| |
| |||||||
Log-Analyse und Auswertung: Trojaner GVU Logfile FRST GVU-Trojaner Windows 7Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.07.2013, 16:55
| #1 |
| |  Trojaner GVU Logfile FRST GVU-Trojaner Windows 7Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013
Ran by SYSTEM on 25-07-2013 17:24:46
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-21] (Dritek System Inc.)
HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] ()
HKU\georg\...\Run: [ctfmon32.exe] - C:\PROGRA~3\rundll32.exe C:\PROGRA~3\lodlb.dat,XFG00 [44544 2013-07-21] (Microsoft Corporation) <===== ATTENTION
Startup: C:\Users\georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\lodlb.dat ()
==================== Services (Whitelisted) =================
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-17] (AVG Technologies CZ, s.r.o.)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\RpcAgentSrv.exe [95896 2009-01-04] (SiSoftware)
S3 uvnc_service; C:\Program Files (x86)\UltraVNC\WinVNC.exe [1737200 2010-11-27] (UltraVNC)
==================== Drivers (Whitelisted) ====================
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-28] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-07] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-07] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.)
S3 eh100; C:\Windows\System32\DRIVERS\eh100.sys [45568 2009-11-11] (SCM Microsystems Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-05] (Marvell Semiconductor, Inc.)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [64752 2012-08-07] (Fuzhou Rockchip Electronics Co,Ltd.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-25 17:24 - 2013-07-25 17:24 - 00000000 ____D C:\FRST
2013-07-21 05:08 - 2013-07-25 04:50 - 95023320 ____T C:\ProgramData\bldol.pad
2013-07-21 05:08 - 2013-07-25 04:49 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 05:08 - 2013-07-21 05:08 - 00129024 _____ C:\ProgramData\lodlb.dat
2013-07-21 05:08 - 2013-07-21 05:08 - 00044544 _____ (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-07-21 05:08 - 2013-07-21 05:08 - 00002655 _____ C:\ProgramData\bldol.js
2013-07-21 05:08 - 2013-07-21 05:08 - 00001005 _____ C:\ProgramData\sdaksda.txt
2013-07-21 05:08 - 2013-07-21 05:08 - 00000151 _____ C:\ProgramData\bldol.reg
2013-07-21 05:08 - 2013-07-21 05:08 - 00000056 _____ C:\ProgramData\bldol.bat
2013-07-17 02:32 - 2013-07-18 08:06 - 00037018 _____ C:\Users\georg\Documents\Antrag Zagorski.odt
2013-07-10 07:45 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 07:45 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 07:45 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 07:45 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 07:45 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 07:45 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 07:45 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 07:45 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 07:45 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 07:45 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 07:45 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 07:45 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 07:45 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 07:45 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 07:45 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 07:45 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 07:45 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 07:45 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 07:44 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 