Trojaner GVU Logfile FRST GVU-Trojaner Windows 7

opaööö · 25.07.2013, 16:55

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013
Ran by SYSTEM on 25-07-2013 17:24:46
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-21] (Dritek System Inc.)
HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] ()
HKU\georg\...\Run: [ctfmon32.exe] - C:\PROGRA~3\rundll32.exe C:\PROGRA~3\lodlb.dat,XFG00 [44544 2013-07-21] (Microsoft Corporation) <===== ATTENTION
Startup: C:\Users\georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\lodlb.dat ()

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-17] (AVG Technologies CZ, s.r.o.)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\RpcAgentSrv.exe [95896 2009-01-04] (SiSoftware)
S3 uvnc_service; C:\Program Files (x86)\UltraVNC\WinVNC.exe [1737200 2010-11-27] (UltraVNC)

==================== Drivers (Whitelisted) ====================

S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-28] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-07] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-07] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.)
S3 eh100; C:\Windows\System32\DRIVERS\eh100.sys [45568 2009-11-11] (SCM Microsystems Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-05] (Marvell Semiconductor, Inc.)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [64752 2012-08-07] (Fuzhou Rockchip Electronics Co,Ltd.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-25 17:24 - 2013-07-25 17:24 - 00000000 ____D C:\FRST
2013-07-21 05:08 - 2013-07-25 04:50 - 95023320 ____T C:\ProgramData\bldol.pad
2013-07-21 05:08 - 2013-07-25 04:49 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 05:08 - 2013-07-21 05:08 - 00129024 _____ C:\ProgramData\lodlb.dat
2013-07-21 05:08 - 2013-07-21 05:08 - 00044544 _____ (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-07-21 05:08 - 2013-07-21 05:08 - 00002655 _____ C:\ProgramData\bldol.js
2013-07-21 05:08 - 2013-07-21 05:08 - 00001005 _____ C:\ProgramData\sdaksda.txt
2013-07-21 05:08 - 2013-07-21 05:08 - 00000151 _____ C:\ProgramData\bldol.reg
2013-07-21 05:08 - 2013-07-21 05:08 - 00000056 _____ C:\ProgramData\bldol.bat
2013-07-17 02:32 - 2013-07-18 08:06 - 00037018 _____ C:\Users\georg\Documents\Antrag  Zagorski.odt
2013-07-10 07:45 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 07:45 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 07:45 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 07:45 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 07:45 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 07:45 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 07:45 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 07:45 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 07:45 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 07:45 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 07:45 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 07:45 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 07:45 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 07:45 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 07:45 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 07:45 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 07:45 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 07:44 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 07:44 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 07:44 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 07:44 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 07:44 