![]() |
Log-Analyse und Auswertung: GVU Trojaner löschen ohne abgesicherten ModusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
| ![]() GVU Trojaner löschen ohne abgesicherten Modus bitte um dringende Hilfe GUV Trojaner abgesicherter modus funktioniert nicht LOG:FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01 Ran by SYSTEM on MININT-VGG3PI5 on 11-08-2014 18:35:42 Running from I:\ Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Internet Speed Tracker Home Page Guard 64 bit] => C:\Program Files (x86)\InternetSpeedTracker_9t\bar\1.bin\AppIntegrator64.exe [485960 2014-07-02] ( ) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] () HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2011-09-02] (Huawei Technologies Co., Ltd.) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation) HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [155648 2013-08-07] (Apple Computer, Inc.) HKLM-x32\...\Run: [InboxToolbar] => C:\Program Files (x86)\Inbox Toolbar\Inbox.exe [1380312 2013-12-01] (Inbox.com, Inc.) HKLM-x32\...\Run: [24x7HELP] => C:\Program Files (x86)\24x7Help\App24x7Help.exe [1887824 2013-11-05] (Crawler, LLC) HKLM-x32\...\Run: [PCPowerSpeed] => C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe [384608 2013-10-31] (Crawler.com) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [1772608 2014-04-24] (1und1 Mail und Media GmbH) HKLM-x32\...\Run: [Internet Speed Tracker EPM Support] => C:\Program Files (x86)\InternetSpeedTracker_9t\bar\1.bin\9tmedint.exe [12872 2014-07-02] (Mindspark Interactive Network, Inc.) HKLM-x32\...\Run: [Internet Speed Tracker Search Scope Monitor] => C:\Program Files (x86)\InternetSpeedTracker_9t\bar\1.bin\9tSrchMn.exe [55368 2014-07-02] (Mindspark) HKLM-x32\...\Run: [InternetSpeedTracker_9t Browser Plugin Loader] => C:\Program Files (x86)\InternetSpeedTracker_9t\bar\1.bin\9tbrmon.exe [61512 2014-07-02] (VER_COMPANY_NAME) HKLM-x32\...\Run: [InternetSpeedTracker_9t Browser Plugin Loader 64] => C:\Program Files (x86)\InternetSpeedTracker_9t\bar\1.bin\9tbrmon64.exe [71752 2014-07-02] (VER_COMPANY_NAME) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\runonceex: [] => [X] HKU\Default\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] () HKU\Default User\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] () HKU\Hannerl1971\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-12] (Google Inc.) HKU\Hannerl1971\...\Run: [HW_OPENEYE_OUC_] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.) HKU\Hannerl1971\...\Run: [RebateInformer] => C:\Program Files (x86)\RebateInformer\RebateInf.exe [2493312 2014-05-22] (Valion Group) HKU\Hannerl1971\...\Run: [1Xfimpxz] => C:\ProgramData\1Xfimpxz.exe Ä = < < ¬ p-= HKU\Hannerl1971\...\Run: [AppGraffiti] => C:\Program Files (x86)\AppGraffiti\AppGraffiti.exe [1220544 2014-07-08] (Omega Partners Ltd) HKU\UpdatusUser\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] () Startup: C:\Users\Hannerl1971\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk ShortcutTarget: program.lnk -> C:\ProgramData\C03A1C.cpp () ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [342608 2013-03-17] (PCRx.com, LLC) S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-09] (BonanzaDeals) S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-09] (BonanzaDeals) S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-04-03] (WildTangent, Inc.) S2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) S2 