Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner - LOG File Analysieren und Bereinigen

GVU Trojaner - LOG File Analysieren und Bereinigen


Log-Analyse und Auswertung: GVU Trojaner - LOG File Analysieren und Bereinigen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 1 von 2 1 2
Alt 07.07.2013, 18:56   #1
scott82
 
GVU Trojaner - LOG File Analysieren und Bereinigen - Standard

GVU Trojaner - LOG File Analysieren und Bereinigen


Hallo Liebes Board,

ich habe mir den GVU Trojaner eingefangen und mit Farbars Recovery Scan Tool die Log erstellt.

Der Username wurde absichtlich nach erstellung der txt geändert.
Vielen Dank für Eure Hilfe.

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 07-07-2013 21:34:48
Running from I:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-22] (Microsoft)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-29] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\xxuserxx\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-14] (Google Inc.)
HKU\xxuserxx\...\Run: [AdobeBridge]  [x]
Startup: C:\Users\xxuserxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-26] (Adobe Systems)
S3 Appinfo; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224 2013-01-16] ()
S2 DcomLaunch; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Dnscache; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 gpsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 KtmRm; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 pla; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-12] ()
S2 RpcSs; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 W32Time; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)
S3 WerSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S3 mfeavfk01; No ImagePath
S3 PCDSRVC{6368CD8C-4B9A13B6-06020200}_0; \??\c:\users\admini~1\appdata\local\temp\mdlhfumq3q8y\pcdrdiag\bin\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\DriverTurbo
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-01 12:34 - 2013-07-01 12:35 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\PC-FAX TX
2013-07-01 12:09 - 2013-07-04 16:33 - 00000000 ____D C:\Users\xxuserxx\Downloads\mflpro
2013-07-01 12:01 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\xxuserxx\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\xxuserxx\FK1703_130629_153429.zip
2013-06-28 23:06 - 2013-07-03 22:20 - 00000000 ____D C:\Users\xxuserxx\Desktop\scout
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\xxuserxx\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\xxuserxx\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\xxuserxx\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp
2013-06-07 03:43 - 2013-06-07 03:43 - 00183147 ____A C:\Users\xxuserxx\FK1703_130607_134336.zip
2013-06-07 00:37 - 2013-07-04 18:24 - 00000000 ____D C:\Users\xxuserxx\Desktop\Mibbel

