Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner - Windows7

GVU Trojaner - Windows7


Log-Analyse und Auswertung: GVU Trojaner - Windows7

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 20.01.2014, 16:59   #1
LinkesAuge
 
GVU Trojaner - Windows7 - Standard

GVU Trojaner - Windows7


Ich habe mir den GVU-Trojaner eingefangen und jetzt wie hier beschrieben FRST laufen lassen.
Folgend das Log und ich wäre für Vorschläge zur weiteren Vorgehensweise sehr dankbar:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04
Ran by SYSTEM on MININT-E4FKD4P on 20-01-2014 16:46:57
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-01] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Shell] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 2014-01-20] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 ] () <=== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoViewContextMenu] 1
HKLM\...\Policies\Explorer: [NoDesktop] 1 <===== ATTENTION
HKU\Leinad\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTAgent.exe [3111456 2013-05-13] (Disc Soft Ltd)
HKU\Leinad\...\Run: [Windows Update Service] - C:\ProgramData\Windows Update Service0\odoaztybt.exe [52428800 2013-09-17] (Alexander Roshal.)
HKU\Leinad\...\Run: [GoogleChromeAutoLaunch_7AD2AFED9D39E992AEB379F21168A69A] - C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe [866584 2014-01-11] (Google Inc.)
HKU\Leinad\...\Run: [LightShot] - C:\Users\Leinad\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-09-27] ()
HKU\Leinad\...\Policies\system: [DisableTaskMgr] 1
HKU\Leinad\...\Policies\system: [DisableRegistryTools] 1
HKU\Leinad\...\Winlogon: [Userinit] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 2014-01-20] ()
HKU\Leinad\...\Winlogon: [Shell] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 2014-01-20] () <==== ATTENTION 
IFEO\rstrui.exe: [Debugger] bzs_.exe
Startup: C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk ->  (No File)

