Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7: GVU Trojaner

Windows 7: GVU Trojaner


Log-Analyse und Auswertung: Windows 7: GVU Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.10.2013, 13:49   #1
m.dachs1
 
Windows 7: GVU Trojaner - Standard

Windows 7: GVU Trojaner


Hallo,
Ich habe einen infizierten Rechner. Die Methode mit dem abgesicherten Modus funktioniert nicht, da es automatisch wieder herunterfährt. Das Betriebssystem ist Windows 7 64bit. Ich hoffe, jemand kann mir bei der Lösung des Problems helfen. Ich habe mit FRST64 einen Scan durchgeführt.
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-DE2CGNS on 03-10-2013 20:47:26
Running from I:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VIAAUD] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files (x86)\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [398944 2006-10-17] (CANON INC.)
Winlogon\Notify\avldr: C:\Windows\system32\avldr64.dll (On-Access Anti-Malware Scanner Sync)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-16] (Bitleader)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2009-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APVXDWIN] - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE [1000768 2011-04-13] (Panda Security, S.L.)
HKLM-x32\...\Run: [SCANINICIO] - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\Inicio.exe [70464 2011-02-02] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
HKLM-x32\...\Run: [PowerDVD12DMREngine] - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [505096 2013-03-04] (CyberLink)
HKLM-x32\...\Run: [PowerDVD12Agent] - C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [373784 2013-03-04] (CyberLink Corp.)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-08] (RealNetworks, Inc.)
HKU\Peter_Blu\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\Peter_Blu\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-28] (Google Inc.)
HKU\Peter_Blu\...\Run: [Userinit] - C:\Users\Peter_Blu\AppData\Roaming\appconf32.exe
HKU\Peter_Blu\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Peter_Blu\AppData\Local\Temp\~tmf5575939007183080673.dll [102400 2013-10-03] (ValveCorporation) <===== ATTENTION
HKU\Peter_Blu\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Peter_Blu\...\Command Processor: "C:\Users\PETER_~1\AppData\Local\Temp\~tmf5575939007183080673.dll" <===== ATTENTION!
HKU\user\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
Startup: C:\Users\Peter_Blu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ShortcutTarget: ctfmon.lnk -> C:\Users\PETER_~1\AppData\Local\Temp\install_0_msi.exe (No File)