07:44 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 07:44 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 07:44 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 07:44 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 07:44 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 05:27 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 05:27 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 05:27 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 05:27 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 05:26 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 05:26 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 05:26 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-09 11:36 - 2013-07-09 11:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-07-09 11:36 - 2013-07-09 11:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-07-05 06:57 - 2013-07-10 11:21 - 00036040 _____ C:\Users\georg\Documents\Antrag Theilicke.odt
2013-07-03 12:16 - 2013-07-10 13:21 - 00030138 _____ C:\Users\georg\Documents\Antrag Jochem.odt
2013-07-03 01:54 - 2013-07-03 02:03 - 00000000 ____D C:\Users\georg\Downloads\Fabian Bewerbung REWA TIMEWATCH
2013-06-30 06:56 - 2013-06-30 06:56 - 00000000 ____D C:\Users\georg\AppData\Roaming\AVG
2013-06-30 06:55 - 2013-06-30 06:57 - 00000000 ____D C:\ProgramData\AVG
2013-06-30 06:55 - 2013-06-30 06:55 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-30 06:49 - 2013-06-30 06:49 - 00648201 _____ C:\Users\georg\Downloads\adwcleaner2303 (1).exe
2013-06-30 06:49 - 2013-06-30 06:49 - 00001320 _____ C:\AdwCleaner[S2].txt
2013-06-30 06:49 - 2013-06-30 06:49 - 00001258 _____ C:\AdwCleaner[R4].txt
2013-06-30 06:45 - 2013-07-25 05:15 - 00002688 _____ C:\Windows\setupact.log
2013-06-30 06:45 - 2013-06-30 06:45 - 00342706 _____ C:\Windows\PFRO.log
2013-06-30 06:45 - 2013-06-30 06:45 - 00000000 _____ C:\Windows\setuperr.log
2013-06-30 06:43 - 2013-06-30 06:44 - 00018814 _____ C:\AdwCleaner[S1].txt
2013-06-30 06:43 - 2013-06-30 06:43 - 00019013 _____ C:\AdwCleaner[R3].txt
2013-06-30 06:36 - 2013-06-30 06:36 - 02828552 _____ (AVAST Software) C:\Users\georg\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-06-30 06:35 - 2013-06-30 06:35 - 00648201 _____ C:\Users\georg\Downloads\adwcleaner2303.exe
2013-06-30 06:35 - 2013-06-30 06:35 - 00021469 _____ C:\AdwCleaner[R2].txt
2013-06-30 06:35 - 2013-06-30 06:35 - 00021408 _____ C:\AdwCleaner[R1].txt
2013-06-30 06:15 - 2013-06-30 06:15 - 00000040 _____ C:\Users\Public\Documents\_rgpl
2013-06-30 06:10 - 2013-06-30 06:10 - 00003296 _____ C:\Windows\System32\Tasks\4713
2013-06-30 06:10 - 2013-06-30 06:10 - 00003200 _____ C:\Windows\System32\Tasks\0
2013-06-30 06:04 - 2013-06-30 06:04 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-06-30 06:04 - 2013-06-30 06:04 - 00000000 ____D C:\Users\georg\AppData\Roaming\AVG2013
2013-06-30 06:03 - 2013-07-09 11:36 - 00000985 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-30 06:03 - 2013-06-30 06:04 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-30 06:03 - 2013-06-30 06:03 - 00000000 ___HD C:\$AVG
2013-06-30 06:02 - 2013-06-30 08:49 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-30 06:00 - 2013-07-23 03:47 - 00000000 ____D C:\ProgramData\MFAData
2013-06-30 06:00 - 2013-06-30 06:52 - 00000000 ____D C:\Users\georg\AppData\Local\Avg2013
2013-06-30 06:00 - 2013-06-30 06:00 - 00000000 ____D C:\Users\georg\AppData\Local\MFAData
2013-06-30 05:58 - 2013-06-30 05:59 - 138067312 _____ (AVG Technologies) C:\Users\georg\Downloads\avg_free_x86_all_2013_3345a6382.exe