==================== One Month Modified Files and Folders =======

2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-05 14:00 - 2012-08-14 12:15 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-05 14:00 - 2012-08-14 07:10 - 00000000 ____D C:\users\xxuserxx
2013-07-05 14:00 - 2011-01-28 08:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-05 14:00 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-05 13:59 - 2013-05-16 20:27 - 00000000 ____D C:\Program Files (x86)\FRITZ!BoxPrint
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-11 08:23 - 00000000 ____D C:\Program Files (x86)\Brother
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iPod
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 13:59 - 2013-03-02 05:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-05 13:59 - 2013-02-17 00:51 - 00000000 ____D C:\Program Files (x86)\hdvidcodec.com
2013-07-05 13:59 - 2013-02-07 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-05 13:59 - 2013-01-29 20:30 - 00000000 ____D C:\Users\xxuserxx\Desktop\Unfall
2013-07-05 13:59 - 2013-01-26 02:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\ProgramData\Norton
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2013-07-05 13:59 - 2013-01-18 06:07 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-07-05 13:59 - 2013-01-18 04:32 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-05 13:59 - 2013-01-15 18:02 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-05 13:59 - 2013-01-14 12:55 - 00000000 ____D C:\Program Files (x86)\SQL Anywhere 11
2013-07-05 13:59 - 2012-12-01 00:57 - 00000000 ____D C:\Program Files (x86)\PowerDataRecovery
2013-07-05 13:59 - 2012-11-11 04:07 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Vistaprint Fotobücher
2013-07-05 13:59 - 2012-10-29 09:48 - 00000000 ____D C:\Program Files (x86)\GoforFiles
2013-07-05 13:59 - 2012-10-12 03:32 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\Spotify
2013-07-05 13:59 - 2012-09-24 21:37 - 00000000 ____D C:\Program Files (x86)\svnet
2013-07-05 13:59 - 2012-09-17 06:14 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Bonjour
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-05 13:59 - 2012-08-17 23:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-07-05 13:59 - 2012-08-17 23:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-07-05 13:59 - 2012-08-17 05:07 - 00000000 ____D C:\Program Files\GIMP 2
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files\WinRAR
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2013-07-05 13:59 - 2012-08-17 05:02 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-05 13:59 - 2012-08-14 12:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-05 13:59 - 2012-08-09 23:43 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-05 13:59 - 2011-01-28 08:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-05 13:59 - 2011-01-28 08:05 - 00000000 ____D C:\ProgramData\oem
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec Shredder
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2013-07-05 13:59 - 2011-01-28 07:57 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLockerSuite
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\ProgramData\McAfee
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\mcafee.com
2013-07-05 13:59 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-05 13:58 - 2013-01-14 21:45 - 00000000 ____D C:\EuroKass
2013-07-05 13:58 - 2012-10-02 22:02 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2013-07-05 13:58 - 2011-01-28 07:37 - 00000000 ___HD C:\OEM
2013-07-05 13:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-05 13:42 - 2013-01-26 02:50 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\Mozilla
2013-07-05 13:42 - 2012-08-18 00:39 - 00000000 ____D C:\Users\xxuserxx\xxuserxx
2013-07-05 13:41 - 2012-08-17 05:02 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Adobe
2013-07-05 13:41 - 2012-08-14 12:16 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Google
2013-07-05 13:40 - 2013-01-14 11:49 - 00000000 ____D C:\ProgramData\Lexware
2013-07-05 13:40 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files\mcafee
2013-07-05 13:38 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-05 13:37 - 2011-01-28 07:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 18:24 - 2013-06-07 00:37 - 00000000 ____D C:\Users\xxuserxx\Desktop\Mibbel
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:34 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\PC-FAX TX
2013-07-04 16:33 - 2013-07-01 12:09 - 00000000 ____D C:\Users\xxuserxx\Downloads\mflpro
2013-07-04 16:33 - 2013-07-01 12:01 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-04 00:01 - 2013-05-27 07:32 - 00000000 ____D C:\Users\xxuserxx\Documents\Mein Steuer-Sparbuch Heute
2013-07-03 22:20 - 2013-06-28 23:06 - 00000000 ____D C:\Users\xxuserxx\Desktop\scout
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\xxuserxx\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\xxuserxx\FK1703_130629_153429.zip
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\xxuserxx\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\xxuserxx\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\xxuserxx\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp
2013-06-07 03:43 - 2013-06-07 03:43 - 00183147 ____A C:\Users\xxuserxx\FK1703_130607_134336.zip

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-27 07:23:59
Restore point made on: 2013-05-31 17:00:34
Restore point made on: 2013-06-26 17:00:43
Restore point made on: 2013-06-29 09:17:39

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 6135.11 MB
Available physical RAM: 5308.68 MB
Total Pagefile: 6133.26 MB
Available Pagefile: 5296.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:688.11 GB) (Free:583.6 GB) NTFS (Disk=0 Partition=3)
Drive e: (DATA) (Fixed) (Total:688.55 GB) (Free:669.42 GB) NTFS (Disk=0 Partition=4)
Drive f: (PQSERVICE) (Fixed) (Total:20.51 GB) (Free:8.57 GB) NTFS (Disk=0 Partition=1)
Drive g: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive i: (OTLPE) (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: DE653B78)
Partition 1: (Not Active) - (Size=21 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=688 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=689 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 0217934C)
Partition 1: (Active) - (Size=4 GB) - (Type=06)


LastRegBack: 2013-07-01 10:44

==================== End Of Log ============================

Alt 07.07.2013, 20:30   #2
schrauber
/// the machine
/// TB-Ausbilder
 
GVU Trojaner - LOG File Analysieren und Bereinigen - Standard

GVU Trojaner - LOG File Analysieren und Bereinigen


hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
c:\users\administrator\appdata\local\temp\*.*
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________

