|
Log-Analyse und Auswertung: WIN7 GVU Trojaner Logfile liegt vorWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.03.2014, 21:57 | #1 |
| WIN7 GVU Trojaner Logfile liegt vor So jetzt hat es mich nach dem Büroangriff ach daheim getroffen. ImBüro hat die EDV Abteilung geholfen, Privat brauch ich eure. Grüße und herzlichen Dank Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013 (ATTENTION: ====> FRST version is 103 days old and could be outdated) Ran by SYSTEM on MININT-GOIMVDU on 07-03-2014 21:40:41 Running from F:\ Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7940128 2009-07-06] (Realtek Semiconductor) HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-07-06] (Realtek Semiconductor Corp.) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated) HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [SBRegRebootCleaner] - C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [200560 2011-12-19] (GFI Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.EXE [825864 2009-08-16] (Dritek System Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [540056 2012-08-08] (Lavasoft) HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-24] (Apple Inc.) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] () HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-29] () HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation) HKU\Bertrand\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom) HKU\Bertrand\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Bertrand\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll [ ] () Startup: C:\Users\Bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zjeqodjw0.lnk ShortcutTarget: zjeqodjw0.lnk -> C:\PROGRA~3\0wjdoqejz.cpp () ==================== Services (Whitelisted) ================= S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236368 2012-09-20] (Lavasoft Limited) S3 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO) S2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch) S2 dlea_device; C:\Windows\system32\dleacoms.exe [1054888 2009-07-01] ( ) S2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.) S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software) S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation) S2 Winmgmt; C:\ProgramData\zjeqodjw0.zvv [332540 2014-03-07] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch) S1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch) S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.) S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2012-11-02] (Kaspersky Lab) S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-09-03] (Kaspersky Lab) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-09-03] (Kaspersky Lab) S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-10-18] (Kaspersky Lab) S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab) S1 SBRE; C:\Windows\SysWow64\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software) S3 StarOpen; No ImagePath S5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2012-11-02] (Kaspersky Lab) S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-07 21:38 - 2014-03-07 21:38 - 00000000 ____D C:\FRST 2014-03-07 10:31 - 2014-03-07 10:33 - 95027928 ____T C:\ProgramData\zjeqodjw0.fee 2014-03-07 10:31 - 2014-03-07 10:31 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\zjeqodjw0.zvv 2014-03-07 10:31 - 2014-03-07 10:31 - 00144896 _____ C:\ProgramData\0wjdoqejz.cpp 2014-03-06 07:23 - 2014-03-06 07:23 - 00000016 _____ C:\Users\Bertrand\Desktop\Go.txt 2014-02-16 06:22 - 2014-02-16 06:22 - 00015820 _____ C:\Users\Bertrand\AppData\Local\recently-used.xbel 2014-02-16 03:02 - 2014-02-16 03:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= 2014-03-07 21:38 - 2014-03-07 21:38 - 00000000 ____D C:\FRST 2014-03-07 12:34 - 2009-07-13 20:45 - 00015568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-07 12:34 - 2009-07-13 20:45 - 00015568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-07 12:29 - 2012-12-29 07:03 - 00031839 _____ C:\Windows\setupact.log 2014-03-07 12:29 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-03-07 11:56 - 2012-10-06 07:41 