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 07:44 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 05:27 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 05:27 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 05:27 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 05:27 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 05:26 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 05:26 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 05:26 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-09 11:36 - 2013-07-09 11:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-07-09 11:36 - 2013-07-09 11:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-07-05 06:57 - 2013-07-10 11:21 - 00036040 _____ C:\Users\georg\Documents\Antrag Theilicke.odt
2013-07-03 12:16 - 2013-07-10 13:21 - 00030138 _____ C:\Users\georg\Documents\Antrag Jochem.odt
2013-07-03 01:54 - 2013-07-03 02:03 - 00000000 ____D C:\Users\georg\Downloads\Fabian Bewerbung REWA TIMEWATCH
2013-06-30 06:56 - 2013-06-30 06:56 - 00000000 ____D C:\Users\georg\AppData\Roaming\AVG
2013-06-30 06:55 - 2013-06-30 06:57 - 00000000 ____D C:\ProgramData\AVG
2013-06-30 06:55 - 2013-06-30 06:55 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-30 06:49 - 2013-06-30 06:49 - 00648201 _____ C:\Users\georg\Downloads\adwcleaner2303 (1).exe
2013-06-30 06:49 - 2013-06-30 06:49 - 00001320 _____ C:\AdwCleaner[S2].txt
2013-06-30 06:49 - 2013-06-30 06:49 - 00001258 _____ C:\AdwCleaner[R4].txt
2013-06-30 06:45 - 2013-07-25 05:15 - 00002688 _____ C:\Windows\setupact.log
2013-06-30 06:45 - 2013-06-30 06:45 - 00342706 _____ C:\Windows\PFRO.log
2013-06-30 06:45 - 2013-06-30 06:45 - 00000000 _____ C:\Windows\setuperr.log
2013-06-30 06:43 - 2013-06-30 06:44 - 00018814 _____ C:\AdwCleaner[S1].txt
2013-06-30 06:43 - 2013-06-30 06:43 - 00019013 _____ C:\AdwCleaner[R3].txt
2013-06-30 06:36 - 2013-06-30 06:36 - 02828552 _____ (AVAST Software) C:\Users\georg\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-06-30 06:35 - 2013-06-30 06:35 - 00648201 _____ C:\Users\georg\Downloads\adwcleaner2303.exe
2013-06-30 06:35 - 2013-06-30 06:35 - 00021469 _____ C:\AdwCleaner[R2].txt
2013-06-30 06:35 - 2013-06-30 06:35 - 00021408 _____ C:\AdwCleaner[R1].txt
2013-06-30 06:15 - 2013-06-30 06:15 - 00000040 _____ C:\Users\Public\Documents\_rgpl
2013-06-30 06:10 - 2013-06-30 06:10 - 00003296 _____ C:\Windows\System32\Tasks\4713
2013-06-30 06:10 - 2013-06-30 06:10 - 00003200 _____ C:\Windows\System32\Tasks\0
2013-06-30 06:04 - 2013-06-30 06:04 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-06-30 06:04 - 2013-06-30 06:04 - 00000000 ____D C:\Users\georg\AppData\Roaming\AVG2013
2013-06-30 06:03 - 2013-07-09 11:36 - 00000985 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-30 06:03 - 2013-06-30 06:04 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-30 06:03 - 2013-06-30 06:03 - 00000000 ___HD C:\$AVG
2013-06-30 06:02 - 2013-06-30 08:49 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-30 06:00 - 2013-07-23 03:47 - 00000000 ____D C:\ProgramData\MFAData
2013-06-30 06:00 - 2013-06-30 06:52 - 00000000 ____D C:\Users\georg\AppData\Local\Avg2013
2013-06-30 06:00 - 2013-06-30 06:00 - 00000000 ____D C:\Users\georg\AppData\Local\MFAData
2013-06-30 05:58 - 2013-06-30 05:59 - 138067312 _____ (AVG Technologies) C:\Users\georg\Downloads\avg_free_x86_all_2013_3345a6382.exe
2013-06-30 05:55 - 2013-06-30 05:55 - 02092792 _____ C:\Users\georg\Downloads\avira_free_antivirus.exe
2013-06-28 00:10 - 2013-06-28 00:10 - 00449184 _____ C:\Users\georg\Downloads\Setup.exe

