| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner - FRST.txtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.08.2013, 09:32
| #1 |
| |  GVU Trojaner - FRST.txt Hallo! Ich habe mich durch Internet gehangelt und habe FRST.exe bei Windows 7 durchgeführt und folgende Datei bekommen - kann mir jemand helfen??? FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-06-2013 (ATTENTION: FRST version is 80 days old)
Ran by SYSTEM on 23-08-2013 10:11:24
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-25] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [NPSStartup] [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]
HKLM-x32\...\Run: [BrowserPlugInHelper] C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe [x]
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [x]
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\Sunny\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Sunny\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Sunny\...\Run: [AccelerometerSysTrayApplet] "C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe" [75576 2009-07-13] (Hewlett-Packard)
HKU\Sunny\...\Run: [] [x]
HKU\Sunny\...\Run: [Torntv Downloader] C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe /c=startup [x]
HKU\Sunny\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Sunny\AppData\Local\Temp\wlqqhxwywtjapwctp.exe [50688 2013-08-22] (Valve Corporation)
HKU\Sunny\...\Policies\system: [WallpaperStyle] 2
HKU\Sunny\...\Policies\system: [DisableLockWorkstation] 0
HKU\Sunny\...\Policies\system: [DisableChangePassword] 0
HKU\Sunny\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: [0 ] ()
==================== Services (Whitelisted) =================
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
==================== Drivers (Whitelisted) ====================
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-08-20] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-08-20] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130821.003\IDSvia64.sys [520280 2013-08-20] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130822.002\ENG64.SYS [126040 2013-08-15] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130822.002\EX64.SYS [2098776 2013-08-15] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
S1 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [x]
S1 SRTSP; \SystemRoot\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [x]
S1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [x]
S0 SymDS; system32\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA; system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1007020.00B\SYMFW.SYS [x]
S1 SymIRON; \SystemRoot\system32\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1007020.00B\SYMNDISV.SYS [x]
S1 SymNetS; \SystemRoot\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
========================== Drivers MD5 =======================
C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys B3EEACF62445E24FBB2CD4B0FB4DB026
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\FRST
2013-08-22 13:54 - 2013-08-22 13:54 - 00000000 __SHD C:\found.000
2013-08-22 12:40 - 2013-08-22 12:40 - 01084804 ____A C:\Users\Sunny\AppData\Roaming\2433f433
2013-08-22 12:40 - 2013-08-22 12:40 - 01084797 ____A C:\ProgramData\2433f433
2013-08-22 12:40 - 2013-08-22 12:40 - 01084755 ____A C:\Users\Sunny\AppData\Local\2433f433
2013-08-22 12:39 - 2013-08-22 12:39 - 04099857 ____A C:\Users\Sunny\Downloads\G.o.T-S02-E01-E10.part19.rar.part
2013-08-22 11:57 - 2013-08-22 12:33 - 108003328 ____A C:\Users\Sunny\Downloads\G.o.T-S02-E01-E10.part18.rar
2013-08-22 10:44 - 2013-08-22 11:20 - 108003328 ____A C:\Users\Sunny\Downloads\G.o.T-S02-E01-E10.part17.rar
2013-08-22 10:44 - 2013-08-22 11:04 - 63275662 ____A C:\Users\Sunny\Downloads\Stsch20.rar
2013-08-22 09:56 - 2013-08-22 10:33 - 108003328 ____A C:\Users\Sunny\Downloads\G.o.T-S02-E01-E10.part16.rar
2013-08-22 09:04 - 2013-08-22 09:40 - 108003328 ____A C:\Users\Sunny\Downloads\G.o.T-S02-E01-E10.part15.rar