==================== Services (Whitelisted) =================

S2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-03-04] (CyberLink Corp.)
S2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-03-04] (CyberLink)
S2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-03-04] (CyberLink)
S2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
S2 Panda Software Controller; C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsCtrls.exe [173312 2009-08-10] (Panda Security, S.L.)
S2 PAVFNSVR; C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PavFnSvr.exe [202016 2012-10-17] (Panda Security, S.L.)
S2 PavPrSrv; C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.)
S2 PAVSRV; C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\pavsrvx86.exe [314176 2010-06-04] (Panda Security, S.L.)
S2 PSHost; c:\program files (x86)\panda security\panda internet security 2012\firewall\PSHOST.EXE [226560 2009-11-26] (Panda Security International)
S2 PSIMSVC; C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.)
S2 PskSvcRetail; C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
S2 TPSrv; C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\TPSrvWow.exe [173344 2012-11-16] (Panda Security, S.L.)
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [65608 2010-05-21] (Panda Security, S.L.)
S2 APPFLT; C:\Windows\system32\Drivers\APPFLT64.SYS [129096 2011-01-31] (Panda Security, S.L.)
S2 ComFiltr; C:\Windows\system32\DRIVERS\COMFiltr.sys [15928 2012-08-26] ()
S2 ComFiltr; C:\Windows\system32\DRIVERS\COMFiltr.sys [15928 2012-08-26] ()
S2 DSAFLT; C:\Windows\system32\Drivers\DSAFLT64.SYS [82952 2009-09-25] (Panda Security, S.L.)
S2 FNETMON; C:\Windows\system32\Drivers\fnetm64.SYS [31752 2009-09-25] (Panda Security, S.L.)
S2 IDSFLT; C:\Windows\system32\Drivers\IDSFLT64.SYS [78920 2010-09-09] (Panda Security, S.L.)
S2 NETFLTDI; C:\Windows\system32\Drivers\NETTDI64.SYS [170504 2009-09-25] (Panda Security, S.L.)
S3 NETIMFLT01060044; C:\Windows\System32\DRIVERS\n64i1644.sys [216648 2010-09-01] (Panda Security, S.L.)
S2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.)
S2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.)
S0 pavboot; C:\Windows\System32\Drivers\pavboot64.sys [30792 2010-06-22] (Panda Security, S.L.)
S1 ShldFlt; C:\Windows\System32\DRIVERS\ShldFlt.sys [48136 2009-10-27] (Panda Security, S.L.)
S2 WNMFLT; C:\Windows\system32\Drivers\WNMFLT64.SYS [74760 2009-09-25] (Panda Security, S.L.)
S2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2013-03-04] (CyberLink Corp.)
S2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2013-03-04] (CyberLink Corp.)
S3 PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys [x]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-03 20:46 - 2013-10-03 20:46 - 00000000 ____D C:\FRST
2013-10-03 17:42 - 2013-10-03 17:42 - 00394574 _____ C:\Users\Peter_Blu\AppData\Roaming\2433f433
2013-10-03 17:42 - 2013-10-03 17:42 - 00394557 _____ C:\Users\Peter_Blu\AppData\Local\2433f433
2013-10-03 17:42 - 2013-10-03 17:42 - 00394543 _____ C:\ProgramData\2433f433
2013-10-01 01:40 - 2013-10-01 01:42 - 66130082 _____ C:\Users\Peter_Blu\Downloads\Dixie_Chicks-Playlist-The_Very_Best_Of-2010-XXL.rar
2013-10-01 01:37 - 2013-10-01 01:40 - 78739272 _____ C:\Users\Peter_Blu\Downloads\Emmelie_de_Forest-Only_Teardrops-2013-KLV.rar
2013-10-01 01:35 - 2013-10-01 01:38 - 125339906 _____ C:\Users\Peter_Blu\Downloads\Kate_Miller-Heidke-Nightflight-2CD-2012-pLAN9.rar
2013-10-01 01:25 - 2013-10-01 01:28 - 104484817 _____ C:\Users\Peter_Blu\Downloads\Of_Monsters_And_Men-My_Head_Is_An_Animal-_Universal_Edition_-2012-pLAN9.rar
2013-10-01 01:19 - 2013-10-01 01:23 - 108299116 _____ C:\Users\Peter_Blu\Downloads\VNV_Nation-Automatic-2011-FWYH.rar
2013-10-01 00:45 - 2013-10-01 00:45 - 00002404 _____ C:\Users\Peter_Blu\Downloads\softcam_gigablue_04_2012.zip
2013-10-01 00:39 - 2013-10-01 00:39 - 00005464 _____ C:\Users\Peter_Blu\Downloads\SoftCam_09_2013.zip
2013-10-01 00:34 - 2009-11-09 12:21 - 00000000 ____D C:\Users\Peter_Blu\Downloads\Allgemeine Erklärung zum Cardsharing
2013-10-01 00:33 - 2013-10-01 00:33 - 00075020 _____ C:\Users\Peter_Blu\Downloads\Allgemeine Erklärung zum Cardsharing.rar
2013-10-01 00:30 - 2013-10-01 00:30 - 13778501 _____ C:\Users\Peter_Blu\Downloads\Starthilfe für Gigablue-anleitung.rar
2013-10-01 00:11 - 2011-08-05 01:52 - 00000000 ____D C:\Users\Peter_Blu\Downloads\sorglospaket GigaBlue-Unicam
2013-10-01 00:10 - 2013-10-01 00:10 - 15109605 _____ C:\Users\Peter_Blu\Downloads\sorglospaket GigaBlue-Unicam.rar
