| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 8 GVU TrojaberWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.06.2014, 12:56
| #1 |
| |  Windows 8 GVU Trojaber Hallo, Ein Bekannter hat mich gebeten mal zu schauen ob ich den GVU Trojaner von seinem Rechner schmeißen kann. Da ich nicht von meinem USB Stick booten kann um Kaspersky mal drüberlaufen zu lassen, habe ich entsprechend einem anderen Thread (Den ich nicht verlinken kann) schonmal den FRST Scan gemacht. System: Windows 8 FRST.txt FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by SYSTEM on MININT-ESI1DTR on 17-06-2014 13:48:24
Running from D:\
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-27] (Realtek Semiconductor)
HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit.exe [28672 2012-07-24] ()
HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-07] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-27] (McAfee, Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-27] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\CrashsmashLP\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [272176 2013-11-12] ()
HKU\CrashsmashLP\...\Run: [lollipop_03241333] => c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.exe [2952192 2014-03-24] ()
HKU\CrashsmashLP\...\Run: [Browser Infrastructure Helper] => C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\SnapDo.exe [27680 2014-03-20] (Smartbar)
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> (No File)
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jgvmqbe.lnk
ShortcutTarget: jgvmqbe.lnk -> C:\ProgramData\ebqmvgj.gsa (Haarlems Dagblad, Inc)
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk
ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Services (Whitelisted) =================
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-10] (Cherished Technololgy LIMITED)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()
S2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo)
S3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo)
S2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-06] ()
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-27] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-10] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-20] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-26] (McAfee, Inc.)
S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [185792 2014-01-26] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [417072 2013-11-12] ()
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-02-26] ()
S2 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markit155.exe [193536 2014-03-03] ()
S2 Update FindRight; C:\Program Files (x86)\FindRight\updateFindRight.exe [317728 2014-06-05] ()
S2 Util FindRight; C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [317728 2014-06-05] ()
S2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2014-01-06] (Wajam)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-24] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\jgvmqbe.faa [332020 2014-03-31] (Microsoft Corporation)
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [501904 2014-03-03] (Cherished Technololgy LIMITED)
S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service
==================== Drivers (Whitelisted) ====================
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-26] (McAfee, Inc.)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-05] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-26] (McAfee, Inc.)
S2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-26] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-26] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-26] (McAfee, Inc.)
S2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-26] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-20] (McAfee, Inc.)
S2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-26] (McAfee, Inc.)
S1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61112 2014-03-18] (StdLib)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-17 13:43 - 2014-06-17 13:43 - 00000000 ____D () C:\FRST
2014-06-02 06:23 - 2014-06-17 03:39 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk
2014-06-02 06:15 - 2014-06-02 06:15 - 00000000 _____ () C:\end
==================== One Month Modified Files and Folders =======
2014-06-17 13:43 - 2014-06-17 13:43 - 00000000 ____D () C:\FRST
2014-06-17 03:40 - 2014-03-03 10:41 - 00000418 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-06-17 03:40 - 2014-03-03 10:40 - 00000416 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-06-17 03:40 - 2014-02-25 05:37 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-06-17 03:40 - 2014-02-02 00:17 - 00000008 _____ () C:\Users\CrashsmashLP\Documents\lmscfg
2014-06-17 03:40 - 2014-02-02 00:16 - 00000212 _____ () C:\Users\CrashsmashLP\Documents\pms.xml
2014-06-17 03:40 - 2014-02-02 00:15 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Temp
