Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner eingefangen, abgesicherter Modus fährt wieder herunter

GVU Trojaner eingefangen, abgesicherter Modus fährt wieder herunter


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner eingefangen, abgesicherter Modus fährt wieder herunter

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.07.2013, 23:20   #1
Annalena
 
GVU Trojaner eingefangen, abgesicherter Modus fährt wieder herunter - Standard

GVU Trojaner eingefangen, abgesicherter Modus fährt wieder herunter


Hallo allerseits,
mein Mann ist für die nächsten 2 Wochen auf Reisen und prompt tritt ein Problem an unserem PC auf:
der Rechner hat sich offenbar den GVU Trojaner eingefangen, erkennbar am weißen Sperrbildschirm, der fortan keinen Zugriff auf den Desktop mehr zulässt und jegliche Interaktion unterbindet.
Vor Erstellen dieses Beitrages habe ich hier im Forum schon entsprechend recherchiert und bin aktiv geworden.

Unser PC:
Win 7/64 Bit
Internet Explorer
Norton Internet Security 2013 als verwendete Sicherheitslösung

Auf einer 2. partition befindet sich Windows XP


Mithilfe des FRST tools habe ich wie beschrieben gescannt, mit folgendem Ergebnis:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-07-2013 03
Ran by SYSTEM on 16-07-2013 23:26:22
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\rdzqe.bat [x ] () <=== ATTENTION
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-29] (Apple Inc.)
HKLM-x32\...\Run: [MailCheck IE Broker] - "C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe" [1481280 2013-07-01] (1und1 Mail und Media GmbH)
HKU\Thomas\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-11-25] (Google Inc.)
HKU\Thomas\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [802136 2013-04-16] (BitTorrent Inc.)
HKU\Thomas\...\Run: [ctfmon.exe] - C:\PROGRA~3\rundll32.exe C:\PROGRA~3\eqzdr.dat,FG00 [x] <===== ATTENTION
HKU\Thomas\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Thomas\AppData\Local\Temp\safrmdvwtsmlkvmcq.exe [52224 2013-07-14] (NVIDIA Corporation) <===== ATTENTION
HKU\Thomas\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Thomas\...\Command Processor: "C:\Users\Thomas\AppData\Local\Temp\safrmdvwtsmlkvmcq.exe" <===== ATTENTION!
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\PROGRA~3\eqzdr.dat (No File)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-08] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-08] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130712.001\IDSvia64.sys [513184 2013-06-07] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130712.001\IDSvia64.sys [513184 2013-06-07] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130713.006\ENG64.SYS [126040 2013-07-08] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130713.006\ENG64.SYS [126040 2013-07-08] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130713.006\EX64.SYS [2098776 2013-07-08] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130713.006\EX64.SYS [2098776 2013-07-08] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S2 wuaserv; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-16 22:42 - 2013-07-16 22:42 - 00000000 ____D C:\FRST
2013-07-14 23:39 - 2013-07-14 23:39 - 00163056 _____ C:\Users\Thomas\AppData\Local\2433f433
2013-07-14 23:39 - 2013-07-14 23:39 - 00163056 _____ C:\ProgramData\2433f433
2013-07-14 23:39 - 2013-07-14 23:39 - 00163020 _____ C:\Users\Thomas\AppData\Roaming\2433f433
2013-07-13 00:19 - 2013-07-13 00:21 - 00000000 ____D C:\Windows\System32\MRT
2013-07-10 23:29 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 23:29 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 23:29 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 23:29 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 23:29 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 23:29 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 23:29 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 23:29 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 23:29 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 23:29 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 23:29 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 23:29 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 23:29 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 23:29 - 2013-06-12 00:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 23:29 - 2013-06-12 00:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 23:29 - 2013-06-12 00:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 23:29 - 2013-06-12 00:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 23:29 - 2013-06-12 00:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 23:29 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 23:29 - 2013-06-11 23:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 23:29 - 2013-06-07 04:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 23:29 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 21:16 - 2013-06-05 04:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 21:16 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 21:16 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 21:16 - 2013-05-06 07:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 21:16 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 21:16 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 21:16 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-04 06:08 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-07-04 06:08 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-03 06:40 - 2013-07-03 06:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 06:40 - 2013-07-03 06:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 06:40 - 2013-07-03 06:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-03 06:40 - 2013-07-03 06:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-03 06:40 - 2013-07-03 06:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 06:40 - 2013-07-03 06:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-03 06:40 - 2013-07-03 06:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 06:40 - 2013-07-03 06:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-03 06:39 - 2013-07-03 06:39 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 06:36 - 2013-07-03 06:43 - 00010418 _____ C:\Windows\IE10_main.log
2013-07-03 06:25 - 2013-07-03 06:25 - 00000000 ____D C:\Program Files\GMX MailCheck
2013-07-03 06:25 - 2013-07-03 06:25 - 00000000 ____D C:\Program Files (x86)\GMX MailCheck
2013-07-02 22:02 - 2013-07-02 22:02 - 00000000 ____D C:\ProgramData\UUdb
2013-07-02 22:02 - 2013-07-02 22:02 - 00000000 ____D C:\ProgramData\DesktopIcons
2013-06-21 20:03 - 2013-06-21 20:03 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security