__________________
Alt 07.07.2013, 21:02   #3
scott82
 
GVU Trojaner - LOG File Analysieren und Bereinigen - Standard

GVU Trojaner - LOG File Analysieren und Bereinigen


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013
Ran by SYSTEM at 2013-07-07 23:58:22 Run:2
Running from I:\
Boot Mode: Recovery
==============================================

"c:\users\administrator\appdata\local\temp\*.*" => Could not move.

==== End of Fixlog ====
__________________
Alt 08.07.2013, 07:26   #4
schrauber
/// the machine
/// TB-Ausbilder
 
GVU Trojaner - LOG File Analysieren und Bereinigen - Standard

GVU Trojaner - LOG File Analysieren und Bereinigen


Poste bitte mal ein frisches FRST Log aus der Recovery.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.07.2013, 18:30   #5
scott82
 
GVU Trojaner - LOG File Analysieren und Bereinigen - Standard

GVU Trojaner - LOG File Analysieren und Bereinigen



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 08-07-2013 21:13:23
Running from H:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-22] (Microsoft)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-29] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\xxuserxx\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-14] (Google Inc.)
HKU\xxuserxx\...\Run: [AdobeBridge]  [x]
Startup: C:\Users\xxuserxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-26] (Adobe Systems)
S3 Appinfo; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224 2013-01-16] ()
S2 DcomLaunch; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Dnscache; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 gpsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 KtmRm; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 pla; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-12] ()
S2 RpcSs; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 W32Time; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)
S3 WerSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S3 mfeavfk01; No ImagePath
S3 PCDSRVC{6368CD8C-4B9A13B6-06020200}_0; \??\c:\users\admini~1\appdata\local\temp\mdlhfumq3q8y\pcdrdiag\bin\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-07 15:32 - 2013-07-07 15:32 - 00000067 ____A C:\.directory
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\DriverTurbo
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-01 12:34 - 2013-07-04 16:33 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\PC-FAX TX
2013-07-01 12:09 - 2013-07-04 16:33 - 00000000 ____D C:\Users\xxuserxx\Downloads\mflpro
2013-07-01 12:01 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\xxuserxx\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\xxuserxx\FK1703_130629_153429.zip
2013-06-28 23:06 - 2013-07-03 22:20 - 00000000 ____D C:\Users\xxuserxx\Desktop\scout
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\xxuserxx\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\xxuserxx\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\xxuserxx\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp

==================== One Month Modified Files and Folders =======

2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-07 15:32 - 2013-07-07 15:32 - 00000067 ____A C:\.directory
2013-07-05 14:00 - 2012-08-14 12:15 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-05 14:00 - 2012-08-14 07:10 - 00000000 ____D C:\users\xxuserxx
2013-07-05 14:00 - 2011-01-28 08:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-05 14:00 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-05 13:59 - 2013-05-16 20:27 - 00000000 ____D C:\Program Files (x86)\FRITZ!BoxPrint
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-11 08:23 - 00000000 ____D C:\Program Files (x86)\Brother
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iPod
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 13:59 - 2013-03-02 05:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-05 13:59 - 2013-02-17 00:51 - 00000000 ____D C:\Program Files (x86)\hdvidcodec.com
2013-07-05 13:59 - 2013-02-07 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-05 13:59 - 2013-01-29 20:30 - 00000000 ____D C:\Users\xxuserxx\Desktop\Unfall
2013-07-05 13:59 - 2013-01-26 02:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\ProgramData\Norton
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2013-07-05 13:59 - 2013-01-18 06:07 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-07-05 13:59 - 2013-01-18 04:32 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-05 13:59 - 2013-01-15 18:02 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-05 13:59 - 2013-01-14 12:55 - 00000000 ____D C:\Program Files (x86)\SQL Anywhere 11
2013-07-05 13:59 - 2012-12-01 00:57 - 00000000 ____D C:\Program Files (x86)\PowerDataRecovery
2013-07-05 13:59 - 2012-11-11 04:07 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Vistaprint Fotobücher
2013-07-05 13:59 - 2012-10-29 09:48 - 00000000 ____D C:\Program Files (x86)\GoforFiles
2013-07-05 13:59 - 2012-10-12 03:32 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\Spotify
2013-07-05 13:59 - 2012-09-24 21:37 - 00000000 ____D C:\Program Files (x86)\svnet
2013-07-05 13:59 - 2012-09-17 06:14 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Bonjour
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-05 13:59 - 2012-08-17 23:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-07-05 13:59 - 2012-08-17 23:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-07-05 13:59 - 2012-08-17 05:07 - 00000000 ____D C:\Program Files\GIMP 2
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files\WinRAR
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2013-07-05 13:59 - 2012-08-17 05:02 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-05 13:59 - 2012-08-14 12:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-05 13:59 - 2012-08-09 23:43 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-05 13:59 - 2011-01-28 08:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-05 13:59 - 2011-01-28 08:05 - 00000000 ____D C:\ProgramData\oem
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec Shredder
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2013-07-05 13:59 - 2011-01-28 07:57 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLockerSuite
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\ProgramData\McAfee
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\mcafee.com
2013-07-05 13:59 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-05 13:58 - 2013-01-14 21:45 - 00000000 ____D C:\EuroKass
2013-07-05 13:58 - 2012-10-02 22:02 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2013-07-05 13:58 - 2011-01-28 07:37 - 00000000 ___HD C:\OEM
2013-07-05 13:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-05 13:42 - 2013-01-26 02:50 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\Mozilla
2013-07-05 13:42 - 2012-08-18 00:39 - 00000000 ____D C:\Users\xxuserxx\xxuserxx
2013-07-05 13:41 - 2012-08-17 05:02 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Adobe
2013-07-05 13:41 - 2012-08-14 12:16 - 00000000 ____D C:\Users\xxuserxx\AppData\Local\Google
2013-07-05 13:40 - 2013-01-14 11:49 - 00000000 ____D C:\ProgramData\Lexware
2013-07-05 13:40 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files\mcafee
2013-07-05 13:38 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-05 13:37 - 2011-01-28 07:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 18:24 - 2013-06-07 00:37 - 00000000 ____D C:\Users\xxuserxx\Desktop\Mibbel
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:34 - 00000000 ____D C:\Users\xxuserxx\AppData\Roaming\PC-FAX TX
2013-07-04 16:33 - 2013-07-01 12:09 - 00000000 ____D C:\Users\xxuserxx\Downloads\mflpro
2013-07-04 16:33 - 2013-07-01 12:01 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-04 00:01 - 2013-05-27 07:32 - 00000000 ____D C:\Users\xxuserxx\Documents\Mein Steuer-Sparbuch Heute
2013-07-03 22:20 - 2013-06-28 23:06 - 00000000 ____D C:\Users\xxuserxx\Desktop\scout
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\xxuserxx\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\xxuserxx\FK1703_130629_153429.zip
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\xxuserxx\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\xxuserxx\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\xxuserxx\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-27 07:23:59
Restore point made on: 2013-05-31 17:00:34
Restore point made on: 2013-06-26 17:00:43
Restore point made on: 2013-06-29 09:17:39

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 6135.11 MB
Available physical RAM: 5307.96 MB
Total Pagefile: 6133.26 MB
Available Pagefile: 5296.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:688.11 GB) (Free:583.43 GB) NTFS (Disk=0 Partition=3)
Drive e: (DATA) (Fixed) (Total:688.55 GB) (Free:669.42 GB) NTFS (Disk=0 Partition=4)
Drive f: (PQSERVICE) (Fixed) (Total:20.51 GB) (Free:8.57 GB) NTFS (Disk=0 Partition=1)
Drive g: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive h: (OTLPE) (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: DE653B78)
Partition 1: (Not Active) - (Size=21 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=688 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=689 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 0217934C)
Partition 1: (Active) - (Size=4 GB) - (Type=06)


