06-27 05:30 - 2013-06-26 22:31 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\Ahnenblatt
2013-06-27 02:04 - 2013-06-27 02:04 - 00043631 ____A C:\Users\Wiens\Downloads\Stammbaum Heinrich Wiens.ged
2013-06-27 01:56 - 2013-06-27 01:56 - 00080806 ____A C:\Users\Wiens\Downloads\1m5208_283612g258c70bkc229q1c.ged
2013-06-26 22:31 - 2013-06-26 22:31 - 00001889 ____A C:\Users\Wiens\Desktop\Ahnenblatt.lnk
2013-06-26 22:31 - 2013-06-26 22:31 - 00000000 ____D C:\Users\Wiens\Documents\Ahnenblatt
2013-06-26 22:31 - 2013-06-26 22:31 - 00000000 ____D C:\Program Files (x86)\Ahnenblatt
2013-06-26 22:23 - 2013-06-26 22:23 - 04707624 ____A (Dirk Boettcher ) C:\Users\Wiens\Downloads\absetup_2.74.exe
2013-06-26 22:22 - 2013-06-26 22:21 - 00000022 ____A C:\Users\Wiens\Downloads\Stammbaum.zip
2013-06-26 22:16 - 2013-06-26 07:59 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-06-26 07:59 - 2013-06-26 07:59 - 00000995 ____A C:\Users\Public\Desktop\PDFCreator.lnk
2013-06-26 07:59 - 2013-06-26 07:59 - 00000000 ____D C:\Users\Wiens\AppData\Roaming\pdfforge
2013-06-26 07:36 - 2013-06-26 07:36 - 17502040 ____A (pdfforge GbR) C:\Users\Wiens\Downloads\PDFCreator-1_7_0_setup.exe
2013-06-26 07:35 - 2013-02-23 13:48 - 00000000 ____D C:\Users\Wiens\Documents\CSL Jugend
2013-06-26 07:17 - 2013-06-26 07:17 - 00264192 ____H C:\Users\Wiens\Downloads\~WRL0005.tmp
2013-06-24 09:46 - 2013-06-24 09:46 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8CBB581C-DC10-422D-93F9-684E4BB05696}
2013-06-23 04:21 - 2013-05-08 11:19 - 00002505 ____A C:\Users\Public\Desktop\Norton Internet Security CBE.lnk
2013-06-23 04:21 - 2013-05-08 11:18 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-06-21 05:11 - 2013-06-21 05:01 - 00000000 ____D C:\Users\Wiens\AppData\Local\Brand Thunder
2013-06-21 05:00 - 2013-06-21 05:00 - 00331112 ____A C:\Users\Wiens\Downloads\blackhawks_chrome_installer.exe
2013-06-21 01:00 - 2013-06-21 00:59 - 00000000 ____D C:\Users\Wiens\AppData\Local\{8A254666-6FE0-4103-A74F-835517AEB4B9}
2013-06-20 02:01 - 2013-06-19 10:02 - 00000000 ____D C:\Users\Wiens\AppData\Local\{E6F8212E-47D6-4199-966F-66C637356F49}
2013-06-19 02:15 - 2013-05-08 11:19 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-06-19 02:15 - 2013-05-08 11:19 - 00007631 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-06-17 11:49 - 2009-09-06 17:57 - 00000000 ____D C:\Windows\Panther
2013-06-16 04:51 - 2012-12-15 11:23 - 00000342 ____A C:\Windows\Tasks\HPCeeScheduleForWIENS-HP$.job
2013-06-13 06:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 21:09 - 2011-05-15 19:53 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 08:23 - 2013-06-12 06:45 - 00000000 ____D C:\Users\Wiens\Desktop\Luka Ebay
2013-06-11 23:03 - 2012-05-25 03:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 23:03 - 2011-08-31 14:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 08:38 - 2011-09-04 11:00 - 00001017 ____A C:\Users\Wiens\Desktop\Dropbox.lnk
2013-06-08 06:08 - 2013-06-16 23:37 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 06:07 - 2013-06-16 23:37 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 06:06 - 2013-06-16 23:37 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 06:06 - 2013-06-16 23:37 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 06:06 - 2013-06-16 23:37 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 04:28 - 2013-06-16 23:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 03:42 - 2013-06-16 23:37 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 03:40 - 2013-06-16 23:37 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 03:40 - 2013-06-16 23:37 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 03:40 - 2013-06-16 23:37 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 03:40 - 2013-06-16 23:37 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 03:13 - 2013-06-16 23:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Files to move or delete:
====================
C:\Users\Wiens\ccsetup305.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-06-12 21:07:06
Restore point made on: 2013-06-13 20:47:28
Restore point made on: 2013-06-16 23:37:04
Restore point made on: 2013-06-26 02:37:34
Restore point made on: 2013-06-30 14:38:56
Restore point made on: 2013-06-30 14:40:11