2013-06-30 05:55 - 2013-06-30 05:55 - 02092792 _____ C:\Users\georg\Downloads\avira_free_antivirus.exe
2013-06-28 00:10 - 2013-06-28 00:10 - 00449184 _____ C:\Users\georg\Downloads\Setup.exe
==================== One Month Modified Files and Folders =======
2013-07-25 17:24 - 2013-07-25 17:24 - 00000000 ____D C:\FRST
2013-07-25 05:23 - 2011-02-26 04:19 - 00000000 ____D C:\Users\georg\Desktop\OpenOffice.org 3.3 (de) Installation Files
2013-07-25 05:15 - 2013-06-30 06:45 - 00002688 _____ C:\Windows\setupact.log
2013-07-25 05:15 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 04:50 - 2013-07-21 05:08 - 95023320 ____T C:\ProgramData\bldol.pad
2013-07-25 04:49 - 2013-07-21 05:08 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-25 04:49 - 2011-01-20 07:24 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-23 03:48 - 2010-09-04 02:58 - 01760710 _____ C:\Windows\WindowsUpdate.log
2013-07-23 03:48 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 03:48 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 03:47 - 2013-06-30 06:00 - 00000000 ____D C:\ProgramData\MFAData
2013-07-23 03:45 - 2011-08-12 06:32 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9B4D6411-A7DB-4AF9-83DA-3CCC04F4618D}
2013-07-21 05:57 - 2011-01-20 07:24 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-21 05:08 - 2013-07-21 05:08 - 00129024 _____ C:\ProgramData\lodlb.dat
2013-07-21 05:08 - 2013-07-21 05:08 - 00044544 _____ (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-07-21 05:08 - 2013-07-21 05:08 - 00002655 _____ C:\ProgramData\bldol.js
2013-07-21 05:08 - 2013-07-21 05:08 - 00001005 _____ C:\ProgramData\sdaksda.txt
2013-07-21 05:08 - 2013-07-21 05:08 - 00000151 _____ C:\ProgramData\bldol.reg
2013-07-21 05:08 - 2013-07-21 05:08 - 00000056 _____ C:\ProgramData\bldol.bat
2013-07-18 08:06 - 2013-07-17 02:32 - 00037018 _____ C:\Users\georg\Documents\Antrag Zagorski.odt
2013-07-15 00:58 - 2012-10-28 13:24 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-15 00:52 - 2011-01-20 07:24 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 00:52 - 2011-01-20 07:24 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-10 13:21 - 2013-07-03 12:16 - 00030138 _____ C:\Users\georg\Documents\Antrag Jochem.odt
2013-07-10 11:21 - 2013-07-05 06:57 - 00036040 _____ C:\Users\georg\Documents\Antrag Theilicke.odt
2013-07-10 11:05 - 2009-07-13 20:45 - 00323104 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 11:05 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2013-07-10 11:04 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 11:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 11:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 11:03 - 2013-03-13 16:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 11:03 - 2010-07-13 03:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 07:46 - 2011-02-01 11:24 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-09 11:36 - 2013-07-09 11:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-07-09 11:36 - 2013-07-09 11:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-07-09 11:36 - 2013-06-30 06:03 - 00000985 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-08 09:19 - 2013-04-03 06:29 - 00033664 _____ C:\Users\georg\Documents\Antrag Bartholi.odt
2013-07-07 12:24 - 2011-01-15 17:09 - 00000000 ____D C:\Users\georg\AppData\Roaming\SoftGrid Client
2013-07-04 04:33 - 2012-10-09 00:19 - 00000000 ____D C:\Users\georg\Desktop\Abrechnung 312
2013-07-04 04:27 - 2011-10-10 22:35 - 00000000 ____D C:\DateiFuerOnlineAbrechnung
2013-07-03 02:03 - 2013-07-03 01:54 - 00000000 ____D C:\Users\georg\Downloads\Fabian Bewerbung REWA TIMEWATCH