==================== Services (Whitelisted) =================

S2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [204288 2012-08-02] (Broadcom Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2552176 2012-09-14] (O&O Software GmbH)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-13] (DT Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-07-12] ()
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [190232 2010-08-05] (Windows (R) Win 7 DDK provider)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 athr; system32\DRIVERS\athrx.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-20 17:27 - 2014-01-20 17:30 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2014-01-20 16:46 - 2014-01-20 16:46 - 00000000 ____D C:\FRST
2014-01-15 22:58 - 2014-01-20 07:22 - 00000390 _____ C:\Windows\Tasks\update-sys.job
2014-01-15 22:58 - 2014-01-20 06:45 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001.job
2014-01-15 22:58 - 2014-01-15 22:58 - 02727456 _____ (Skillbrains                                                 ) C:\Users\Leinad\Downloads\setup-lightshot.exe
2014-01-15 22:58 - 2014-01-15 22:58 - 00003286 _____ C:\Windows\System32\Tasks\update-sys
2014-01-15 22:58 - 2014-01-15 22:58 - 00003266 _____ C:\Windows\System32\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001
2014-01-15 22:58 - 2014-01-15 22:58 - 00000443 _____ C:\Users\Leinad\AppData\Local\UserProducts.xml
2014-01-15 22:58 - 2014-01-15 22:58 - 00000003 _____ C:\Users\Leinad\AppData\Local\updater.log
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Users\Leinad\AppData\Local\Skillbrains
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2014-01-15 06:48 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2014-01-15 06:48 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2014-01-15 06:48 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-01-15 01:58 - 2014-01-18 17:19 - 00384013 _____ C:\Users\Leinad\Desktop\gge leinad und chef gold.mcr
2014-01-15 00:34 - 2014-01-15 00:43 - 00000039 _____ C:\Users\Leinad\Desktop\AP Übernahme.txt
2014-01-14 18:41 - 2014-01-14 18:43 - 00029452 _____ C:\Users\Leinad\Desktop\gge gold chrome.mcr
2014-01-14 16:43 - 2014-01-14 16:43 - 00029431 _____ C:\Users\Leinad\Desktop\gge gold.mcr
2014-01-14 14:14 - 2014-01-14 14:32 - 00000000 ____D C:\Program Files (x86)\MacroRecorder
2014-01-14 14:14 - 2014-01-14 14:14 - 00719360 _____ (Jitbit Software                                             ) C:\Users\Leinad\Downloads\MacroRecorderSetup.exe
2014-01-14 14:14 - 2014-01-14 14:14 - 00001102 _____ C:\Users\Public\Desktop\Macro Recorder.lnk
2014-01-14 13:56 - 2014-01-14 14:03 - 00000000 ____D C:\Users\Leinad\Documents\Recorder
2014-01-14 13:56 - 2014-01-14 13:56 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Recorder
2014-01-14 13:54 - 2014-01-14 16:45 - 00000000 ____D C:\Users\Leinad\Downloads\mouseandkeyrec
2014-01-14 13:54 - 2014-01-14 13:54 - 03274843 _____ C:\Users\Leinad\Downloads\mouseandkeyrec.zip
2014-01-14 13:53 - 2014-01-14 13:52 - 00047438 _____ C:\Users\Leinad\Documents\macex_bak000.~mex
2014-01-14 13:48 - 2014-01-14 13:52 - 00047438 _____ C:\Users\Leinad\Documents\macex.mex
2014-01-14 13:47 - 2014-01-14 13:47 - 00000000 ____D C:\ProgramData\Insight Software Solutions
2014-01-14 13:46 - 2014-01-14 13:46 - 23310272 _____ C:\Users\Leinad\Downloads\macex3.exe
2014-01-14 13:44 - 2014-01-14 13:44 - 00000916 _____ C:\Users\Leinad\Desktop\GGE.lnk
2014-01-14 13:42 - 2014-01-14 13:46 - 00000000 ____D C:\Program Files (x86)\Ghost Control
2014-01-14 13:42 - 2014-01-14 13:44 - 00000000 ____D C:\Users\Leinad\Documents\Ghost Control
2014-01-14 13:42 - 2009-12-02 21:57 - 00000032 _____ C:\Windows\SysWOW64\comcnt.sys
2014-01-14 13:42 - 2008-04-14 05:41 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dx8vb.dll
2014-01-14 13:42 - 1998-06-26 00:00 - 00644400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-01-14 13:42 - 1998-06-24 00:00 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCT232.OCX
2014-01-14 13:42 - 1998-06-24 00:00 - 00115016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2014-01-14 13:41 - 2014-01-14 13:41 - 03373928 _____ (N.R.S.                                                      ) C:\Users\Leinad\Documents\ghostcontrol3.exe
2014-01-13 21:29 - 2014-01-14 22:30 - 00000019 _____ C:\Users\Leinad\Desktop\Samurai neue Nahrungs-AP.txt
2014-01-13 20:36 - 2014-01-14 22:58 - 00000058 _____ C:\Users\Leinad\Desktop\neue Samurai RSD.txt
2014-01-13 20:36 - 2014-01-13 21:31 - 00000039 _____ C:\Users\Leinad\Desktop\Neues Textdokument (2).txt