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3893.86 MB
Available physical RAM: 3141.64 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3137.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.93 GB) (Free:259.2 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:14.53 GB) (Free:1.79 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)
Drive h: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FBCCF9BA)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0B)


LastRegBack: 2013-07-03 09:45

==================== End Of Log ============================

 

Themen zu GVU Trojaner, frst durchgeführt, txt datei
adobe, adobe flash player, association, ccsetup, desktop, explorer, farbar, farbar recovery scan tool, flash player, frst.txt, frst64.exe durchgeführt, google, gvu - trojaner, helper, home, launch, log, microsoft, nvidia, pdf, registry, scan, security, services.exe, software, svchost.exe, symantec, system, temp, trojaner, usb, winlogon, winlogon.exe


« Hotmail gehackt? Seltsamer Fall! | GVU Trojaner - LOG File Analysieren und Bereinigen »


Ähnliche Themen: GVU Trojaner, frst durchgeführt, txt datei


  1. ich habe einen Virus eingefangen der aus FRST.txt ein FRST.txt!___prosschiff@gmail.com_ macht
    Log-Analyse und Auswertung - 27.09.2015 (3)
  2. Windows 7:GVU Trojaner mit Sperrschirm frst datei erstellt und wie geht es weiter
    Log-Analyse und Auswertung - 07.03.2015 (14)
  3. Maleware entdeckt - bootstrapper.exe - FRST Scan durchgeführt - was nun?
    Log-Analyse und Auswertung - 13.12.2013 (3)
  4. BKA Trojaner: FRST, was nun?
    Log-Analyse und Auswertung - 27.11.2013 (8)
  5. GVU Trojaner! FRST scan schon durchgeführt, wie gehts weiter?
    Log-Analyse und Auswertung - 16.09.2013 (10)
  6. GVU Trojaner - FRST.txt
    Plagegeister aller Art und deren Bekämpfung - 23.08.2013 (4)
  7. Interpol Trojaner hat PC gesperrt - frst Scan bereits durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (7)
  8. Weißer Bildschirm nach Neustart, scan via FRST.exe --> FRST.txt
    Log-Analyse und Auswertung - 06.08.2013 (5)
  9. GVU Trojaner Abgesichter Modus funktioniert nicht! FRST Scan durchgeführt.
    Log-Analyse und Auswertung - 15.07.2013 (5)
  10. GUV Trojaner -- LOG FRST
    Log-Analyse und Auswertung - 24.06.2013 (1)
  11. GVU Trojaner, Win 7, Systemwiederherstellung durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (11)
  12. GVU Trojaner auf Win7, Avira und OTL durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (4)
  13. dsgsdgdsdgsdw.dll Trojaner - DDS Scan durchgeführt...was tun?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (1)
  14. Bundespolizei Trojaner: Systemwiederherstellung durchgeführt
    Log-Analyse und Auswertung - 20.09.2012 (47)
  15. BKA-Trojaner / Systemwiederherstellung durchgeführt / OTL.txt & EXTRAS.txt
    Log-Analyse und Auswertung - 25.07.2012 (2)
  16. Hab Trojaner auf dem Pc und hab Hijacker durchgeführt
    Mülltonne - 17.12.2008 (0)
  17. Trojaner Ole32ws.dll escan durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 29.11.2006 (31)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner, frst durchgeführt, txt datei - Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013 Ran by SYSTEM on 08-07-2013 14:03:16 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer - GVU Trojaner, frst durchgeführt, txt datei...
Archiv
Du betrachtest: GVU Trojaner, frst durchgeführt, txt datei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19