InternetSpeedTracker_9tService; C:\Program Files (x86)\InternetSpeedTracker_9t\bar\1.bin\9tbarsvc.exe [88648 2014-07-02] (COMPANYVERS_NAME) S2 N360; C:\Program Files (x86)\Norton 360\Engine\\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools) S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group) S2 Winmgmt; C:\ProgramData\C1A30C.dot [330980 2014-08-05] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-03] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation) S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.) S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130918.001\IDSvia64.sys [520280 2013-08-13] (Symantec Corporation) S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2012-05-08] (ITE ) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130918.001\ENG64.SYS [126040 2013-08-31] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130918.001\EX64.SYS [2099288 2013-08-31] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation) S0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-10-16] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-11 18:35 - 2014-08-11 18:35 - 00000000 ____D () C:\FRST 2014-08-11 08:29 - 2014-08-11 08:29 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-1040-F.txt 2014-08-11 08:21 - 2014-08-11 08:26 - 00002548 _____ () C:\ProgramData\RUNDLL32.EXE-1000-F.txt 2014-08-11 08:18 - 2014-08-11 08:18 - 00000434 _____ () C:\ProgramData\RUNDLL32.EXE-3444-F.txt 2014-08-11 08:06 - 2014-08-11 08:12 - 00002461 _____ () C:\ProgramData\RUNDLL32.EXE-4120-F.txt 2014-08-11 08:04 - 2014-08-11 08:04 - 00003344 ____N () C:\bootsqm.dat 2014-08-11 07:54 - 2014-08-11 07:55 - 00000491 _____ () C:\ProgramData\RUNDLL32.EXE-4500-F.txt 2014-08-09 23:34 - 2014-08-09 23:34 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3860-F.txt 2014-08-06 00:38 - 2014-08-06 00:48 - 00001365 _____ () C:\ProgramData\RUNDLL32.EXE-1008-F.txt 2014-08-06 00:15 - 2014-08-06 00:16 - 00001138 _____ () C:\ProgramData\RUNDLL32.EXE-3092-F.txt 2014-08-06 00:14 - 2014-08-06 00:14 - 00000379 _____ () C:\ProgramData\RUNDLL32.EXE-4084-F.txt 2014-08-06 00:13 - 2014-08-06 00:14 - 00000758 _____ () C:\ProgramData\RUNDLL32.EXE-3600-F.txt 2014-08-06 00:09 - 2014-08-06 00:09 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-4024-F.txt 2014-08-05 23:59 - 2014-08-05 23:59 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4656-F.txt 2014-08-05 23:58 - 2014-08-05 23:58 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-1672-F.txt 2014-08-05 23:53 - 2014-08-05 23:56 - 00000391 _____ () C:\ProgramData\RUNDLL32.EXE-3620-F.txt 2014-08-05 23:51 - 2014-08-05 23:51 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-3112-F.txt 2014-08-05 23:48 - 2014-08-05 23:49 - 00000168 _____ () C:\ProgramData\RUNDLL32.EXE-4044-F.txt 2014-08-05 23:48 - 2014-08-05 23:48 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-1260-F.txt 2014-08-05 23:45 - 2014-08-05 23:45 - 00000380 _____ () C:\ProgramData\RUNDLL32.EXE-3516-F.txt 2014-08-05 23:43 - 2014-08-05 23:43 - 00000054 _____ () C:\ProgramData\RUNDLL32.EXE-3088-F.txt 2014-08-05 23:42 - 2014-08-05 23:42 - 00000000 _____ () C:\Users\Hannerl1971\AppData\Local\{BA081CFC-302E-4D32-8C4B-58BAE51156D0} 2014-08-05 23:40 - 2014-08-05 23:41 - 00000438 _____ () C:\ProgramData\RUNDLL32.EXE-3996-F.txt 2014-08-05 23:27 - 2014-08-05 23:37 - 00004949 _____ () C:\ProgramData\RUNDLL32.EXE-4236-F.txt 2014-08-05 23:25 - 2014-08-05 23:25 - 00000000 ____H () C:\Users\Hannerl1971\AppData\Local\BITC42C.tmp 2014-08-05 23:25 - 2014-08-05 23:25 - 00000000 _____ () C:\Users\Hannerl1971\AppData\Local\{719DB11B-54CE-42FA-BAB7-CD29B0E5CA36} 2014-08-05 23:23 - 2014-08-05 23:25 - 00001366 _____ () C:\ProgramData\RUNDLL32.EXE-4252-F.txt 2014-08-05 23:16 - 2014-08-05 23:19 - 00000456 _____ () C:\ProgramData\RUNDLL32.EXE-4304-F.txt 2014-08-05 23:12 - 2014-08-05 23:13 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-4388-F.txt 2014-08-05 23:05 - 2014-08-05 23:08 - 00001991 _____ () C:\ProgramData\RUNDLL32.EXE-4536-F.txt 2014-08-05 22:59 - 2014-08-05 22:59 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-4556-F.txt 2014-08-05 09:41 - 2014-08-05 21:32 - 00020288 _____ () C:\ProgramData\RUNDLL32.EXE-3224-F.txt 2014-08-05 09:31 - 2014-08-05 09:31 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-5928-F.txt 2014-08-05 09:24 - 2014-08-05 09:26 - 00001629 _____ () C:\ProgramData\RUNDLL32.EXE-1712-F.txt 2014-08-05 09:18 - 2014-08-05 09:18 - 00000433 _____ () C:\ProgramData\RUNDLL32.EXE-4632-F.txt 2014-08-05 06:47 - 2014-08-05 06:47 - 00000000 _____ () C:\Users\Hannerl1971\AppData\Local\{ED399E0B-E4C0-432A-BD5C-7EF2038D2A0B} 2014-08-05 06:43 - 2014-08-05 06:44 - 00802370 _____ () C:\ProgramData\RUNDLL32.EXE-9808-F.txt 2014-08-05 06:42 - 2014-08-05 06:42 - 00330980 ____T (Microsoft Corporation) C:\ProgramData\C1A30C.dot 2014-08-05 06:40 - 2014-08-05 06:40 - 00131999 _____ () C:\ProgramData\C03A1C.cpp 2014-07-31 00:20 - 2014-07-31 00:20 - 00000000 ____D () C:\Users\Hannerl1971\restore 2014-07-31 00:17 - 2014-07-31 00:17 - 00001183 _____ () C:\Users\Public\Desktop\Hartlauer Fotoviewer.lnk 2014-07-31 00:17 - 2014-07-31 00:17 - 00001183 _____ () C:\Users\Public\Desktop\Hartlauer Foto World.lnk 2014-07-31 00:13 - 2014-07-31 00:13 - 00000000 ____D () C:\Program Files\Hartlauer Foto World 2014-07-30 23:50 - 2014-07-31 08:56 - 00000000 ____D () C:\ProgramData\tmp 2014-07-30 23:50 - 2014-07-30 23:53 - 00000000 ____D () C:\ProgramData\hps 2014-07-30 23:50 - 2014-07-30 23:50 - 00000000 ____D () C:\Users\Hannerl1971\AppData\Roaming\hps-install 2014-07-30 23:48 - 2014-07-31 00:16 - 00000000 ____D () C:\Program Files (x86)\Hartlauer Foto World ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-11 18:35 - 2014-08-11 18:35 - 00000000 ____D () C:\FRST 2014-08-11 08:30 - 2013-10-16 00:22 - 00327680 _____ () C:\Windows\System32\Ikeext.etl 2014-08-11 08:29 - 2014-08-11 08:29 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-1040-F.txt 2014-08-11 08:29 - 2013-11-09 22:16 - 00000414 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job 2014-08-11 08:29 - 2013-11-09 22:12 - 00000932 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2014-08-11 08:29 - 2013-08-07 07:33 - 00069632 ____R () C:\Users\Public\Documents\ESBK.mb 2014-08-11 08:29 - 2013-08-07 07:33 - 00068608 ____R () C:\Users\Public\Documents\ESBK.mbb 2014-08-11 08:29 - 2012-12-03 10:00 - 00000296 _____ () C:\Windows\Tasks\RMAutoUpdate.job 2014-08-11 08:29 - 2012-12-02 03:02 - 00000000 ____D () C:\Program Files (x86)\PC Tools Registry Mechanic 2014-08-11 08:29 - 2011-11-12 08:59 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-11 