==================== One Month Modified Files and Folders =======

2013-07-16 22:42 - 2013-07-16 22:42 - 00000000 ____D C:\FRST
2013-07-16 21:30 - 2010-11-25 22:48 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-16 21:30 - 2009-07-14 05:51 - 00100818 _____ C:\Windows\setupact.log
2013-07-16 21:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 20:41 - 2010-11-25 21:50 - 01341352 _____ C:\Windows\WindowsUpdate.log
2013-07-15 20:41 - 2009-07-14 18:58 - 00654150 _____ C:\Windows\System32\perfh007.dat
2013-07-15 20:41 - 2009-07-14 18:58 - 00130022 _____ C:\Windows\System32\perfc007.dat
2013-07-15 20:41 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-14 23:39 - 2013-07-14 23:39 - 00163056 _____ C:\Users\Thomas\AppData\Local\2433f433
2013-07-14 23:39 - 2013-07-14 23:39 - 00163056 _____ C:\ProgramData\2433f433
2013-07-14 23:39 - 2013-07-14 23:39 - 00163020 _____ C:\Users\Thomas\AppData\Roaming\2433f433
2013-07-14 23:38 - 2010-11-27 00:11 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\uTorrent
2013-07-14 23:05 - 2012-10-11 19:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 22:57 - 2010-11-25 22:48 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 20:15 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-14 20:15 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 10:58 - 2012-10-11 19:41 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 10:52 - 2010-11-25 22:48 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 10:52 - 2010-11-25 22:48 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 09:56 - 2010-11-26 20:28 - 00367848 _____ C:\Windows\PFRO.log
2013-07-13 00:21 - 2013-07-13 00:19 - 00000000 ____D C:\Windows\System32\MRT
2013-07-11 21:17 - 2009-07-14 05:45 - 00294344 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-11 21:16 - 2009-07-14 19:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 21:16 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 21:16 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 21:09 - 2012-05-14 21:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 21:09 - 2012-05-14 21:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-03 22:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-07-03 21:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-07-03 21:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-07-03 21:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-07-03 21:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-07-03 21:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-03 06:43 - 2013-07-03 06:36 - 00010418 _____ C:\Windows\IE10_main.log
2013-07-03 06:40 - 2013-07-03 06:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-03 06:40 - 2013-07-03 06:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 06:40 - 2013-07-03 06:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 06:40 - 2013-07-03 06:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-03 06:40 - 2013-07-03 06:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-03 06:40 - 2013-07-03 06:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 06:40 - 2013-07-03 06:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-03 06:40 - 2013-07-03 06:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 06:40 - 2013-07-03 06:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 06:40 - 2013-07-03 06:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-03 06:40 - 2013-07-03 06:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-03 06:39 - 2013-07-03 06:39 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 06:39 - 2013-07-03 06:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 06:25 - 2013-07-03 06:25 - 00000000 ____D C:\Program Files\GMX MailCheck
2013-07-03 06:25 - 2013-07-03 06:25 - 00000000 ____D C:\Program Files (x86)\GMX MailCheck
2013-07-02 22:02 - 2013-07-02 22:02 - 00000000 ____D C:\ProgramData\UUdb
2013-07-02 22:02 - 2013-07-02 22:02 - 00000000 ____D C:\ProgramData\DesktopIcons
2013-07-02 22:02 - 2013-03-17 22:19 - 00002008 _____ C:\Users\Thomas\Desktop\Amazon.lnk
2013-07-02 22:02 - 2013-03-17 22:19 - 00002002 _____ C:\Users\Thomas\Desktop\GMX.lnk
2013-07-02 22:02 - 2013-03-17 22:18 - 00003876 _____ C:\Windows\System32\Tasks\Registration 1und1 Task
2013-07-02 22:02 - 2013-03-17 22:18 - 00000000 ____D C:\Program Files (x86)\1und1Softwareaktualisierung
2013-06-23 23:57 - 2010-11-30 00:27 - 78277128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-21 20:03 - 2013-06-21 20:03 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-06-21 19:58 - 2012-04-29 09:32 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-06-21 19:58 - 2012-04-29 09:32 - 00002501 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-06-21 19:58 - 2012-04-29 09:32 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-06-19 22:42 - 2012-04-29 09:32 - 00177312 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-06-19 22:42 - 2012-04-29 09:32 - 00007631 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
C:\ProgramData\rdzqe.bat
C:\ProgramData\rdzqe.pad
C:\ProgramData\rdzqe.reg