LastRegBack: 2013-07-01 10:44

==================== End Of Log ============================
--- --- ---
Alt 08.07.2013, 18:34   #6
schrauber
/// the machine
/// TB-Ausbilder
 
GVU Trojaner - LOG File Analysieren und Bereinigen - Standard

GVU Trojaner - LOG File Analysieren und Bereinigen


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
S3 W32Time; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)
S3 PCDSRVC{6368CD8C-4B9A13B6-06020200}_0; \??\c:\users\admini~1\appdata\local\temp\mdlhfumq3q8y\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
c:\users\admini~1\appdata\local\temp\mdlhfumq3q8y
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
--> GVU Trojaner - LOG File Analysieren und Bereinigen

Alt 08.07.2013, 18:48   #7
scott82
 
GVU Trojaner - LOG File Analysieren und Bereinigen - Standard

GVU Trojaner - LOG File Analysieren und Bereinigen


FIXLOG
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013
Ran by SYSTEM at 2013-07-08 21:45:48 Run:7
Running from J:\
Boot Mode: Recovery
==============================================

W32Time => Service not found.
WajamUpdater => Service not found.
PCDSRVC{6368CD8C-4B9A13B6-06020200}_0 => Service not found.
"c:\users\admini~1\appdata\local\temp\mdlhfumq3q8y" => File/Directory not found.

==== End of Fixlog ====
Neuer Scan nach dem letzten Fixlog

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 08-07-2013 21:45:56
Running from J:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-22] (Microsoft)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-29] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Putzmunter\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-14] (Google Inc.)
HKU\Putzmunter\...\Run: [AdobeBridge]  [x]
Startup: C:\Users\Putzmunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-26] (Adobe Systems)
S3 Appinfo; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224 2013-01-16] ()
S2 DcomLaunch; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Dnscache; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 gpsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 KtmRm; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 pla; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-12] ()
S2 RpcSs; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 WerSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-07 15:32 - 2013-07-07 15:32 - 00000067 ____A C:\.directory
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\DriverTurbo
2013-07-01 12:53 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-01 12:34 - 2013-07-04 16:33 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\PC-FAX TX
2013-07-01 12:09 - 2013-07-04 16:33 - 00000000 ____D C:\Users\Putzmunter\Downloads\mflpro
2013-07-01 12:01 - 2013-07-04 16:33 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\Putzmunter\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\Putzmunter\FK1703_130629_153429.zip
2013-06-28 23:06 - 2013-07-03 22:20 - 00000000 ____D C:\Users\Putzmunter\Desktop\scout
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\Putzmunter\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\Putzmunter\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\Putzmunter\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp

==================== One Month Modified Files and Folders =======

2013-07-07 21:34 - 2013-07-07 21:34 - 00000000 ____D C:\FRST
2013-07-07 15:32 - 2013-07-07 15:32 - 00000067 ____A C:\.directory
2013-07-05 14:00 - 2012-08-14 12:15 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-05 14:00 - 2012-08-14 07:10 - 00000000 ____D C:\users\Putzmunter
2013-07-05 14:00 - 2011-01-28 08:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-05 14:00 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-07-05 14:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors
2013-07-05 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-05 13:59 - 2013-05-16 20:27 - 00000000 ____D C:\Program Files (x86)\FRITZ!BoxPrint
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-12 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-05 13:59 - 2013-03-11 08:23 - 00000000 ____D C:\Program Files (x86)\Brother
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files\iPod
2013-07-05 13:59 - 2013-03-02 05:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 13:59 - 2013-03-02 05:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-07-05 13:59 - 2013-02-17 00:52 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-05 13:59 - 2013-02-17 00:51 - 00000000 ____D C:\Program Files (x86)\hdvidcodec.com
2013-07-05 13:59 - 2013-02-07 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-05 13:59 - 2013-01-29 20:30 - 00000000 ____D C:\Users\Putzmunter\Desktop\Unfall
2013-07-05 13:59 - 2013-01-26 02:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\ProgramData\Norton
2013-07-05 13:59 - 2013-01-18 07:32 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2013-07-05 13:59 - 2013-01-18 06:07 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-07-05 13:59 - 2013-01-18 04:32 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-05 13:59 - 2013-01-15 18:02 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-05 13:59 - 2013-01-14 12:55 - 00000000 ____D C:\Program Files (x86)\SQL Anywhere 11
2013-07-05 13:59 - 2012-12-01 00:57 - 00000000 ____D C:\Program Files (x86)\PowerDataRecovery
2013-07-05 13:59 - 2012-11-11 04:07 - 00000000 ____D C:\Users\Putzmunter\AppData\Local\Vistaprint Fotobücher
2013-07-05 13:59 - 2012-10-29 09:48 - 00000000 ____D C:\Program Files (x86)\GoforFiles
2013-07-05 13:59 - 2012-10-12 03:32 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\Spotify
2013-07-05 13:59 - 2012-09-24 21:37 - 00000000 ____D C:\Program Files (x86)\svnet
2013-07-05 13:59 - 2012-09-17 06:14 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files\Bonjour
2013-07-05 13:59 - 2012-09-17 06:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-05 13:59 - 2012-08-17 23:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-07-05 13:59 - 2012-08-17 23:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-07-05 13:59 - 2012-08-17 05:07 - 00000000 ____D C:\Program Files\GIMP 2
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files\WinRAR
2013-07-05 13:59 - 2012-08-17 05:04 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2013-07-05 13:59 - 2012-08-17 05:02 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-05 13:59 - 2012-08-14 12:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-05 13:59 - 2012-08-09 23:43 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-05 13:59 - 2011-01-28 08:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-05 13:59 - 2011-01-28 08:05 - 00000000 ____D C:\ProgramData\oem
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec Shredder
2013-07-05 13:59 - 2011-01-28 07:58 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2013-07-05 13:59 - 2011-01-28 07:57 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLockerSuite
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\ProgramData\McAfee
2013-07-05 13:59 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\mcafee.com
2013-07-05 13:59 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-05 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-05 13:58 - 2013-01-14 21:45 - 00000000 ____D C:\EuroKass
2013-07-05 13:58 - 2012-10-02 22:02 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2013-07-05 13:58 - 2011-01-28 07:37 - 00000000 ___HD C:\OEM
2013-07-05 13:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-05 13:42 - 2013-01-26 02:50 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\Mozilla
2013-07-05 13:42 - 2012-08-18 00:39 - 00000000 ____D C:\Users\Putzmunter\putzmunter
2013-07-05 13:41 - 2012-08-17 05:02 - 00000000 ____D C:\Users\Putzmunter\AppData\Local\Adobe
2013-07-05 13:41 - 2012-08-14 12:16 - 00000000 ____D C:\Users\Putzmunter\AppData\Local\Google
2013-07-05 13:40 - 2013-01-14 11:49 - 00000000 ____D C:\ProgramData\Lexware
2013-07-05 13:40 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files\mcafee
2013-07-05 13:38 - 2011-01-28 07:53 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-05 13:37 - 2011-01-28 07:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-04 18:24 - 2013-06-07 00:37 - 00000000 ____D C:\Users\Putzmunter\Desktop\Mibbel
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:53 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-07-04 16:33 - 2013-07-01 12:34 - 00000000 ____D C:\Users\Putzmunter\AppData\Roaming\PC-FAX TX
2013-07-04 16:33 - 2013-07-01 12:09 - 00000000 ____D C:\Users\Putzmunter\Downloads\mflpro
2013-07-04 16:33 - 2013-07-01 12:01 - 00000000 ____D C:\Program Files (x86)\Scan2PDF
2013-07-04 03:43 - 2013-07-04 03:43 - 00003160 ____N C:\bootsqm.dat
2013-07-04 03:42 - 2013-07-04 03:42 - 00000000 __SHD C:\found.000
2013-07-04 00:01 - 2013-05-27 07:32 - 00000000 ____D C:\Users\Putzmunter\Documents\Mein Steuer-Sparbuch Heute
2013-07-03 22:20 - 2013-06-28 23:06 - 00000000 ____D C:\Users\Putzmunter\Desktop\scout
2013-07-01 12:00 - 2013-07-01 12:00 - 01112200 ____A C:\Users\Putzmunter\Downloads\Scan2PDF17.zip
2013-06-29 05:34 - 2013-06-29 05:34 - 00184914 ____A C:\Users\Putzmunter\FK1703_130629_153429.zip
2013-06-26 03:41 - 2013-06-26 03:41 - 00185185 ____A C:\Users\Putzmunter\FK1703_130626_134156.zip
2013-06-25 04:03 - 2013-06-25 04:03 - 00185180 ____A C:\Users\Putzmunter\FK1703_130625_140355.zip
2013-06-20 13:19 - 2013-06-20 13:19 - 00184498 ____A C:\Users\Putzmunter\FK1703_130620_231954.zip
2013-06-19 03:26 - 2013-06-19 03:26 - 00000000 ____D C:\MyS2GApp