==================== One Month Modified Files and Folders =======

2013-07-25 17:24 - 2013-07-25 17:24 - 00000000 ____D C:\FRST
2013-07-25 05:23 - 2011-02-26 04:19 - 00000000 ____D C:\Users\georg\Desktop\OpenOffice.org 3.3 (de) Installation Files
2013-07-25 05:15 - 2013-06-30 06:45 - 00002688 _____ C:\Windows\setupact.log
2013-07-25 05:15 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 04:50 - 2013-07-21 05:08 - 95023320 ____T C:\ProgramData\bldol.pad
2013-07-25 04:49 - 2013-07-21 05:08 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-25 04:49 - 2011-01-20 07:24 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-23 03:48 - 2010-09-04 02:58 - 01760710 _____ C:\Windows\WindowsUpdate.log
2013-07-23 03:48 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 03:48 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 03:47 - 2013-06-30 06:00 - 00000000 ____D C:\ProgramData\MFAData
2013-07-23 03:45 - 2011-08-12 06:32 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9B4D6411-A7DB-4AF9-83DA-3CCC04F4618D}
2013-07-21 05:57 - 2011-01-20 07:24 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-21 05:08 - 2013-07-21 05:08 - 00129024 _____ C:\ProgramData\lodlb.dat
2013-07-21 05:08 - 2013-07-21 05:08 - 00044544 _____ (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-07-21 05:08 - 2013-07-21 05:08 - 00002655 _____ C:\ProgramData\bldol.js
2013-07-21 05:08 - 2013-07-21 05:08 - 00001005 _____ C:\ProgramData\sdaksda.txt
2013-07-21 05:08 - 2013-07-21 05:08 - 00000151 _____ C:\ProgramData\bldol.reg
2013-07-21 05:08 - 2013-07-21 05:08 - 00000056 _____ C:\ProgramData\bldol.bat
2013-07-18 08:06 - 2013-07-17 02:32 - 00037018 _____ C:\Users\georg\Documents\Antrag  Zagorski.odt
2013-07-15 00:58 - 2012-10-28 13:24 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-15 00:52 - 2011-01-20 07:24 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 00:52 - 2011-01-20 07:24 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-10 13:21 - 2013-07-03 12:16 - 00030138 _____ C:\Users\georg\Documents\Antrag Jochem.odt
2013-07-10 11:21 - 2013-07-05 06:57 - 00036040 _____ C:\Users\georg\Documents\Antrag Theilicke.odt
2013-07-10 11:05 - 2009-07-13 20:45 - 00323104 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 11:05 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2013-07-10 11:04 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 11:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 11:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 11:03 - 2013-03-13 16:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 11:03 - 2010-07-13 03:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 07:46 - 2011-02-01 11:24 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-09 11:36 - 2013-07-09 11:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-07-09 11:36 - 2013-07-09 11:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-07-09 11:36 - 2013-06-30 06:03 - 00000985 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-08 09:19 - 2013-04-03 06:29 - 00033664 _____ C:\Users\georg\Documents\Antrag Bartholi.odt
2013-07-07 12:24 - 2011-01-15 17:09 - 00000000 ____D C:\Users\georg\AppData\Roaming\SoftGrid Client
2013-07-04 04:33 - 2012-10-09 00:19 - 00000000 ____D C:\Users\georg\Desktop\Abrechnung 312
2013-07-04 04:27 - 2011-10-10 22:35 - 00000000 ____D C:\DateiFuerOnlineAbrechnung
2013-07-03 02:03 - 2013-07-03 01:54 - 00000000 ____D C:\Users\georg\Downloads\Fabian Bewerbung REWA TIMEWATCH
2013-07-03 01:12 - 2013-05-07 22:46 - 00005632 ___SH C:\Users\georg\Thumbs.db
2013-07-03 01:00 - 2013-06-02 03:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 01:00 - 2013-05-02 00:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-01 10:42 - 2010-09-04 12:48 - 00649148 _____ C:\Windows\System32\perfh007.dat
2013-07-01 10:42 - 2010-09-04 12:48 - 00129116 _____ C:\Windows\System32\perfc007.dat
2013-07-01 10:42 - 2009-07-13 21:13 - 01487596 _____ C:\Windows\System32\PerfStringBackup.INI
2013-06-30 08:49 - 2013-06-30 06:02 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-30 07:02 - 2011-08-09 03:30 - 00003696 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2013-06-30 06:57 - 2013-06-30 06:55 - 00000000 ____D C:\ProgramData\AVG
2013-06-30 06:56 - 2013-06-30 06:56 - 00000000 ____D C:\Users\georg\AppData\Roaming\AVG
2013-06-30 06:55 - 2013-06-30 06:55 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-30 06:52 - 2013-06-30 06:00 - 00000000 ____D C:\Users\georg\AppData\Local\Avg2013
2013-06-30 06:49 - 2013-06-30 06:49 - 00648201 _____ C:\Users\georg\Downloads\adwcleaner2303 (1).exe