2014-01-13 00:20 - 2014-01-20 00:50 - 00001797 _____ C:\Users\Leinad\Desktop\Einheitenbericht.txt
2014-01-12 21:16 - 2014-01-12 23:21 - 00000107 _____ C:\Users\Leinad\Desktop\TS Samurai.txt
2014-01-12 18:18 - 2014-01-12 18:18 - 00002660 _____ C:\Users\Leinad\Desktop\146d2ab98747657b0aa1e08e46ad3786.rsdf
2014-01-11 23:02 - 2014-01-12 09:23 - 00001206 _____ C:\Users\Leinad\Desktop\sam.txt
2014-01-11 21:35 - 2014-01-11 22:19 - 00000017 _____ C:\Users\Leinad\Desktop\nahrungs aps.txt
2014-01-11 06:00 - 2014-01-11 06:30 - 00000175 _____ C:\Users\Leinad\Desktop\Leindörfer.txt
2014-01-09 20:34 - 2014-01-09 20:34 - 00000007 _____ C:\Users\Leinad\Desktop\neue AP.txt
2014-01-09 03:17 - 2014-01-09 03:17 - 00000807 _____ C:\Users\Leinad\Desktop\Tipp für RSD.txt
2014-01-09 02:25 - 2014-01-17 22:59 - 00000627 _____ C:\Users\Leinad\Desktop\winter ziele.txt
2014-01-04 22:49 - 2014-01-04 22:49 - 00000013 _____ C:\Users\Leinad\Desktop\alli kontakt.txt
2013-12-30 23:20 - 2013-12-30 23:22 - 00000000 ____D C:\Users\Leinad\Desktop\Uni
2013-12-30 22:10 - 2014-01-20 07:21 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Skype
2013-12-30 22:10 - 2013-12-30 22:10 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ____D C:\ProgramData\Skype
2013-12-30 16:30 - 2014-01-09 00:55 - 00001370 _____ C:\Users\Leinad\Desktop\ziele.txt
2013-12-30 07:47 - 2013-12-30 07:47 - 00000000 ____D C:\Users\Leinad\AppData\Local\Macromedia
2013-12-29 18:21 - 2013-12-29 18:21 - 00001127 _____ C:\Users\Leinad\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-29 18:20 - 2013-12-29 18:20 - 00001421 _____ C:\Users\Leinad\Desktop\Internet Explorer.lnk
2013-12-29 18:18 - 2013-12-29 18:19 - 00000000 ____D C:\Users\Leinad\AppData\Local\Mozilla
2013-12-29 18:18 - 2013-12-29 18:18 - 00283096 _____ (Mozilla) C:\Users\Leinad\Downloads\Firefox Setup Stub 26.0.exe
2013-12-29 18:18 - 2013-12-29 18:18 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-29 08:17 - 2013-12-29 08:17 - 01233962 _____ C:\Users\Leinad\Downloads\AdwCleaner (1).exe
2013-12-29 08:16 - 2013-12-29 08:16 - 01034531 _____ (Thisisu) C:\Users\Leinad\Downloads\JRT.exe
2013-12-29 08:07 - 2013-12-29 08:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Leinad\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-29 08:02 - 2013-12-29 08:02 - 00001442 _____ C:\Users\Leinad\Desktop\RootAlyzer.lnk
2013-12-29 08:01 - 2013-12-29 08:02 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-29 08:01 - 2013-12-29 08:01 - 01339719 _____ C:\Users\Leinad\Downloads\rootalyz-0.3.4.47.zip
2013-12-29 08:01 - 2013-12-29 08:01 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-29 08:01 - 2013-12-29 08:01 - 00000000 ____D C:\Users\Leinad\Downloads\rootalyz-0.3.4.47
2013-12-29 08:01 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2013-12-29 07:57 - 2013-12-29 08:00 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Leinad\Downloads\spybot-2.2.exe
2013-12-29 04:43 - 2013-12-29 05:01 - 00000000 ____D C:\Program Files (x86)\JDownloader 2
2013-12-29 04:43 - 2013-12-29 04:53 - 00000000 ____D C:\Program Files (x86)\JD Backup
2013-12-29 04:40 - 2013-12-29 04:40 - 00002086 _____ C:\Users\Leinad\Desktop\JDownloader 2.lnk
2013-12-29 04:37 - 2014-01-20 04:42 - 00000000 ____D C:\Users\Leinad\AppData\Local\JDownloader v2.0
2013-12-29 04:35 - 2013-12-29 08:12 - 00000000 ____D C:\ProgramData\WPM
2013-12-29 04:34 - 2013-12-29 04:34 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\Leinad\Downloads\WebInstaller.exe
2013-12-29 04:34 - 2013-12-29 04:34 - 00077976 _____ (AppWork GmbH) C:\Users\Leinad\Downloads\WebInstallerJD2.exe
2013-12-29 03:51 - 2013-12-29 03:50 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-29 03:51 - 2013-12-29 03:50 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-29 03:51 - 2013-12-29 03:50 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-29 03:51 - 2013-12-29 03:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 16:13 - 2013-12-29 07:48 - 00000123 _____ C:\Users\Leinad\Desktop\Goodgame Empire Zeug.txt
2013-12-24 06:14 - 2013-12-24 06:14 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (3).exe
2013-12-24 06:10 - 2013-12-24 06:10 - 00000000 ____D C:\2f1e1235fb3978355243e40a64e4da86
2013-12-24 06:09 - 2014-01-16 03:01 - 00000000 ____D C:\Windows\System32\MRT
2013-12-24 06:08 - 2013-12-24 06:08 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (2).exe
2013-12-23 20:58 - 2013-12-23 20:58 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (1).exe