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-27 07:23:59
Restore point made on: 2013-05-31 17:00:34
Restore point made on: 2013-06-26 17:00:43
Restore point made on: 2013-06-29 09:17:39

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 6135.11 MB
Available physical RAM: 5309.66 MB
Total Pagefile: 6133.26 MB
Available Pagefile: 5298.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:688.11 GB) (Free:583.43 GB) NTFS (Disk=0 Partition=3)
Drive e: (DATA) (Fixed) (Total:688.55 GB) (Free:669.42 GB) NTFS (Disk=0 Partition=4)
Drive f: (PQSERVICE) (Fixed) (Total:20.51 GB) (Free:8.57 GB) NTFS (Disk=0 Partition=1)
Drive g: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive j: (OTLPE) (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT (Disk=3 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: DE653B78)
Partition 1: (Not Active) - (Size=21 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=688 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=689 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 4 GB) (Disk ID: 0217934C)
Partition 1: (Active) - (Size=4 GB) - (Type=06)


LastRegBack: 2013-07-01 10:44

==================== End Of Log ============================
--- --- ---

--- --- ---


ICh habe mir gerade mal den Bluescreen genauer angesehen.
Als fehlercode kommt am Ende 12A
Laut Google ist das das LanguagePack. Hat das eine tiefere bedeutung oder ist das bei dem Trojaner unwichtig.

Alt 08.07.2013, 21:09   #8
schrauber
/// the machine
/// TB-Ausbilder
 
GVU Trojaner - LOG File Analysieren und Bereinigen - Standard

GVU Trojaner - LOG File Analysieren und Bereinigen


Poste mal den kompletten Bluescreen Inhalt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.07.2013, 17:52   #9
scott82
 
GVU Trojaner - LOG File Analysieren und Bereinigen - Standard

GVU Trojaner - LOG File Analysieren und Bereinigen


Kann sein das ich eine Null zuviel drin habe

Code:
ATTFilter
A problem has been detected and windows has denn shut down to 
prevent damage to your computer.

Windows did not find any installed, licensed language packs for the system 
defauls UI language.

If this is the first time you,ve seen this Stop error screen, restart your computer. 
If this screen appears again, follow these steps:

Chekc to make sure any new hardware or software is properly installed.

If problems continue, disable or remove any newly installed hardware or software. 
Disable BIOS memory options such as cahing or shadowing. If you need to use Safe 
Mde to remove or disable components, restart your computer, press F8 to select 
Advaned Startup Options, and then select safe mode.