2013-06-30 06:49 - 2013-06-30 06:49 - 00001320 _____ C:\AdwCleaner[S2].txt
2013-06-30 06:49 - 2013-06-30 06:49 - 00001258 _____ C:\AdwCleaner[R4].txt
2013-06-30 06:45 - 2013-06-30 06:45 - 00342706 _____ C:\Windows\PFRO.log
2013-06-30 06:45 - 2013-06-30 06:45 - 00000000 _____ C:\Windows\setuperr.log
2013-06-30 06:45 - 2011-01-20 07:12 - 00000000 ____D C:\ProgramData\Norton
2013-06-30 06:45 - 2010-07-13 03:56 - 00000000 ____D C:\Program Files\Google
2013-06-30 06:45 - 2010-07-13 03:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-30 06:44 - 2013-06-30 06:43 - 00018814 _____ C:\AdwCleaner[S1].txt
2013-06-30 06:43 - 2013-06-30 06:43 - 00019013 _____ C:\AdwCleaner[R3].txt
2013-06-30 06:36 - 2013-06-30 06:36 - 02828552 _____ (AVAST Software) C:\Users\georg\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-06-30 06:35 - 2013-06-30 06:35 - 00648201 _____ C:\Users\georg\Downloads\adwcleaner2303.exe
2013-06-30 06:35 - 2013-06-30 06:35 - 00021469 _____ C:\AdwCleaner[R2].txt
2013-06-30 06:35 - 2013-06-30 06:35 - 00021408 _____ C:\AdwCleaner[R1].txt
2013-06-30 06:19 - 2012-01-10 13:53 - 00000000 ____D C:\Users\georg\Tracing
2013-06-30 06:18 - 2011-04-20 14:05 - 00000000 ____D C:\Users\georg\AppData\Local\CrashDumps
2013-06-30 06:16 - 2010-07-13 03:45 - 00000000 ____D C:\Program Files (x86)\Acer GameZone
2013-06-30 06:15 - 2013-06-30 06:15 - 00000040 _____ C:\Users\Public\Documents\_rgpl
2013-06-30 06:14 - 2010-07-13 03:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-30 06:10 - 2013-06-30 06:10 - 00003296 _____ C:\Windows\System32\Tasks\4713
2013-06-30 06:10 - 2013-06-30 06:10 - 00003200 _____ C:\Windows\System32\Tasks\0
2013-06-30 06:08 - 2011-03-29 09:20 - 00000000 ____D C:\Users\georg\AppData\Roaming\Skype
2013-06-30 06:08 - 2011-03-29 09:19 - 00000000 ____D C:\ProgramData\Skype
2013-06-30 06:04 - 2013-06-30 06:04 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-06-30 06:04 - 2013-06-30 06:04 - 00000000 ____D C:\Users\georg\AppData\Roaming\AVG2013
2013-06-30 06:04 - 2013-06-30 06:03 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-30 06:03 - 2013-06-30 06:03 - 00000000 ___HD C:\$AVG
2013-06-30 06:03 - 2011-08-09 03:11 - 00000000 ____D C:\Users\georg\AppData\Roaming\TuneUp Software
2013-06-30 06:00 - 2013-06-30 06:00 - 00000000 ____D C:\Users\georg\AppData\Local\MFAData
2013-06-30 05:59 - 2013-06-30 05:58 - 138067312 _____ (AVG Technologies) C:\Users\georg\Downloads\avg_free_x86_all_2013_3345a6382.exe
2013-06-30 05:55 - 2013-06-30 05:55 - 02092792 _____ C:\Users\georg\Downloads\avira_free_antivirus.exe
2013-06-30 05:48 - 2013-05-13 04:22 - 00000866 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-06-30 05:47 - 2011-01-14 15:19 - 00000000 ____D C:\Users\georg\AppData\Local\Google
2013-06-30 05:47 - 2010-07-13 03:56 - 00000000 ____D C:\ProgramData\Google
2013-06-30 05:43 - 2013-02-04 15:04 - 00000000 ____D C:\ProgramData\Avira
2013-06-30 05:42 - 2011-03-01 07:02 - 00000000 ____D C:\Program Files (x86)\audiograbber
2013-06-28 00:10 - 2013-06-28 00:10 - 00449184 _____ C:\Users\georg\Downloads\Setup.exe
2013-06-25 08:08 - 2009-07-13 21:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
C:\ProgramData\rundll32.exe
C:\Users\georg\AppData\Roaming\skype.dat
C:\Users\georg\AppData\Roaming\skype.ini
C:\ProgramData\bldol.bat
C:\ProgramData\bldol.pad
C:\ProgramData\bldol.reg
C:\ProgramData\lodlb.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-30 08:48:51
Restore point made on: 2013-06-30 08:49:30
Restore point made on: 2013-07-01 02:02:22
Restore point made on: 2013-07-08 04:36:33
Restore point made on: 2013-07-10 07:42:54
Restore point made on: 2013-07-18 04:58:29

==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 3958.71 MB
Available physical RAM: 3228.82 MB
Total Pagefile: 3956.86 MB
Available Pagefile: 3217.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:219.18 GB) NTFS (Disk=0 Partition=3)
Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.42 GB) NTFS (Disk=0 Partition=1)
Drive g: (INTENSO) (Removable) (Total:3.63 GB) (Free:3.63 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 1FDF9619)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-07-15 01:20

==================== End Of Log ============================

Trojaner GVU Logfile FRST GVU-Trojaner Windows 7

Log-Analyse und Auswertung: Trojaner GVU Logfile FRST GVU-Trojaner Windows 7

Trojaner GVU Logfile FRST GVU-Trojaner Windows 7

Ähnliche Themen: Trojaner GVU Logfile FRST GVU-Trojaner Windows 7