2013-09-21 14:38 - 2013-09-21 14:38 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-14 12:04 - 2013-08-10 06:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-14 12:04 - 2013-08-10 06:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-14 12:04 - 2013-08-10 06:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-14 12:04 - 2013-08-10 06:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-14 12:04 - 2013-08-10 06:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-14 12:04 - 2013-08-10 06:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-14 12:04 - 2013-08-10 06:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-14 12:04 - 2013-08-10 06:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-14 12:04 - 2013-08-10 06:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-14 12:04 - 2013-08-10 06:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-14 12:04 - 2013-08-10 06:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-14 12:04 - 2013-08-10 06:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-14 12:04 - 2013-08-10 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-14 12:04 - 2013-08-10 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-14 12:04 - 2013-08-10 04:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-14 12:04 - 2013-08-10 04:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-14 12:04 - 2013-08-10 04:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-14 12:04 - 2013-08-10 04:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-14 12:04 - 2013-08-10 04:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-14 12:04 - 2013-08-10 04:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-14 12:04 - 2013-08-10 04:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-14 12:04 - 2013-08-10 04:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-14 12:04 - 2013-08-10 04:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-14 12:04 - 2013-08-10 04:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-14 12:04 - 2013-08-10 04:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-14 12:04 - 2013-08-10 04:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-14 12:04 - 2013-08-10 04:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-14 12:04 - 2013-08-10 04:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-14 12:04 - 2013-08-10 04:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-14 12:04 - 2013-08-10 03:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-14 12:04 - 2013-08-10 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-14 11:37 - 2013-08-08 02:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-14 11:37 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-09-14 11:37 - 2013-08-02 03:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-09-14 11:37 - 2013-08-02 03:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-09-14 11:37 - 2013-08-02 03:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-09-14 11:37 - 2013-08-02 03:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-09-14 11:37 - 2013-08-02 03:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-09-14 11:37 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-14 11:37 - 2013-08-02 03:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-09-14 11:37 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-14 11:37 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-14 11:37 - 2013-08-02 02:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-14 11:37 - 2013-08-02 02:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-14 11:37 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-14 11:37 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-14 11:37 - 2013-08-02 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-14 11:37 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-09-14 11:37 - 2013-08-02 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-14 11:37 - 2013-08-02 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-14 11:37 - 2013-08-02 01:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-14 11:37 - 2013-08-02 01:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-14 11:37 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-14 11:37 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-14 11:37 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-14 11:37 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-14 11:37 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-14 11:37 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-08 18:28 - 2013-09-08 18:28 - 00001132 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-09-08 18:28 - 2013-09-08 18:28 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-08 18:28 - 2013-09-08 18:28 - 00000000 ____D C:\Program Files (x86)\RealNetworks