2014-06-17 03:39 - 2014-06-02 06:23 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk
2014-06-17 03:39 - 2014-04-01 03:58 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 03:39 - 2014-03-25 07:45 - 00003262 _____ () C:\Windows\System32\Tasks\PC Health Kit Schedule
2014-06-17 03:39 - 2014-03-25 07:45 - 00001534 _____ () C:\Windows\Tasks\easy-deals2-updater.job
2014-06-17 03:39 - 2014-03-25 07:45 - 00001490 _____ () C:\Windows\Tasks\easy-deals2-codedownloader.job
2014-06-17 03:39 - 2014-03-25 07:45 - 00001368 _____ () C:\Windows\Tasks\easy-deals2-enabler.job
2014-06-17 03:39 - 2014-03-25 07:44 - 00003118 _____ () C:\Windows\Tasks\easy-deals2-chromeinstaller.job
2014-06-17 03:39 - 2014-03-03 10:43 - 00000298 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-06-17 03:39 - 2014-03-03 10:42 - 00001566 _____ () C:\Windows\Tasks\Video-for-PC-1.2-updater.job
2014-06-17 03:39 - 2014-03-03 10:41 - 00003138 _____ () C:\Windows\Tasks\Video-for-PC-1.2-chromeinstaller.job
2014-06-17 03:39 - 2014-03-03 10:41 - 00002622 _____ () C:\Windows\Tasks\Video-for-PC-1.2-firefoxinstaller.job
2014-06-17 03:39 - 2014-03-03 10:41 - 00001522 _____ () C:\Windows\Tasks\Video-for-PC-1.2-codedownloader.job
2014-06-17 03:39 - 2014-03-03 10:41 - 00001420 _____ () C:\Windows\Tasks\Video-for-PC-1.2-enabler.job
2014-06-17 03:38 - 2012-07-25 23:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-17 03:27 - 2014-04-02 05:15 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-06-17 03:14 - 2014-03-01 08:32 - 00000324 _____ () C:\Windows\Tasks\MySearchDial.job
2014-06-17 03:10 - 2012-07-25 23:21 - 00026869 _____ () C:\Windows\setupact.log
2014-06-17 03:07 - 2014-02-03 07:24 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-505307628-1853979233-654877678-1001
2014-06-17 03:05 - 2014-04-23 08:10 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-06-17 03:05 - 2014-02-25 05:36 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-06-17 03:05 - 2014-02-25 05:36 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Roaming\System Speedup
2014-06-17 03:03 - 2014-04-01 03:58 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-17 00:48 - 2014-02-25 05:37 - 00000366 _____ () C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2014-06-17 00:20 - 2012-07-25 21:26 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2014-06-17 00:18 - 2012-11-02 14:17 - 02026843 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 00:04 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\System32\sru
2014-06-05 09:00 - 2014-03-03 10:43 - 00000304 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-06-05 08:57 - 2014-02-25 05:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-05 08:42 - 2014-03-03 10:41 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Lollipop
2014-06-05 08:42 - 2012-11-02 14:13 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-06-05 08:38 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-02 06:26 - 2014-02-25 05:37 - 00000000 ____D () C:\Users\CrashsmashLP\Documents\PCSpeedUp
2014-06-02 06:15 - 2014-06-02 06:15 - 00000000 _____ () C:\end
2014-06-02 06:06 - 2012-08-01 07:51 - 00017438 _____ () C:\Windows\PFRO.log
2014-06-02 06:00 - 2014-03-03 10:41 - 00000000 ____D () C:\ProgramData\IePluginService
2014-06-02 06:00 - 2014-03-03 10:41 - 00000000 ____D () C:\Program Files (x86)\SupTab
Some content of TEMP:
====================
C:\Users\CrashsmashLP\AppData\Local\Temp\airB377.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\airB76A.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\airE4AA.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\airEA3E.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\BackupSetup.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\bdfilters.dll
C:\Users\CrashsmashLP\AppData\Local\Temp\IEHistory.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\InstalledPrograms.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\nse204.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\nsf1DDB.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\vcredist_x64.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2014-04-01 05:08:23
Restore point made on: 2014-04-29 10:05:25
==================== Memory info ===========================
Percentage of memory in use: 12%
Total physical RAM: 8152.33 MB
Available physical RAM: 7103.22 MB
Total Pagefile: 8152.33 MB
Available Pagefile: 7115.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:627.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Removable) (Total:3.73 GB) (Free:3.68 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1328577F)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
LastRegBack: 2014-06-17 00:30
==================== End Of Log ============================
--- --- --- --- --- --- Falls noch weitere Infos benötigt werden, einfach nachfragen. Vielen Dank schon im voraus. Geändert von DGutschalk (17.06.2014 um 13:01 Uhr) |
Baum-Darstellung