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection 2014-03-07 11:04 - 2009-08-30 12:04 - 01729113 _____ C:\Windows\WindowsUpdate.log 2014-03-07 10:35 - 2012-10-27 02:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-07 10:33 - 2014-03-07 10:31 - 95027928 ____T C:\ProgramData\zjeqodjw0.fee 2014-03-07 10:31 - 2014-03-07 10:31 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\zjeqodjw0.zvv 2014-03-07 10:31 - 2014-03-07 10:31 - 00144896 _____ C:\ProgramData\0wjdoqejz.cpp 2014-03-07 08:21 - 2009-10-26 11:18 - 00000000 ____D C:\Musik 2014-03-07 03:20 - 2010-02-04 11:51 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E766B5F1-2D27-48A8-B21C-5E7BC66F64F4} 2014-03-06 07:23 - 2014-03-06 07:23 - 00000016 _____ C:\Users\Bertrand\Desktop\Go.txt 2014-02-16 06:22 - 2014-02-16 06:22 - 00015820 _____ C:\Users\Bertrand\AppData\Local\recently-used.xbel 2014-02-16 06:22 - 2012-07-26 09:49 - 00000000 ____D C:\Users\Bertrand\.gimp-2.8 2014-02-16 03:31 - 2014-02-16 03:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2014-02-15 06:07 - 2009-11-01 04:13 - 00000000 ____D C:\Bild 2014-02-15 05:59 - 2013-08-01 05:04 - 00037888 ___SH C:\Users\Bertrand\Documents\Thumbs.db Some content of TEMP: ==================== C:\Users\Bertrand\AppData\Local\Temp\DivXInstaller.exe C:\Users\Bertrand\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Bertrand\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Bertrand\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Bertrand\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 8 Restore point made on: 2013-08-24 01:53:41 Restore point made on: 2013-08-31 05:22:17 Restore point made on: 2013-09-09 10:12:49 Restore point made on: 2013-09-12 09:58:09 Restore point made on: 2013-09-29 03:39:16 Restore point made on: 2013-10-17 21:20:57 Restore point made on: 2013-11-02 09:58:18 Restore point made on: 2013-11-17 05:57:02 ==================== Memory info =========================== Percentage of memory in use: 27% Total physical RAM: 1978.91 MB Available physical RAM: 1431.99 MB Total Pagefile: 1978.91 MB Available Pagefile: 1425.87 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:220.79 GB) (Free:67.37 GB) NTFS Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:3.69 GB) NTFS Drive f: () (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 3DE589B9) Partition 1: (Not Active) - (Size=12 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=221 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 123 MB) (Disk ID: 0041BBB2) Partition 1: (Active) - (Size=123 MB) - (Type=0E) LastRegBack: 2013-10-29 12:19 ==================== End Of Log ============================ |
07.03.2014, 22:14 | #2 |
| WIN7 GVU Trojaner Logfile liegt vorIch habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Ich bedanke mich für deine Geduld |
08.03.2014, 02:24 | #3 |
| WIN7 GVU Trojaner Logfile liegt vor Hallo, bertiroth und
__________________Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S2 Winmgmt; C:\ProgramData\zjeqodjw0.zvv [332540 2014-03-07] (Microsoft Corporation) Startup: C:\Users\Bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zjeqodjw0.lnk ShortcutTarget: zjeqodjw0.lnk -> C:\PROGRA~3\0wjdoqejz.cpp () 2014-03-07 10:31 - 2014-03-07 10:33 - 95027928 ____T C:\ProgramData\zjeqodjw0.fee 2014-03-07 10:31 - 2014-03-07 10:31 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\zjeqodjw0.zvv 2014-03-07 10:31 - 2014-03-07 10:31 - 00144896 _____ C:\ProgramData\0wjdoqejz.cpp
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Starte nach diesem Fix bitte deinen Rechner im normalen Modus neu. Wenn er wieder funktioniert, mache bitte mit Schritt 2 weiter. Schritt 2 Verschiebe FRST vom USB-Stick auf den Desktop.
|
11.03.2014, 08:14 | #4 |
| WIN7 GVU Trojaner Logfile liegt vor Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist |
Themen zu WIN7 GVU Trojaner Logfile liegt vor |
acer, ad-aware, adobe, antivirus, association, avp, desktop, explorer, explorer.exe, home, ics, kaspersky, launch, logfile, microsoft, mozilla, realtek, registry, scan, services.exe, software, svchost.exe, system, system32, temp, trojaner, winlogon.exe |