==================== One Month Modified Files and Folders =======

2014-01-20 17:30 - 2014-01-20 17:27 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2014-01-20 16:46 - 2014-01-20 16:46 - 00000000 ____D C:\FRST
2014-01-20 16:36 - 2013-07-13 11:01 - 00020996 _____ C:\Windows\setupact.log
2014-01-20 16:36 - 2012-12-29 01:55 - 00958094 _____ C:\Windows\System32\oodbs.lor
2014-01-20 16:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-20 16:03 - 2012-12-28 23:36 - 01201880 _____ C:\Windows\WindowsUpdate.log
2014-01-20 15:46 - 2012-12-29 02:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-20 15:45 - 2013-07-13 11:25 - 00286078 _____ C:\Windows\PFRO.log
2014-01-20 15:29 - 2011-04-12 08:43 - 05300664 _____ C:\Windows\System32\perfh007.dat
2014-01-20 15:29 - 2011-04-12 08:43 - 01632718 _____ C:\Windows\System32\perfc007.dat
2014-01-20 15:29 - 2009-07-14 06:13 - 00007064 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-20 07:38 - 2012-12-29 01:09 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\vlc
2014-01-20 07:22 - 2014-01-15 22:58 - 00000390 _____ C:\Windows\Tasks\update-sys.job
2014-01-20 07:21 - 2013-12-30 22:10 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Skype
2014-01-20 06:49 - 2012-12-29 01:07 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-586411972-1826969491-2776955316-1001UA.job
2014-01-20 06:45 - 2014-01-15 22:58 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001.job
2014-01-20 04:42 - 2013-12-29 04:37 - 00000000 ____D C:\Users\Leinad\AppData\Local\JDownloader v2.0
2014-01-20 00:50 - 2014-01-13 00:20 - 00001797 _____ C:\Users\Leinad\Desktop\Einheitenbericht.txt
2014-01-19 21:49 - 2012-12-29 01:07 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-586411972-1826969491-2776955316-1001Core.job
2014-01-19 18:50 - 2013-06-19 10:12 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\TS3Client
2014-01-18 19:45 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 19:45 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 17:19 - 2014-01-15 01:58 - 00384013 _____ C:\Users\Leinad\Desktop\gge leinad und chef gold.mcr
2014-01-17 22:59 - 2014-01-09 02:25 - 00000627 _____ C:\Users\Leinad\Desktop\winter ziele.txt
2014-01-16 16:21 - 2009-07-14 05:45 - 02054608 _____ C:\Windows\System32\FNTCACHE.DAT
2014-01-16 03:04 - 2013-12-24 06:09 - 00000000 ____D C:\Windows\System32\MRT
2014-01-16 03:00 - 2012-12-13 09:31 - 86054176 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-01-15 22:58 - 2014-01-15 22:58 - 02727456 _____ (Skillbrains                                                 ) C:\Users\Leinad\Downloads\setup-lightshot.exe
2014-01-15 22:58 - 2014-01-15 22:58 - 00003286 _____ C:\Windows\System32\Tasks\update-sys
2014-01-15 22:58 - 2014-01-15 22:58 - 00003266 _____ C:\Windows\System32\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001
2014-01-15 22:58 - 2014-01-15 22:58 - 00000443 _____ C:\Users\Leinad\AppData\Local\UserProducts.xml
2014-01-15 22:58 - 2014-01-15 22:58 - 00000003 _____ C:\Users\Leinad\AppData\Local\updater.log
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Users\Leinad\AppData\Local\Skillbrains
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2014-01-15 00:43 - 2014-01-15 00:34 - 00000039 _____ C:\Users\Leinad\Desktop\AP Übernahme.txt
2014-01-14 22:58 - 2014-01-13 20:36 - 00000058 _____ C:\Users\Leinad\Desktop\neue Samurai RSD.txt
2014-01-14 22:30 - 2014-01-13 21:29 - 00000019 _____ C:\Users\Leinad\Desktop\Samurai neue Nahrungs-AP.txt
2014-01-14 18:43 - 2014-01-14 18:41 - 00029452 _____ C:\Users\Leinad\Desktop\gge gold chrome.mcr
2014-01-14 16:45 - 2014-01-14 13:54 - 00000000 ____D C:\Users\Leinad\Downloads\mouseandkeyrec
2014-01-14 16:43 - 2014-01-14 16:43 - 00029431 _____ C:\Users\Leinad\Desktop\gge gold.mcr