2013-07-03 01:12 - 2013-05-07 22:46 - 00005632 ___SH C:\Users\georg\Thumbs.db
2013-07-03 01:00 - 2013-06-02 03:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 01:00 - 2013-05-02 00:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-01 10:42 - 2010-09-04 12:48 - 00649148 _____ C:\Windows\System32\perfh007.dat
2013-07-01 10:42 - 2010-09-04 12:48 - 00129116 _____ C:\Windows\System32\perfc007.dat
2013-07-01 10:42 - 2009-07-13 21:13 - 01487596 _____ C:\Windows\System32\PerfStringBackup.INI
2013-06-30 08:49 - 2013-06-30 06:02 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-30 07:02 - 2011-08-09 03:30 - 00003696 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2013-06-30 06:57 - 2013-06-30 06:55 - 00000000 ____D C:\ProgramData\AVG
2013-06-30 06:56 - 2013-06-30 06:56 - 00000000 ____D C:\Users\georg\AppData\Roaming\AVG
2013-06-30 06:55 - 2013-06-30 06:55 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-30 06:52 - 2013-06-30 06:00 - 00000000 ____D C:\Users\georg\AppData\Local\Avg2013
2013-06-30 06:49 - 2013-06-30 06:49 - 00648201 _____ C:\Users\georg\Downloads\adwcleaner2303 (1).exe
2013-06-30 06:49 - 2013-06-30 06:49 - 00001320 _____ C:\AdwCleaner[S2].txt
2013-06-30 06:49 - 2013-06-30 06:49 - 00001258 _____ C:\AdwCleaner[R4].txt
2013-06-30 06:45 - 2013-06-30 06:45 - 00342706 _____ C:\Windows\PFRO.log
2013-06-30 06:45 - 2013-06-30 06:45 - 00000000 _____ C:\Windows\setuperr.log
2013-06-30 06:45 - 2011-01-20 07:12 - 00000000 ____D C:\ProgramData\Norton
2013-06-30 06:45 - 2010-07-13 03:56 - 00000000 ____D C:\Program Files\Google
2013-06-30 06:45 - 2010-07-13 03:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-30 06:44 - 2013-06-30 06:43 - 00018814 _____ C:\AdwCleaner[S1].txt
2013-06-30 06:43 - 2013-06-30 06:43 - 00019013 _____ C:\AdwCleaner[R3].txt
2013-06-30 06:36 - 2013-06-30 06:36 - 02828552 _____ (AVAST Software) C:\Users\georg\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-06-30 06:35 - 2013-06-30 06:35 - 00648201 _____ C:\Users\georg\Downloads\adwcleaner2303.exe
2013-06-30 06:35 - 2013-06-30 06:35 - 00021469 _____ C:\AdwCleaner[R2].txt
2013-06-30 06:35 - 2013-06-30 06:35 - 00021408 _____ C:\AdwCleaner[R1].txt
2013-06-30 06:19 - 2012-01-10 13:53 - 00000000 ____D C:\Users\georg\Tracing
2013-06-30 06:18 - 2011-04-20 14:05 - 00000000 ____D C:\Users\georg\AppData\Local\CrashDumps
2013-06-30 06:16 - 2010-07-13 03:45 - 00000000 ____D C:\Program Files (x86)\Acer GameZone
2013-06-30 06:15 - 2013-06-30 06:15 - 00000040 _____ C:\Users\Public\Documents\_rgpl
2013-06-30 06:14 - 2010-07-13 03:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-30 06:10 - 2013-06-30 06:10 - 00003296 _____ C:\Windows\System32\Tasks\4713
2013-06-30 06:10 - 2013-06-30 06:10 - 00003200 _____ C:\Windows\System32\Tasks\0
2013-06-30 06:08 - 2011-03-29 09:20 - 00000000 ____D C:\Users\georg\AppData\Roaming\Skype
2013-06-30 06:08 - 2011-03-29 09:19 - 00000000 ____D C:\ProgramData\Skype
2013-06-30 06:04 - 2013-06-30 06:04 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-06-30 06:04 - 2013-06-30 06:04 - 00000000 ____D C:\Users\georg\AppData\Roaming\AVG2013
2013-06-30 06:04 - 2013-06-30 06:03 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-30 06:03 - 2013-06-30 06:03 - 00000000 ___HD C:\$AVG
2013-06-30 06:03 - 2011-08-09 03:11 - 00000000 ____D C:\Users\georg\AppData\Roaming\TuneUp Software
2013-06-30 06:00 - 2013-06-30 06:00 - 00000000 ____D C:\Users\georg\AppData\Local\MFAData
2013-06-30 05:59 - 2013-06-30 05:58 - 138067312 _____ (AVG Technologies) C:\Users\georg\Downloads\avg_free_x86_all_2013_3345a6382.exe