08:29 - 2011-01-04 09:57 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-08-11 08:29 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-11 08:29 - 2009-07-13 20:51 - 00143947 _____ () C:\Windows\setupact.log 2014-08-11 08:27 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-11 08:27 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-11 08:26 - 2014-08-11 08:21 - 00002548 _____ () C:\ProgramData\RUNDLL32.EXE-1000-F.txt 2014-08-11 08:26 - 2013-03-08 06:10 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{205C5650-EFFE-4763-A3D1-AFF999EB23A3} 2014-08-11 08:18 - 2014-08-11 08:18 - 00000434 _____ () C:\ProgramData\RUNDLL32.EXE-3444-F.txt 2014-08-11 08:12 - 2014-08-11 08:06 - 00002461 _____ () C:\ProgramData\RUNDLL32.EXE-4120-F.txt 2014-08-11 08:12 - 2011-01-04 09:53 - 01698515 _____ () C:\Windows\WindowsUpdate.log 2014-08-11 08:11 - 2013-11-09 22:10 - 00000310 _____ () C:\Windows\Tasks\MetaCrawler.job 2014-08-11 08:07 - 2012-05-06 10:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-11 08:07 - 2011-11-12 08:59 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-11 08:04 - 2014-08-11 08:04 - 00003344 ____N () C:\bootsqm.dat 2014-08-11 07:55 - 2014-08-11 07:54 - 00000491 _____ () C:\ProgramData\RUNDLL32.EXE-4500-F.txt 2014-08-11 07:55 - 2013-10-26 10:30 - 00000000 ____D () C:\Program Files (x86)\RebateInformer 2014-08-11 07:54 - 2012-12-02 03:02 - 00000000 ____D () C:\ProgramData\TEMP 2014-08-09 23:34 - 2014-08-09 23:34 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3860-F.txt 2014-08-09 23:33 - 2009-07-13 21:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-06 00:48 - 2014-08-06 00:38 - 00001365 _____ () C:\ProgramData\RUNDLL32.EXE-1008-F.txt 2014-08-06 00:16 - 2014-08-06 00:15 - 00001138 _____ () C:\ProgramData\RUNDLL32.EXE-3092-F.txt 2014-08-06 00:14 - 2014-08-06 00:14 - 00000379 _____ () C:\ProgramData\RUNDLL32.EXE-4084-F.txt 2014-08-06 00:14 - 2014-08-06 00:13 - 00000758 _____ () C:\ProgramData\RUNDLL32.EXE-3600-F.txt 2014-08-06 00:09 - 2014-08-06 00:09 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-4024-F.txt 2014-08-05 23:59 - 2014-08-05 23:59 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-4656-F.txt 2014-08-05 23:58 - 2014-08-05 23:58 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-1672-F.txt 2014-08-05 23:56 - 2014-08-05 23:53 - 00000391 _____ () C:\ProgramData\RUNDLL32.EXE-3620-F.txt 2014-08-05 23:51 - 2014-08-05 23:51 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-3112-F.txt 2014-08-05 23:49 - 2014-08-05 23:48 - 00000168 _____ () C:\ProgramData\RUNDLL32.EXE-4044-F.txt 2014-08-05 23:48 - 2014-08-05 23:48 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-1260-F.txt 2014-08-05 23:45 - 2014-08-05 23:45 - 00000380 _____ () C:\ProgramData\RUNDLL32.EXE-3516-F.txt 2014-08-05 23:43 - 2014-08-05 23:43 - 00000054 _____ () C:\ProgramData\RUNDLL32.EXE-3088-F.txt 2014-08-05 23:42 - 2014-08-05 23:42 - 00000000 _____ () C:\Users\Hannerl1971\AppData\Local\{BA081CFC-302E-4D32-8C4B-58BAE51156D0} 2014-08-05 23:41 - 2014-08-05 23:40 - 00000438 _____ () C:\ProgramData\RUNDLL32.EXE-3996-F.txt 2014-08-05 23:37 - 2014-08-05 23:27 - 00004949 _____ () C:\ProgramData\RUNDLL32.EXE-4236-F.txt 2014-08-05 23:36 - 2011-08-15 00:18 - 00000000 ____D () C:\Users\Hannerl1971\AppData\Local\CrashDumps 2014-08-05 23:25 - 2014-08-05 23:25 - 00000000 ____H () C:\Users\Hannerl1971\AppData\Local\BITC42C.tmp 2014-08-05 23:25 - 2014-08-05 23:25 - 00000000 _____ () C:\Users\Hannerl1971\AppData\Local\{719DB11B-54CE-42FA-BAB7-CD29B0E5CA36} 2014-08-05 23:25 - 2014-08-05 23:23 - 00001366 _____ () C:\ProgramData\RUNDLL32.EXE-4252-F.txt 2014-08-05 23:19 - 2014-08-05 23:16 - 00000456 _____ () C:\ProgramData\RUNDLL32.EXE-4304-F.txt 2014-08-05 23:17 - 2013-11-09 22:12 - 00000936 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2014-08-05 23:13 - 2014-08-05 23:12 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-4388-F.txt 2014-08-05 23:08 - 2014-08-05 23:05 - 00001991 _____ () C:\ProgramData\RUNDLL32.EXE-4536-F.txt 2014-08-05 22:59 - 2014-08-05 22:59 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-4556-F.txt 2014-08-05 21:32 - 2014-08-05 09:41 - 00020288 _____ () C:\ProgramData\RUNDLL32.EXE-3224-F.txt 2014-08-05 21:18 - 2013-11-09 22:16 - 00000000 ____D () C:\Program Files (x86)\File Type Assistant 2014-08-05 21:15 - 2013-10-26 10:30 - 00000000 ____D () C:\Users\Hannerl1971\AppData\Roaming\PCPowerSpeed 2014-08-05 09:41 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing 2014-08-05 09:31 - 2014-08-05 09:31 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-5928-F.txt 2014-08-05 09:28 - 2012-12-02 03:02 - 00000296 _____ () C:\Windows\Tasks\RMSchedule.job 2014-08-05 09:26 - 2014-08-05 09:24 - 00001629 _____ () C:\ProgramData\RUNDLL32.EXE-1712-F.txt 2014-08-05 09:26 - 2012-12-03 10:00 - 00000284 _____ () C:\Windows\SysWOW64\AppLog.log 2014-08-05 09:18 - 2014-08-05 09:18 - 00000433 _____ () C:\ProgramData\RUNDLL32.EXE-4632-F.txt 2014-08-05 06:47 - 2014-08-05 06:47 - 00000000 _____ () C:\Users\Hannerl1971\AppData\Local\{ED399E0B-E4C0-432A-BD5C-7EF2038D2A0B} 2014-08-05 06:44 - 2014-08-05 06:43 - 00802370 _____ () C:\ProgramData\RUNDLL32.EXE-9808-F.txt 2014-08-05 06:42 - 2014-08-05 06:42 - 00330980 ____T (Microsoft Corporation) C:\ProgramData\C1A30C.dot 2014-08-05 06:40 - 2014-08-05 06:40 - 00131999 _____ () C:\ProgramData\C03A1C.cpp 2014-07-31 08:56 - 2014-07-30 23:50 - 00000000 ____D () C:\ProgramData\tmp 2014-07-31 00:20 - 2014-07-31 00:20 - 00000000 ____D () C:\Users\Hannerl1971\restore 2014-07-31 00:20 - 2011-08-13 08:55 - 00000000 ____D () C:\users\Hannerl1971 2014-07-31 00:17 - 2014-07-31 00:17 - 00001183 _____ () C:\Users\Public\Desktop\Hartlauer Fotoviewer.lnk 2014-07-31 00:17 - 2014-07-31 00:17 - 00001183 _____ () C:\Users\Public\Desktop\Hartlauer Foto World.lnk 2014-07-31 00:16 - 2014-07-30 23:48 - 00000000 ____D () C:\Program Files (x86)\Hartlauer Foto World 2014-07-31 00:13 - 2014-07-31 00:13 - 00000000 ____D () C:\Program Files\Hartlauer Foto World 2014-07-31 00:03 - 2014-07-02 08:19 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-07-30 23:53 - 2014-07-30 23:50 - 00000000 ____D () C:\ProgramData\hps 2014-07-30 23:51 - 2012-02-06 22:07 - 00005844 _____ () C:\Windows\wininit.ini 2014-07-30 23:50 - 2014-07-30 23:50 - 00000000 ____D () C:\Users\Hannerl1971\AppData\Roaming\hps-install 2014-07-24 07:59 - 2013-03-14 10:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-24 07:59 - 2013-03-14 10:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-22 23:51 - 2013-10-26 10:30 - 00000000 ____D () C:\Program Files (x86)\AppGraffiti 2014-07-19 20:11 - 2013-12-29 22:10 - 00000201 _____ () C:\Users\Hannerl1971\AppData\Roaming\WB.CFG