2014-01-14 14:32 - 2014-01-14 14:14 - 00000000 ____D C:\Program Files (x86)\MacroRecorder
2014-01-14 14:14 - 2014-01-14 14:14 - 00719360 _____ (Jitbit Software                                             ) C:\Users\Leinad\Downloads\MacroRecorderSetup.exe
2014-01-14 14:14 - 2014-01-14 14:14 - 00001102 _____ C:\Users\Public\Desktop\Macro Recorder.lnk
2014-01-14 14:03 - 2014-01-14 13:56 - 00000000 ____D C:\Users\Leinad\Documents\Recorder
2014-01-14 13:56 - 2014-01-14 13:56 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Recorder
2014-01-14 13:54 - 2014-01-14 13:54 - 03274843 _____ C:\Users\Leinad\Downloads\mouseandkeyrec.zip
2014-01-14 13:52 - 2014-01-14 13:53 - 00047438 _____ C:\Users\Leinad\Documents\macex_bak000.~mex
2014-01-14 13:52 - 2014-01-14 13:48 - 00047438 _____ C:\Users\Leinad\Documents\macex.mex
2014-01-14 13:47 - 2014-01-14 13:47 - 00000000 ____D C:\ProgramData\Insight Software Solutions
2014-01-14 13:46 - 2014-01-14 13:46 - 23310272 _____ C:\Users\Leinad\Downloads\macex3.exe
2014-01-14 13:46 - 2014-01-14 13:42 - 00000000 ____D C:\Program Files (x86)\Ghost Control
2014-01-14 13:44 - 2014-01-14 13:44 - 00000916 _____ C:\Users\Leinad\Desktop\GGE.lnk
2014-01-14 13:44 - 2014-01-14 13:42 - 00000000 ____D C:\Users\Leinad\Documents\Ghost Control
2014-01-14 13:41 - 2014-01-14 13:41 - 03373928 _____ (N.R.S.                                                      ) C:\Users\Leinad\Documents\ghostcontrol3.exe
2014-01-13 21:31 - 2014-01-13 20:36 - 00000039 _____ C:\Users\Leinad\Desktop\Neues Textdokument (2).txt
2014-01-12 23:21 - 2014-01-12 21:16 - 00000107 _____ C:\Users\Leinad\Desktop\TS Samurai.txt
2014-01-12 18:18 - 2014-01-12 18:18 - 00002660 _____ C:\Users\Leinad\Desktop\146d2ab98747657b0aa1e08e46ad3786.rsdf
2014-01-12 09:23 - 2014-01-11 23:02 - 00001206 _____ C:\Users\Leinad\Desktop\sam.txt
2014-01-11 22:19 - 2014-01-11 21:35 - 00000017 _____ C:\Users\Leinad\Desktop\nahrungs aps.txt
2014-01-11 06:30 - 2014-01-11 06:00 - 00000175 _____ C:\Users\Leinad\Desktop\Leindörfer.txt
2014-01-09 20:34 - 2014-01-09 20:34 - 00000007 _____ C:\Users\Leinad\Desktop\neue AP.txt
2014-01-09 03:32 - 2013-10-29 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-09 03:17 - 2014-01-09 03:17 - 00000807 _____ C:\Users\Leinad\Desktop\Tipp für RSD.txt
2014-01-09 00:55 - 2013-12-30 16:30 - 00001370 _____ C:\Users\Leinad\Desktop\ziele.txt
2014-01-05 01:06 - 2013-01-03 13:06 - 00000000 ____D C:\Users\Leinad\AppData\Local\Adobe
2014-01-04 22:49 - 2014-01-04 22:49 - 00000013 _____ C:\Users\Leinad\Desktop\alli kontakt.txt
2013-12-30 23:30 - 2013-11-13 16:53 - 00000000 ____D C:\Program Files (x86)\Space Rangers HD A War Apart
2013-12-30 23:29 - 2013-08-12 22:26 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\3909
2013-12-30 23:29 - 2013-01-01 21:59 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-30 23:25 - 2013-03-15 02:19 - 00000000 ____D C:\Users\Leinad\Documents\SimCity 4
2013-12-30 23:22 - 2013-12-30 23:20 - 00000000 ____D C:\Users\Leinad\Desktop\Uni
2013-12-30 22:28 - 2013-06-19 10:10 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-12-30 22:10 - 2013-12-30 22:10 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ____D C:\ProgramData\Skype
2013-12-30 07:51 - 2012-12-29 02:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-30 07:47 - 2013-12-30 07:47 - 00000000 ____D C:\Users\Leinad\AppData\Local\Macromedia
2013-12-29 18:21 - 2013-12-29 18:21 - 00001127 _____ C:\Users\Leinad\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-29 18:20 - 2013-12-29 18:20 - 00001421 _____ C:\Users\Leinad\Desktop\Internet Explorer.lnk
2013-12-29 18:19 - 2013-12-29 18:18 - 00000000 ____D C:\Users\Leinad\AppData\Local\Mozilla
2013-12-29 18:18 - 2013-12-29 18:18 - 00283096 _____ (Mozilla) C:\Users\Leinad\Downloads\Firefox Setup Stub 26.0.exe