2013-08-22 07:18 - 2013-08-22 07:49 - 108003328 ____A C:\Users\Sunny\Downloads\G.o.T-S02-E01-E10.part14.rar
2013-08-22 07:17 - 2013-08-22 07:40 - 68680690 ____A C:\Users\Sunny\Downloads\Stsch19.rar
2013-08-21 21:53 - 2013-08-21 22:31 - 118422686 ____A C:\Users\Sunny\Downloads\Stsch16.rar
2013-08-21 21:53 - 2013-08-21 22:11 - 108003328 ____A C:\Users\Sunny\Downloads\G.o.T-S02-E01-E10.part13.rar
2013-08-21 10:26 - 2013-08-21 10:26 - 00007984 ____A C:\Users\Sunny\Downloads\conni-h8wvsdm3w0gu.dlc
2013-08-20 09:03 - 2013-08-20 09:03 - 00017048 ____A C:\Users\Sunny\Downloads\Game_of_Thrones_S03_XviD-227a2nmeetlqq.dlc
2013-08-20 09:00 - 2013-08-20 09:00 - 00021720 ____A C:\Users\Sunny\Downloads\31c942ad308113177e42e9d3c41b423b.dlc
2013-08-17 05:20 - 2013-08-22 23:50 - 00001176 ____A C:\Windows\setupact.log
2013-08-17 05:20 - 2013-08-17 05:20 - 00000000 ____A C:\Windows\setuperr.log
2013-08-14 12:43 - 2013-07-25 21:13 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-14 12:43 - 2013-07-25 21:13 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-14 12:43 - 2013-07-25 21:13 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-14 12:43 - 2013-07-25 21:12 - 19239424 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-14 12:43 - 2013-07-25 21:12 - 15405056 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-14 12:43 - 2013-07-25 21:12 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-14 12:43 - 2013-07-25 21:12 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-14 12:43 - 2013-07-25 21:12 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-14 12:43 - 2013-07-25 21:12 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-14 12:43 - 2013-07-25 21:12 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-14 12:43 - 2013-07-25 21:12 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-14 12:43 - 2013-07-25 21:12 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-14 12:43 - 2013-07-25 21:12 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-14 12:43 - 2013-07-25 21:12 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-14 12:43 - 2013-07-25 19:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-14 12:43 - 2013-07-25 19:13 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 12:43 - 2013-07-25 19:13 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 12:43 - 2013-07-25 19:12 - 14329344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 12:43 - 2013-07-25 19:12 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 12:43 - 2013-07-25 19:12 - 02048512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 12:43 - 2013-07-25 19:12 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 12:43 - 2013-07-25 19:12 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 12:43 - 2013-07-25 19:12 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 12:43 - 2013-07-25 19:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 12:43 - 2013-07-25 19:12 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 12:43 - 2013-07-25 19:12 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 12:43 - 2013-07-25 19:11 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 12:43 - 2013-07-25 19:11 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 12:43 - 2013-07-25 18:49 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 12:43 - 2013-07-25 18:39 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-14 12:43 - 2013-07-25 17:59 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 12:31 - 2013-08-14 12:36 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 10:24 - 2013-08-14 10:24 - 00013912 ____A C:\Users\Sunny\Downloads\bz-hberg-iijiodmm1o9a.dlc