Files to move or delete: ==================== C:\ProgramData\236Uhnoz.exe C:\ProgramData\3TVghlvz.exe Some content of TEMP: ==================== C:\Users\Hannerl1971\AppData\Local\Temp\2890.dll C:\Users\Hannerl1971\AppData\Local\Temp\AdobeUpdateSetup.exe C:\Users\Hannerl1971\AppData\Local\Temp\FileSystemView.dll C:\Users\Hannerl1971\AppData\Local\Temp\FreeFileViewerSetup.exe C:\Users\Hannerl1971\AppData\Local\Temp\gmx_mediacenter_setup_bundled.exe C:\Users\Hannerl1971\AppData\Local\Temp\GMX_Toolbar_IE_Setup.exe C:\Users\Hannerl1971\AppData\Local\Temp\Sqlite3.dll C:\Users\Hannerl1971\AppData\Local\Temp\{27F7265F-143C-41C0-AD82-4A24F102F451}-30.0.1599.69_chrome_installer.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2014-06-17 10:21:03 Restore point made on: 2014-06-22 07:45:27 Restore point made on: 2014-06-24 07:09:18 Restore point made on: 2014-06-24 07:11:15 Restore point made on: 2014-06-24 07:17:09 Restore point made on: 2014-06-24 07:42:32 Restore point made on: 2014-06-24 10:20:11 Restore point made on: 2014-07-02 08:18:52 Restore point made on: 2014-07-03 05:41:08 Restore point made on: 2014-07-09 22:11:50 Restore point made on: 2014-07-24 04:04:58 Restore point made on: 2014-07-31 08:14:58 ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 4078.56 MB Available physical RAM: 3345.67 MB Total Pagefile: 4076.71 MB Available Pagefile: 3329.77 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:457.21 GB) (Free:373.58 GB) NTFS Drive e: (DATA) (Fixed) (Total:457.21 GB) (Free:457.1 GB) NTFS Drive f: (PQSERVICE) (Fixed) (Total:17 GB) (Free:4.63 GB) NTFS Drive i: (Sony_16GM) (Removable) (Total:14.55 GB) (Free:0.78 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 80E558F9) Partition 1: (Not Active) - (Size=17 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=457 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=15 GB) - (Type=0C) LastRegBack: 2014-07-08 10:09 ==================== End Of Log ============================ besten dank im voraus |
![]() | #2 |
/// TB-Ausbilder ![]() ![]() ![]() | ![]() GVU Trojaner löschen ohne abgesicherten Modus Hallo jakki666
__________________![]() Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
![]() Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg. Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen. Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist. Drücke bitte die ![]() Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\Hannerl1971\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk ShortcutTarget: program.lnk -> C:\ProgramData\C03A1C.cpp () S2 Winmgmt; C:\ProgramData\C1A30C.dot [330980 2014-08-05] (Microsoft Corporation HKU\Hannerl1971\...\Run: [1Xfimpxz] => C:\ProgramData\1Xfimpxz.exe Ä = < < ¬ p-= C:\ProgramData\1Xfimpxz.exe C:\ProgramData\C1A30C.dot C:\ProgramData\C03A1C.cpp
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Danach den Rechner normal starten. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: ![]() (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
![]() |
Themen zu GVU Trojaner löschen ohne abgesicherten Modus |
adobe, adobe flash player, browser, desktop, dll, download, explorer, file, flash player, google, help, home, löschen, microsoft, packard bell, realtek, registry, rundll, services.exe, svchost.exe, symantec, system, tracker, trojaner, windows, windows xp, winlogon.exe |