==================== One Month Modified Files and Folders =======

2013-10-03 20:46 - 2013-10-03 20:46 - 00000000 ____D C:\FRST
2013-10-03 17:51 - 2012-08-26 23:27 - 00000056 _____ C:\Windows\System32\Drivers\etc\NetAR.wlt.bck
2013-10-03 17:51 - 2012-08-26 23:27 - 00000056 _____ C:\Windows\System32\Drivers\etc\NetAR.wlt
2013-10-03 17:51 - 2012-08-26 23:21 - 00000120 _____ C:\Windows\System32\Drivers\etc\NetAdapt.cfg
2013-10-03 17:51 - 2012-08-26 23:18 - 00000056 _____ C:\Windows\System32\Drivers\etc\WnmFlt.cfg.bck
2013-10-03 17:51 - 2012-08-26 23:18 - 00000056 _____ C:\Windows\System32\Drivers\etc\WnmFlt.cfg
2013-10-03 17:51 - 2012-08-26 23:18 - 00000056 _____ C:\Windows\System32\Drivers\etc\DsaFlt.cfg.bck
2013-10-03 17:51 - 2012-08-26 23:18 - 00000056 _____ C:\Windows\System32\Drivers\etc\DsaFlt.cfg
2013-10-03 17:51 - 2012-08-26 23:17 - 00000252 _____ C:\Windows\System32\Drivers\etc\IdsFlt.cfg.bck
2013-10-03 17:51 - 2012-08-26 23:17 - 00000252 _____ C:\Windows\System32\Drivers\etc\IdsFlt.cfg
2013-10-03 17:51 - 2012-08-26 23:17 - 00000068 _____ C:\Windows\System32\Drivers\etc\NetFlt.cfg.bck
2013-10-03 17:51 - 2012-08-26 23:17 - 00000068 _____ C:\Windows\System32\Drivers\etc\NetFlt.cfg
2013-10-03 17:51 - 2012-08-26 23:13 - 00001132 _____ C:\Windows\System32\Drivers\APPFLTR.CFG.bck
2013-10-03 17:51 - 2012-08-26 23:13 - 00001132 _____ C:\Windows\System32\Drivers\APPFLTR.CFG
2013-10-03 17:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-03 17:51 - 2009-07-14 05:51 - 00104149 _____ C:\Windows\setupact.log
2013-10-03 17:46 - 2013-08-15 09:35 - 00003378 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-601144163-1167008621-3127105215-1001
2013-10-03 17:46 - 2013-01-06 14:51 - 00003252 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-601144163-1167008621-3127105215-1001
2013-10-03 17:46 - 2011-03-28 23:44 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-03 17:45 - 2012-08-26 23:21 - 00000080 _____ C:\Windows\System32\Drivers\etc\NetLoc.wlt
2013-10-03 17:43 - 2011-03-26 21:36 - 01399520 _____ C:\Windows\WindowsUpdate.log
2013-10-03 17:42 - 2013-10-03 17:42 - 00394574 _____ C:\Users\Peter_Blu\AppData\Roaming\2433f433
2013-10-03 17:42 - 2013-10-03 17:42 - 00394557 _____ C:\Users\Peter_Blu\AppData\Local\2433f433
2013-10-03 17:42 - 2013-10-03 17:42 - 00394543 _____ C:\ProgramData\2433f433
2013-10-03 17:37 - 2012-08-31 21:35 - 00008627 _____ C:\Windows\SysWOW64\PAV_FOG.OPC
2013-10-03 17:37 - 2012-08-26 23:21 - 00000080 _____ C:\Windows\System32\Drivers\etc\NetLoc.wlt.bck
2013-10-03 17:09 - 2012-04-09 12:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-03 16:50 - 2011-03-28 23:44 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-03 16:46 - 2012-08-26 23:21 - 00000120 _____ C:\Windows\System32\Drivers\etc\NetAdapt.cfg.bck
2013-10-03 15:13 - 2009-07-14 05:45 - 00018336 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-03 15:13 - 2009-07-14 05:45 - 00018336 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-03 15:12 - 2012-08-26 23:13 - 00371796 _____ C:\Windows\System32\Drivers\APPFCONT.DAT.bck
2013-10-03 15:12 - 2012-08-26 23:13 - 00371796 _____ C:\Windows\System32\Drivers\APPFCONT.DAT
2013-10-03 15:12 - 2012-08-26 23:13 - 00303044 _____ C:\Windows\System32\Drivers\etc\DsaFlt.rls.bck
2013-10-03 15:12 - 2012-08-26 23:13 - 00303044 _____ C:\Windows\System32\Drivers\etc\DsaFlt.rls
2013-10-03 15:12 - 2011-03-28 01:02 - 00000373 _____ C:\Windows\lgfwup.ini