2013-08-14 05:34 - 2013-07-25 01:25 - 01888768 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 05:34 - 2013-07-25 00:57 - 01620992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 05:34 - 2013-07-18 17:58 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 05:34 - 2013-07-18 17:41 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 05:34 - 2013-07-08 22:03 - 05550528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-14 05:34 - 2013-07-08 21:54 - 01732032 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-14 05:34 - 2013-07-08 21:53 - 00243712 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-14 05:34 - 2013-07-08 21:52 - 00224256 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 05:34 - 2013-07-08 21:51 - 01217024 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 05:34 - 2013-07-08 21:46 - 01472512 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-14 05:34 - 2013-07-08 21:46 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 05:34 - 2013-07-08 21:46 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 05:34 - 2013-07-08 21:03 - 03968960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 05:34 - 2013-07-08 21:03 - 03913664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 05:34 - 2013-07-08 20:53 - 01292192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 05:34 - 2013-07-08 20:52 - 00663552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 05:34 - 2013-07-08 20:52 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 05:34 - 2013-07-08 20:52 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 05:34 - 2013-07-08 20:46 - 01166848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 05:34 - 2013-07-08 20:46 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 05:34 - 2013-07-08 20:46 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 05:34 - 2013-07-08 18:49 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 05:34 - 2013-07-08 18:49 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 05:34 - 2013-07-08 18:49 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 05:34 - 2013-07-08 18:49 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 05:33 - 2013-07-05 22:03 - 01910208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 05:33 - 2013-06-14 20:32 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-09 02:55 - 2013-08-09 03:01 - 115929465 ____A C:\Users\Sunny\Downloads\05Ponyfee-Tiere.7z
2013-08-09 01:55 - 2013-08-09 02:01 - 116519273 ____A C:\Users\Sunny\Downloads\04Ponyfee-Feenstab.7z
2013-08-09 00:55 - 2013-08-09 01:00 - 104951625 ____A C:\Users\Sunny\Downloads\03Ponyfee-Perlensee.7z
2013-08-09 00:48 - 2013-08-09 00:54 - 104440265 ____A C:\Users\Sunny\Downloads\02Ponyfee-Prinz-Roseninsel.7z
2013-08-08 13:39 - 2013-08-08 13:45 - 108230409 ____A C:\Users\Sunny\Downloads\01Ponyfee-Geheimnis.7z
2013-08-07 10:30 - 2013-08-07 10:30 - 00007640 ____A C:\Users\Sunny\Downloads\ba092e43d14578e3571c44236c1c9c91.dlc
2013-08-06 23:07 - 2013-08-11 11:17 - 00005956 ____A C:\Users\Sunny\Downloads\k8325362cv6kmrl.dlc
2013-08-06 23:06 - 2013-08-06 23:06 - 00003908 ____A C:\Users\Sunny\Downloads\k8325362cv6kmrl-uploaded.net.dlc
2013-08-06 10:01 - 2013-08-06 10:01 - 00024664 ____A C:\Users\Sunny\Downloads\BIBI_Einzeln-d2znaelxiaof.dlc
2013-07-26 12:08 - 2013-07-26 12:08 - 00006488 ____A C:\Users\Sunny\Downloads\Stschw-h3u0ajmtszj.dlc
2013-07-26 12:03 - 2013-07-26 12:03 - 00000136 ____A C:\Users\Sunny\Downloads\uqh3jhlna7175a46.js
==================== One Month Modified Files and Folders =======
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\FRST
2013-08-22 23:51 - 2011-12-26 10:51 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-22 23:50 - 2013-08-17 05:20 - 00001176 ____A C:\Windows\setupact.log
2013-08-22 23:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-08-22 19:40 - 2012-12-18 12:29 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-22 19:38 - 2011-12-26 10:51 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-22 14:07 - 2009-07-13 20:45 - 00023024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-22 14:07 - 2009-07-13 20:45 - 00023024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-22 14:03 - 2009-10-02 15:25 - 01402435 ____A C:\Windows\WindowsUpdate.log
2013-08-22 13:54 - 2013-08-22 13:54 - 00000000 __SHD C:\found.000
2013-08-22 12:40 - 2013-08-22 12:40 - 01084804 ____A C:\Users\Sunny\AppData\Roaming\2433f433
2013-08-22 12:40 - 2013-08-22 12:40 - 01084797 ____A C:\ProgramData\2433f433