2013-12-29 18:18 - 2013-12-29 18:18 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-29 18:18 - 2013-07-11 02:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-29 18:18 - 2012-12-29 02:33 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Mozilla
2013-12-29 12:16 - 2012-12-29 00:43 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013
2013-12-29 08:17 - 2013-12-29 08:17 - 01233962 _____ C:\Users\Leinad\Downloads\AdwCleaner (1).exe
2013-12-29 08:17 - 2013-07-13 11:32 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-29 08:17 - 2013-07-13 11:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-29 08:16 - 2013-12-29 08:16 - 01034531 _____ (Thisisu) C:\Users\Leinad\Downloads\JRT.exe
2013-12-29 08:12 - 2013-12-29 04:35 - 00000000 ____D C:\ProgramData\WPM
2013-12-29 08:08 - 2013-12-29 08:07 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Leinad\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-29 08:04 - 2013-07-12 18:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-29 08:02 - 2013-12-29 08:02 - 00001442 _____ C:\Users\Leinad\Desktop\RootAlyzer.lnk
2013-12-29 08:02 - 2013-12-29 08:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-29 08:01 - 2013-12-29 08:01 - 01339719 _____ C:\Users\Leinad\Downloads\rootalyz-0.3.4.47.zip
2013-12-29 08:01 - 2013-12-29 08:01 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-29 08:01 - 2013-12-29 08:01 - 00000000 ____D C:\Users\Leinad\Downloads\rootalyz-0.3.4.47
2013-12-29 08:00 - 2013-12-29 07:57 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Leinad\Downloads\spybot-2.2.exe
2013-12-29 07:48 - 2013-12-28 16:13 - 00000123 _____ C:\Users\Leinad\Desktop\Goodgame Empire Zeug.txt
2013-12-29 05:01 - 2013-12-29 04:43 - 00000000 ____D C:\Program Files (x86)\JDownloader 2
2013-12-29 04:53 - 2013-12-29 04:43 - 00000000 ____D C:\Program Files (x86)\JD Backup
2013-12-29 04:40 - 2013-12-29 04:40 - 00002086 _____ C:\Users\Leinad\Desktop\JDownloader 2.lnk
2013-12-29 04:34 - 2013-12-29 04:34 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\Leinad\Downloads\WebInstaller.exe
2013-12-29 04:34 - 2013-12-29 04:34 - 00077976 _____ (AppWork GmbH) C:\Users\Leinad\Downloads\WebInstallerJD2.exe
2013-12-29 03:51 - 2013-10-29 21:33 - 00000000 ____D C:\ProgramData\Oracle
2013-12-29 03:50 - 2013-12-29 03:51 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-29 03:50 - 2013-12-29 03:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-29 03:50 - 2013-12-29 03:51 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-29 03:50 - 2013-12-29 03:51 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-29 03:48 - 2013-04-17 23:07 - 00000000 ____D C:\Games
2013-12-28 18:05 - 2012-12-29 00:42 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-12-24 06:14 - 2013-12-24 06:14 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (3).exe
2013-12-24 06:10 - 2013-12-24 06:10 - 00000000 ____D C:\2f1e1235fb3978355243e40a64e4da86
2013-12-24 06:08 - 2013-12-24 06:08 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (2).exe
2013-12-23 20:58 - 2013-12-23 20:58 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (1).exe
2013-12-23 10:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\Leinad\AppData\Local\Temp\eauninstall.exe
C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe
C:\Users\Leinad\AppData\Local\Temp\SC4_uninst.exe
C:\Users\Leinad\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
C:\Users\Leinad\AppData\Local\Temp\vlc-2.1.2-win64.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-01-01 00:23:30
Restore point made on: 2014-01-07 18:05:59
Restore point made on: 2014-01-14 09:22:41
Restore point made on: 2014-01-14 13:47:22
Restore point made on: 2014-01-14 13:55:29
Restore point made on: 2014-01-14 16:53:38
Restore point made on: 2014-01-16 03:00:33