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 4023.11 MB
Available physical RAM: 3452.2 MB
Total Pagefile: 4021.26 MB
Available Pagefile: 3442.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:804.55 GB) (Free:685.81 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:126.95 GB) (Free:101.14 GB) NTFS (Disk=0 Partition=2)
Drive e: (Fallout 3) (CDROM) (Total:5.6 GB) (Free:0 GB) UDF
Drive g: (USB DISK) (Removable) (Total:14.43 GB) (Free:14.43 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=805 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=127 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14 GB) - (Type=0C)


LastRegBack: 2013-07-03 22:43

==================== End Of Log ============================

Ich hoffe bis hierhin alles richtig gemacht zu haben und es wäre großartig wenn mir jemand weiterhelfen könnte.

Vielen Dank + LG
Annalena

 

Themen zu GVU Trojaner eingefangen, abgesicherter Modus fährt wieder herunter
adobe, adobe flash player, association, desktop, dll, explorer.exe, farbar, farbar recovery scan tool, flash player, frst.txt, google, home, log, microsoft, nvidia, problem, registry, rundll, security, services.exe, svchost.exe, symantec, system, temp, thomas, trojaner, usb, windows, winlogon, winlogon.exe


« Ungültiges Bild - Win7 | Firefox zeigt nur leere Seite / Malwarebytes findet 64 infizierte Objekte »


Ähnliche Themen: GVU Trojaner eingefangen, abgesicherter Modus fährt wieder herunter


  1. Bundestrojaner auf Netbook eingefangen, Abgesicherter Modus fährt immer wieder herunter
    Plagegeister aller Art und deren Bekämpfung - 05.05.2014 (10)
  2. BMI, Polizei Virus, abgesicherter Modus fährt ohne Eingabemöglichkeit wieder runter
    Log-Analyse und Auswertung - 22.04.2014 (7)
  3. Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunter
    Log-Analyse und Auswertung - 19.04.2014 (11)
  4. BMI, Polizei Virus, abgesicherter Modus fährt ohne Eingabemöglichkeit wieder runter
    Log-Analyse und Auswertung - 02.02.2014 (4)
  5. GVU Trojaner, Abgesicherter Modus fährt automatisch wieder runter
    Log-Analyse und Auswertung - 25.11.2013 (11)
  6. GVU Trojaner , abgesicherter Modus fährt ohne Eingabemöglichkeit wieder runter
    Log-Analyse und Auswertung - 17.11.2013 (2)
  7. Windows 7: Trojaner mit Sperrschirm; PC fährt herunter im abgesicherten Modus
    Log-Analyse und Auswertung - 24.10.2013 (11)
  8. Interpol Virus, Windows 7, Abgesicherter Modus fährt wieder runter
    Plagegeister aller Art und deren Bekämpfung - 21.10.2013 (1)
  9. [solved] 1. GVU; 2. abgesicherter Modus fährt sogleich wieder runter
    Plagegeister aller Art und deren Bekämpfung - 17.08.2013 (1)
  10. GVU-Trojaner (Vista + Abgesicherter Modus fährt nach Start wieder herunter)
    Log-Analyse und Auswertung - 14.08.2013 (15)
  11. Startbildschirm Weiß, Abgesicherter Modus fährt automatisch herunter
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (3)
  12. Trojaner, Abgesicherter Modus fährt sofort wieder runter
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (40)
  13. GVU Virus eingefangen, Abgesicherter Modus fährt direkt wieder runger, Windows XP
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (24)
  14. GVU Trojaner? Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter
    Log-Analyse und Auswertung - 24.06.2013 (15)
  15. Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter
    Log-Analyse und Auswertung - 20.06.2013 (23)
  16. BMI-Trojaner, abgesicherter Modus fährt herunter
    Log-Analyse und Auswertung - 25.05.2013 (1)
  17. PC fährt wieder herunter, Antivir hat mehrere Trojaner gefunden
    Log-Analyse und Auswertung - 01.02.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner eingefangen, abgesicherter Modus fährt wieder herunter - Hallo allerseits, mein Mann ist für die nächsten 2 Wochen auf Reisen und prompt tritt ein Problem an unserem PC auf: der Rechner hat sich offenbar den GVU Trojaner eingefangen, - GVU Trojaner eingefangen, abgesicherter Modus fährt wieder herunter...
Archiv
Du betrachtest: GVU Trojaner eingefangen, abgesicherter Modus fährt wieder herunter auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131