2013-08-22 12:40 - 2013-08-22 12:40 - 01084755 ____A C:\Users\Sunny\AppData\Local\2433f433
2013-08-22 12:39 - 2013-08-22 12:39 - 04099857 ____A C:\Users\Sunny\Downloads\G.o.T-S02-E01-E10.part19.rar.part
2013-08-22 12:33 - 2013-08-22 11:57 - 108003328 ____A C:\Users\Sunny\Downloads\G.o.T-S02-E01-E10.part18.rar
2013-08-22 11:20 - 2013-08-22 10:44 - 108003328 ____A C:\Users\Sunny\Downloads\G.o.T-S02-E01-E10.part17.rar
2013-08-22 11:04 - 2013-08-22 10:44 - 63275662 ____A C:\Users\Sunny\Downloads\Stsch20.rar
2013-08-22 10:33 - 2013-08-22 09:56 - 108003328 ____A C:\Users\Sunny\Downloads\G.o.T-S02-E01-E10.part16.rar
2013-08-22 09:40 - 2013-08-22 09:04 - 108003328 ____A C:\Users\Sunny\Downloads\G.o.T-S02-E01-E10.part15.rar
2013-08-22 07:49 - 2013-08-22 07:18 - 108003328 ____A C:\Users\Sunny\Downloads\G.o.T-S02-E01-E10.part14.rar
2013-08-22 07:40 - 2013-08-22 07:17 - 68680690 ____A C:\Users\Sunny\Downloads\Stsch19.rar
2013-08-21 22:31 - 2013-08-21 21:53 - 118422686 ____A C:\Users\Sunny\Downloads\Stsch16.rar
2013-08-21 22:11 - 2013-08-21 21:53 - 108003328 ____A C:\Users\Sunny\Downloads\G.o.T-S02-E01-E10.part13.rar
2013-08-21 10:26 - 2013-08-21 10:26 - 00007984 ____A C:\Users\Sunny\Downloads\conni-h8wvsdm3w0gu.dlc
2013-08-20 10:40 - 2012-12-18 12:29 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 10:40 - 2012-12-18 12:29 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 09:03 - 2013-08-20 09:03 - 00017048 ____A C:\Users\Sunny\Downloads\Game_of_Thrones_S03_XviD-227a2nmeetlqq.dlc
2013-08-20 09:00 - 2013-08-20 09:00 - 00021720 ____A C:\Users\Sunny\Downloads\31c942ad308113177e42e9d3c41b423b.dlc
2013-08-17 05:20 - 2013-08-17 05:20 - 00000000 ____A C:\Windows\setuperr.log
2013-08-16 13:37 - 2009-07-24 22:11 - 00000000 ____D C:\Windows\Panther
2013-08-16 05:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 23:30 - 2009-08-25 18:42 - 00657948 ____A C:\Windows\System32\perfh007.dat
2013-08-15 23:30 - 2009-08-25 18:42 - 00131288 ____A C:\Windows\System32\perfc007.dat
2013-08-15 23:30 - 2009-07-13 21:13 - 01507502 ____A C:\Windows\System32\PerfStringBackup.INI
2013-08-14 12:43 - 2009-08-25 10:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 12:36 - 2013-08-14 12:31 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 12:31 - 2010-01-03 04:45 - 78161360 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-14 10:24 - 2013-08-14 10:24 - 00013912 ____A C:\Users\Sunny\Downloads\bz-hberg-iijiodmm1o9a.dlc
2013-08-14 05:35 - 2010-03-04 10:57 - 00000000 ____D C:\Users\Sunny\AppData\Local\CrashDumps
2013-08-11 11:17 - 2013-08-06 23:07 - 00005956 ____A C:\Users\Sunny\Downloads\k8325362cv6kmrl.dlc
2013-08-09 03:01 - 2013-08-09 02:55 - 115929465 ____A C:\Users\Sunny\Downloads\05Ponyfee-Tiere.7z
2013-08-09 02:01 - 2013-08-09 01:55 - 116519273 ____A C:\Users\Sunny\Downloads\04Ponyfee-Feenstab.7z
2013-08-09 01:00 - 2013-08-09 00:55 - 104951625 ____A C:\Users\Sunny\Downloads\03Ponyfee-Perlensee.7z
2013-08-09 00:54 - 2013-08-09 00:48 - 104440265 ____A C:\Users\Sunny\Downloads\02Ponyfee-Prinz-Roseninsel.7z
2013-08-08 13:45 - 2013-08-08 13:39 - 108230409 ____A C:\Users\Sunny\Downloads\01Ponyfee-Geheimnis.7z
2013-08-07 10:30 - 2013-08-07 10:30 - 00007640 ____A C:\Users\Sunny\Downloads\ba092e43d14578e3571c44236c1c9c91.dlc
2013-08-06 23:06 - 2013-08-06 23:06 - 00003908 ____A C:\Users\Sunny\Downloads\k8325362cv6kmrl-uploaded.net.dlc
2013-08-06 11:17 - 2012-02-19 12:16 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-08-06 10:01 - 2013-08-06 10:01 - 00024664 ____A C:\Users\Sunny\Downloads\BIBI_Einzeln-d2znaelxiaof.dlc
2013-08-04 10:36 - 2013-07-10 10:17 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-02 22:41 - 2009-12-17 11:41 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-02 06:50 - 2009-07-13 21:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-26 12:08 - 2013-07-26 12:08 - 00006488 ____A C:\Users\Sunny\Downloads\Stschw-h3u0ajmtszj.dlc
2013-07-26 12:03 - 2013-07-26 12:03 - 00000136 ____A C:\Users\Sunny\Downloads\uqh3jhlna7175a46.js