2013-10-03 15:12 - 2011-03-28 01:02 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2013-10-01 01:42 - 2013-10-01 01:40 - 66130082 _____ C:\Users\Peter_Blu\Downloads\Dixie_Chicks-Playlist-The_Very_Best_Of-2010-XXL.rar
2013-10-01 01:40 - 2013-10-01 01:37 - 78739272 _____ C:\Users\Peter_Blu\Downloads\Emmelie_de_Forest-Only_Teardrops-2013-KLV.rar
2013-10-01 01:38 - 2013-10-01 01:35 - 125339906 _____ C:\Users\Peter_Blu\Downloads\Kate_Miller-Heidke-Nightflight-2CD-2012-pLAN9.rar
2013-10-01 01:28 - 2013-10-01 01:25 - 104484817 _____ C:\Users\Peter_Blu\Downloads\Of_Monsters_And_Men-My_Head_Is_An_Animal-_Universal_Edition_-2012-pLAN9.rar
2013-10-01 01:23 - 2013-10-01 01:19 - 108299116 _____ C:\Users\Peter_Blu\Downloads\VNV_Nation-Automatic-2011-FWYH.rar
2013-10-01 00:45 - 2013-10-01 00:45 - 00002404 _____ C:\Users\Peter_Blu\Downloads\softcam_gigablue_04_2012.zip
2013-10-01 00:39 - 2013-10-01 00:39 - 00005464 _____ C:\Users\Peter_Blu\Downloads\SoftCam_09_2013.zip
2013-10-01 00:33 - 2013-10-01 00:33 - 00075020 _____ C:\Users\Peter_Blu\Downloads\Allgemeine Erklärung zum Cardsharing.rar
2013-10-01 00:30 - 2013-10-01 00:30 - 13778501 _____ C:\Users\Peter_Blu\Downloads\Starthilfe für Gigablue-anleitung.rar
2013-10-01 00:10 - 2013-10-01 00:10 - 15109605 _____ C:\Users\Peter_Blu\Downloads\sorglospaket GigaBlue-Unicam.rar
2013-09-30 02:00 - 2013-07-20 16:49 - 00003356 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-601144163-1167008621-3127105215-1001
2013-09-30 02:00 - 2013-06-28 22:20 - 00003230 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-601144163-1167008621-3127105215-1001
2013-09-21 14:38 - 2013-09-21 14:38 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-21 14:38 - 2011-03-26 15:54 - 00000000 ____D C:\Users\Peter_Blu\AppData\Roaming\vlc
2013-09-21 10:53 - 2011-06-25 12:17 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-20 00:22 - 2012-04-09 12:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 00:22 - 2012-04-09 12:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 00:22 - 2011-05-19 23:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-17 00:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-09-16 23:25 - 2013-01-06 14:51 - 00003398 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-601144163-1167008621-3127105215-1001
2013-09-16 21:17 - 2009-07-14 05:45 - 00444808 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-14 12:02 - 2013-08-15 18:02 - 00000000 ____D C:\Windows\System32\MRT
2013-09-14 12:02 - 2011-10-02 23:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-14 12:02 - 2011-04-02 22:05 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-08 18:28 - 2013-09-08 18:28 - 00001132 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-09-08 18:28 - 2013-09-08 18:28 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-08 18:28 - 2013-09-08 18:28 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-09-08 18:28 - 2012-10-12 20:01 - 00000000 ____D C:\Users\Peter_Blu\AppData\Roaming\RealNetworks
2013-09-08 18:27 - 2012-12-31 02:07 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-09-08 18:27 - 2012-12-31 02:07 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-09-08 18:27 - 2012-12-31 02:07 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-09-08 18:27 - 2012-12-31 02:07 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-09-08 18:27 - 2011-03-28 23:44 - 00000000 ____D C:\ProgramData\Real
2013-09-08 18:27 - 2011-03-28 23:44 - 00000000 ____D C:\Program Files (x86)\Real