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 3958.71 MB
Available physical RAM: 3321.17 MB
Total Pagefile: 3956.91 MB
Available Pagefile: 3314.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:185.59 GB) NTFS
Drive f: (LEINADSTICK) (Removable) (Total:29.87 GB) (Free:29.86 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A1350D26)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)


LastRegBack: 2014-01-19 19:08

==================== End Of Log ============================

 

Themen zu GVU Trojaner - Windows7
aartemis, aartemis entfernen, adobe flash player, association, download, explorer.exe, firefox, goodgame, kaspersky, microsoft, pum.rightclick.disabled, pup.optional.crossrider.a, registry, safer networking, svchost.exe, win32/injector.anlt, win32/lockscreen.bei, winlogon


« Windows 7: Chrome Browser verändert und Suchen werden weitergeleitet | Windows 7, in Browsern öffnen sich Warnseiten oder Werbung »


Ähnliche Themen: GVU Trojaner - Windows7


  1. Windows7 - Trojaner(?) blockiert Virenscanner etc
    Log-Analyse und Auswertung - 13.06.2014 (13)
  2. Interpol-BKA Trojaner / Windows7 Ultimate
    Plagegeister aller Art und deren Bekämpfung - 14.03.2014 (12)
  3. GVU Trojaner Windows7
    Log-Analyse und Auswertung - 12.02.2014 (17)
  4. Windows7: Vermutung auf Trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.12.2013 (9)
  5. Windows7, Trojaner
    Log-Analyse und Auswertung - 14.12.2013 (9)
  6. Windows7, Interpol Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (30)
  7. ihavenet trojaner WINDOWS7
    Log-Analyse und Auswertung - 29.08.2013 (9)
  8. GVU Trojaner Windows7
    Log-Analyse und Auswertung - 06.08.2013 (4)
  9. GVU-Trojaner Windows7
    Plagegeister aller Art und deren Bekämpfung - 25.07.2013 (25)
  10. GVU Trojaner auf Windows7 64bit
    Log-Analyse und Auswertung - 17.06.2013 (48)
  11. GVU Trojaner, Windows7
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (9)
  12. Gvu Trojaner windows7
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (2)
  13. BKA-Trojaner auf Windows7 Starter
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (4)
  14. GVU Trojaner Windows7 32bit
    Log-Analyse und Auswertung - 14.08.2012 (11)
  15. Windows7 Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  16. Probleme mit Internetverbindung - Windows7, Trojaner o.ä.?
    Log-Analyse und Auswertung - 15.01.2010 (5)
  17. Windows7 Virus/Trojaner? Freeze?
    Alles rund um Windows - 17.12.2009 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner - Windows7 - Ich habe mir den GVU-Trojaner eingefangen und jetzt wie hier beschrieben FRST laufen lassen. Folgend das Log und ich wäre für Vorschläge zur weiteren Vorgehensweise sehr dankbar: Code: Alles auswählen - GVU Trojaner - Windows7...
Archiv
Du betrachtest: GVU Trojaner - Windows7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131