2013-07-25 21:13 - 2013-08-14 12:43 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-25 21:13 - 2013-08-14 12:43 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-25 21:13 - 2013-08-14 12:43 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-25 21:12 - 2013-08-14 12:43 - 19239424 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-25 21:12 - 2013-08-14 12:43 - 15405056 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-25 21:12 - 2013-08-14 12:43 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-25 21:12 - 2013-08-14 12:43 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-25 21:12 - 2013-08-14 12:43 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-25 21:12 - 2013-08-14 12:43 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-25 21:12 - 2013-08-14 12:43 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-25 21:12 - 2013-08-14 12:43 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-25 21:12 - 2013-08-14 12:43 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-25 21:12 - 2013-08-14 12:43 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-25 21:12 - 2013-08-14 12:43 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-25 19:35 - 2013-08-14 12:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-25 19:13 - 2013-08-14 12:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 19:13 - 2013-08-14 12:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 19:12 - 2013-08-14 12:43 - 14329344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 19:12 - 2013-08-14 12:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 19:12 - 2013-08-14 12:43 - 02048512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 19:12 - 2013-08-14 12:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 19:12 - 2013-08-14 12:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 19:12 - 2013-08-14 12:43 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 19:12 - 2013-08-14 12:43 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-25 19:12 - 2013-08-14 12:43 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-25 19:12 - 2013-08-14 12:43 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 19:11 - 2013-08-14 12:43 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 19:11 - 2013-08-14 12:43 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-25 18:49 - 2013-08-14 12:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 18:39 - 2013-08-14 12:43 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-25 17:59 - 2013-08-14 12:43 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 01:25 - 2013-08-14 05:34 - 01888768 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-25 00:57 - 2013-08-14 05:34 - 01620992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
Files to move or delete:
====================
C:\Users\Sunny\wrar410d.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-08-14 12:29:52
Restore point made on: 2013-08-21 14:00:21
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=Y:
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
extendedinput Yes
default {default}
resumeobject {f04f848d-78e1-11de-b692-abbf25df600e}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {current}
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{075b10b4-affd-11de-898c-814322c93442}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{075b10b4-affd-11de-898c-814322c93442}
systemroot \windows
nx OptIn
winpe Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {572bcd60-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description Microsoft Windows PE 2.0
osdevice ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot \windows
detecthal Yes
winpe Yes
ems Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {f04f848d-78e1-11de-b692-abbf25df600e}
nx OptIn
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {f04f848d-78e1-11de-b692-abbf25df600e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {075b10b4-affd-11de-898c-814322c93442}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