Files to move or delete:
====================
C:\Users\Peter_Blu\AppData\Local\Temp\~tmf5575939007183080673.dll
C:\ProgramData\00etadpu.pad
C:\ProgramData\ism_0_llatsni.pad


Some content of TEMP:
====================
C:\Users\Peter_Blu\AppData\Local\Temp\3leqj0wl.dll
C:\Users\Peter_Blu\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Peter_Blu\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Peter_Blu\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Peter_Blu\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Peter_Blu\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Peter_Blu\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Peter_Blu\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Peter_Blu\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Peter_Blu\AppData\Local\Temp\ose00000.exe
C:\Users\Peter_Blu\AppData\Local\Temp\stubhelper.dll
C:\Users\Peter_Blu\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Peter_Blu\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Peter_Blu\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Peter_Blu\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Peter_Blu\AppData\Local\Temp\webyeryb3460vavaw.exe
C:\Users\Peter_Blu\AppData\Local\Temp\~tmf5575939007183080673.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

22
Restore point made on: 2013-06-25 13:38:25
Restore point made on: 2013-06-28 20:55:57
Restore point made on: 2013-07-10 23:48:12
Restore point made on: 2013-07-13 09:42:25
Restore point made on: 2013-07-13 10:16:23
Restore point made on: 2013-07-19 11:17:28
Restore point made on: 2013-07-23 21:26:20
Restore point made on: 2013-07-27 11:43:23
Restore point made on: 2013-08-06 14:40:58
Restore point made on: 2013-08-14 12:54:59
Restore point made on: 2013-08-15 09:27:34
Restore point made on: 2013-08-15 18:00:57
Restore point made on: 2013-08-23 10:38:01
Restore point made on: 2013-08-29 23:19:50
Restore point made on: 2013-09-03 22:54:03
Restore point made on: 2013-09-07 11:43:54
Restore point made on: 2013-09-14 11:31:08
Restore point made on: 2013-09-14 11:57:50
Restore point made on: 2013-09-17 21:25:02
Restore point made on: 2013-09-21 10:37:26
Restore point made on: 2013-09-25 22:24:17
Restore point made on: 2013-10-01 20:10:48

==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 8191.37 MB
Available physical RAM: 7267.91 MB
Total Pagefile: 8189.52 MB
Available Pagefile: 7261.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:241.31 GB) (Free:20.57 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.36 GB) (Free:0.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Volume) (Fixed) (Total:886.45 GB) (Free:0.65 GB) NTFS
Drive g: (Volume) (Fixed) (Total:224.09 GB) (Free:48.58 GB) NTFS
Drive i: () (Removable) (Total:3.91 GB) (Free:3.9 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Volume) (Fixed) (Total:976.56 GB) (Free:8.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FEC98C99)
Partition 1: (Not Active) - (Size=977 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=886 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CD52802E)
Partition 1: (Active) - (Size=369 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=241 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 6FF17495)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-10-02 01:38

==================== End Of Log ============================

 

Themen zu Windows 7: GVU Trojaner
.dll, abgesicherten modus funktioniert nicht, adobe, adobe flash player, association, canon, desktop, downloader, explorer, explorer.exe, farbar, farbar recovery scan tool, firewall, flash player, infizierte, microsoft, pup.keygen.intro, realplayer, registry, security, services.exe, software, svchost.exe, trojan.agent.ed, trojan.banker, trojaner, winlogon.exe


« adserverplus.com | GVU Trojaner (abgesicherter modus funktioniert nicht) »


Ähnliche Themen: Windows 7: GVU Trojaner


  1. Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002
    Log-Analyse und Auswertung - 11.09.2015 (60)
  2. Windows 7: Trojaner - Windows Updates, Firewall defekt
    Log-Analyse und Auswertung - 20.03.2015 (24)
  3. Windows 7: Nach BKA Trojaner Fehlermeldung beim Starten, Windows Sicherheitscenter kann nicht gestartet werden
    Log-Analyse und Auswertung - 18.11.2014 (9)
  4. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  5. windows verschlüsselungs Flirtfever-Trojaner, Windows XP
    Log-Analyse und Auswertung - 13.06.2012 (1)
  6. Nach BKA Trojaner, Windows Firewall deaktiviert sich (Windows XP)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  7. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  8. UKash Windows Secure Trojaner mit Windows XP eingefangen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  9. Windows Notfall Sicherheits Update Center - Windows XP Trojaner
    Log-Analyse und Auswertung - 21.05.2012 (2)
  10. Windows-Verschlüsselungs-Trojaner unter Windows XP
    Log-Analyse und Auswertung - 16.05.2012 (9)
  11. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  12. Windows-Verschlüsselungs Trojaner Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (10)
  13. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  14. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  15. 'Windows Security Center' Trojaner - Windows-Benutzer gesperrt !
    Log-Analyse und Auswertung - 16.03.2012 (5)
  16. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)
  17. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: GVU Trojaner - Hallo, Ich habe einen infizierten Rechner. Die Methode mit dem abgesicherten Modus funktioniert nicht, da es automatisch wieder herunterfährt. Das Betriebssystem ist Windows 7 64bit. Ich hoffe, jemand kann mir - Windows 7: GVU Trojaner...
Archiv
Du betrachtest: Windows 7: GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131