2013-06-30 05:55 - 2013-06-30 05:55 - 02092792 _____ C:\Users\georg\Downloads\avira_free_antivirus.exe
2013-06-30 05:48 - 2013-05-13 04:22 - 00000866 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-06-30 05:47 - 2011-01-14 15:19 - 00000000 ____D C:\Users\georg\AppData\Local\Google
2013-06-30 05:47 - 2010-07-13 03:56 - 00000000 ____D C:\ProgramData\Google
2013-06-30 05:43 - 2013-02-04 15:04 - 00000000 ____D C:\ProgramData\Avira
2013-06-30 05:42 - 2011-03-01 07:02 - 00000000 ____D C:\Program Files (x86)\audiograbber
2013-06-28 00:10 - 2013-06-28 00:10 - 00449184 _____ C:\Users\georg\Downloads\Setup.exe
2013-06-25 08:08 - 2009-07-13 21:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
C:\ProgramData\rundll32.exe
C:\Users\georg\AppData\Roaming\skype.dat
C:\Users\georg\AppData\Roaming\skype.ini
C:\ProgramData\bldol.bat
C:\ProgramData\bldol.pad
C:\ProgramData\bldol.reg
C:\ProgramData\lodlb.dat
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-06-30 08:48:51
Restore point made on: 2013-06-30 08:49:30
Restore point made on: 2013-07-01 02:02:22
Restore point made on: 2013-07-08 04:36:33
Restore point made on: 2013-07-10 07:42:54
Restore point made on: 2013-07-18 04:58:29
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3958.71 MB
Available physical RAM: 3228.82 MB
Total Pagefile: 3956.86 MB
Available Pagefile: 3217.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:219.18 GB) NTFS (Disk=0 Partition=3)
Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.42 GB) NTFS (Disk=0 Partition=1)
Drive g: (INTENSO) (Removable) (Total:3.63 GB) (Free:3.63 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 1FDF9619)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-07-15 01:20
==================== End Of Log ============================
|
|
25.07.2013, 17:16
| #2 |
| /// the machine /// TB-Ausbilder    | Trojaner GVU Logfile FRST GVU-Trojaner Windows 7 Hi,
__________________Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\georg\...\Run: [ctfmon32.exe] - C:\PROGRA~3\rundll32.exe C:\PROGRA~3\lodlb.dat,XFG00 [44544 2013-07-21] (Microsoft Corporation) <===== ATTENTION
Startup: C:\Users\georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\lodlb.dat ()
2013-07-21 05:08 - 2013-07-25 04:50 - 95023320 ____T C:\ProgramData\bldol.pad
2013-07-21 05:08 - 2013-07-25 04:49 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 05:08 - 2013-07-21 05:08 - 00129024 _____ C:\ProgramData\lodlb.dat
2013-07-21 05:08 - 2013-07-21 05:08 - 00044544 _____ (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-07-21 05:08 - 2013-07-21 05:08 - 00002655 _____ C:\ProgramData\bldol.js
2013-07-21 05:08 - 2013-07-21 05:08 - 00001005 _____ C:\ProgramData\sdaksda.txt
2013-07-21 05:08 - 2013-07-21 05:08 - 00000151 _____ C:\ProgramData\bldol.reg
2013-07-21 05:08 - 2013-07-21 05:08 - 00000056 _____ C:\ProgramData\bldol.bat
C:\ProgramData\FullRemove.exe
C:\ProgramData\rundll32.exe
C:\Users\georg\AppData\Roaming\skype.dat
C:\Users\georg\AppData\Roaming\skype.ini
C:\ProgramData\bldol.bat
C:\ProgramData\bldol.pad
C:\ProgramData\bldol.reg
C:\ProgramData\lodlb.dat
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. neu booten, freuen 
__________________ |
|
| Themen zu Trojaner GVU Logfile FRST GVU-Trojaner Windows 7 |
| acer, association, avast, avg, avira, desktop, explorer, explorer.exe, farbar, farbar recovery scan tool, frst.txt, home, ics, installation, launch, log, logfile, microsoft, mozilla, registry, rundll, scan, services.exe, svchost.exe, system, system32, trojaner, trojaner gvu, windows, windows xp, winlogon.exe |
Linear-Darstellung