Optionen zum RAM-Datentr„gersetup
---------------------------------
Bezeichner {ramdiskoptions}
description Ramdisk Options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 4092.2 MB
Available physical RAM: 3352.11 MB
Total Pagefile: 4090.35 MB
Available Pagefile: 3341.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:452.23 GB) (Free:286.61 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:13.24 GB) (Free:2.21 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)
Drive h: () (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2BCBFB6B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (Size: 481 MB) (Disk ID: 00625660)
Partition 1: (Active) - (Size=481 MB) - (Type=06)
Last Boot: 2013-08-21 14:35
==================== End Of Log ============================
|
|
23.08.2013, 09:48
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU Trojaner - FRST.txt Hallo und
__________________ Zitat:
 Mit dubiosen/illegalen Downloads begibt man sich schnell auf dünnes Eis! Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Sunny\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Sunny\AppData\Local\Temp\wlqqhxwywtjapwctp.exe [50688 2013-08-22] (Valve Corporation)
HKU\Sunny\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
C:\found.000
C:\Users\Sunny\AppData\Local\Temp\wlqqhxwywtjapwctp.exe
C:\Users\Sunny\wrar410d.exe
C:\Users\Sunny\Downloads\conni-h8wvsdm3w0gu.dlc
C:\Users\Sunny\Downloads\bz-hberg-iijiodmm1o9a.dlc
C:\ProgramData\2433f433
C:\Users\Sunny\AppData\Roaming\2433f433
C:\Users\Sunny\AppData\Local\2433f433
C:\Users\Sunny\Downloads\Stschw-h3u0ajmtszj.dlc
C:\Users\Sunny\Downloads\uqh3jhlna7175a46.js
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ |
|
23.08.2013, 11:54
| #3 |
| | GVU Trojaner - FRST.txt Du hast recht
__________________ wurde jetzt auch dafür bestraft und zeige Reue Trotzdem danke mache gerade eine Datensicherung, wenn die fertig ist sende ich den Text Also zumindest startete Windows und ich konnte ein paar Dateien sichern. Ich habe auf der Arbeit die Möglichkeit es unserer IT zu geben, die sind weitaus fähiger als ich aber vielleicht kannst Du trotzdem nocheinmal drüber guckenVielen Dank Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-06-2013 Ran by SYSTEM at 2013-08-23 12:45:08 Run:1 Running from H:\ Boot Mode: Recovery ============================================== HKEY_USERS\Sunny\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value not found. HKEY_USERS\Sunny\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found. C:\found.000 => Moved successfully. C:\Users\Sunny\AppData\Local\Temp\wlqqhxwywtjapwctp.exe => File/Directory not found. C:\Users\Sunny\wrar410d.exe => Moved successfully. C:\Users\Sunny\Downloads\conni-h8wvsdm3w0gu.dlc => File/Directory not found. C:\Users\Sunny\Downloads\bz-hberg-iijiodmm1o9a.dlc => File/Directory not found. C:\ProgramData\2433f433 => Moved successfully. C:\Users\Sunny\AppData\Roaming\2433f433 => Moved successfully. C:\Users\Sunny\AppData\Local\2433f433 => Moved successfully. C:\Users\Sunny\Downloads\Stschw-h3u0ajmtszj.dlc => File/Directory not found. C:\Users\Sunny\Downloads\uqh3jhlna7175a46.js => File/Directory not found. ==== End of Fixlog ==== |
|
23.08.2013, 11:59
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner - FRST.txtZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.08.2013, 17:29
| #5 |
| | GVU Trojaner - FRST.txt Ja wenn ich lieb bitte  Danke für deine Hilfe, habe mich irgendwie *da stehen dir wahrscheinlich die haare zu berge* durchgehangelt und alles platt gemacht! Kannst Du mir noch sagen, wenn ich alles neu gemacht habe, ob dann auch wirklich alles weg ist |
|
| Themen zu GVU Trojaner - FRST.txt |
| adobe, adobe flash player, association, autorun, bootmgr, converter, downloader, explorer, farbar, farbar recovery scan tool, flash player, helper, home, internet, launch, log, microsoft, neu, registry, security, services.exe, software, svchost.exe, symantec, system, temp, trojaner, windows, winlogon, winlogon.exe |
Linear-Darstellung