Technical Information:

*** STOP: 0x0000012A (0x0000000000000001,0x0000000000000046,
0x0000000000000000,0x00000000000000000)

Alt 14.07.2013, 19:03   #10
schrauber
/// the machine
/// TB-Ausbilder
 
GVU Trojaner - LOG File Analysieren und Bereinigen - Standard

GVU Trojaner - LOG File Analysieren und Bereinigen


Startreparatur von der WIndows DVD machen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.07.2013, 19:54   #11
scott82
 
GVU Trojaner - LOG File Analysieren und Bereinigen - Standard

GVU Trojaner - LOG File Analysieren und Bereinigen


leider habe ich grade die windows dvd nicht da, und hier ist nur ein rechner mit ner recovery partion. Somit habe ich die reparatur nicht von dvd sondern vom system aus gestartet.

Leider erfolglos.

INFO:
Problemereignisname: StartupRepairOffline
Problemsignatur 01: 6.1.7600.16385
Problemsignatur 02: 6.1.7600.16385
Problemsignatur 03: unknown
Problemsignatur 04: 21200057
Problemsignatur 05: AutoFailover
Problemsignatur 06: 9
Problemsignatur 07: NoRootCause6.1.7600.2.0.0.256.1
Gebietsschema-ID: 1031

Alt 14.07.2013, 21:38   #12
schrauber
/// the machine
/// TB-Ausbilder
 
GVU Trojaner - LOG File Analysieren und Bereinigen - Standard

GVU Trojaner - LOG File Analysieren und Bereinigen


Kannst die DVD organisieren?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.07.2013, 17:06   #13
scott82
 
GVU Trojaner - LOG File Analysieren und Bereinigen - Standard

GVU Trojaner - LOG File Analysieren und Bereinigen


Ja. Werde ich heute abend testen.

Alt 15.07.2013, 19:16   #14
schrauber
/// the machine
/// TB-Ausbilder
 
GVU Trojaner - LOG File Analysieren und Bereinigen - Standard

GVU Trojaner - LOG File Analysieren und Bereinigen


ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.07.2013, 19:07   #15
scott82
 
GVU Trojaner - LOG File Analysieren und Bereinigen - Standard

GVU Trojaner - LOG File Analysieren und Bereinigen


Hat auch nicht geklappt.
Rechner ist nun formatiert.

Ich dank dir für deine tatkräftige Unterstützung. Aber ich denke so war es der beste weg.

Thread closed

Antwort
Seite 1 von 2 1 2

Themen zu GVU Trojaner - LOG File Analysieren und Bereinigen
.dll, association, desktop, explorer, farbar recovery scan tool, farbars recovery, file, frst.txt, google, home, hotkey, installation, log, log file, microsoft, mozilla, pmmupdate.exe, realtek, registry, scan, security, services.exe, siteadvisor, software, svchost.exe, symantec, system, temp, trojaner, visual studio, winlogon.exe


« GVU Trojaner, frst durchgeführt, txt datei | Warnhinweis der Telekom auf missbräuchliche Nutzung des Internetzugangs »


Ähnliche Themen: GVU Trojaner - LOG File Analysieren und Bereinigen


  1. FRST Logfile analysieren, nach BKA Trojaner, weißer Bildschirm etc
    Log-Analyse und Auswertung - 03.11.2013 (3)
  2. Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)
    Log-Analyse und Auswertung - 03.04.2013 (20)
  3. gvu trojaner - otl log file analysieren
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (7)
  4. GVU Trojaner Bereinigen
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (11)
  5. GVU Trojaner 2.07 bereinigen
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (5)
  6. Weisser Bildschirm Trojaner. Bitte um OTL.txt analysieren
    Log-Analyse und Auswertung - 06.09.2012 (3)
  7. GUV Trojaner bereinigen - immer noch blue screen mit grafikproblemen
    Log-Analyse und Auswertung - 31.08.2012 (3)
  8. Benötige Hilfe beim Bereinigen vom Trojaner Eyestye
    Plagegeister aller Art und deren Bekämpfung - 14.04.2012 (2)
  9. Trojaner Troj/ZbotMem-B Zugriff auf Bankendaten - wie bereinigen?
    Log-Analyse und Auswertung - 10.08.2011 (6)
  10. Hjackthis log file analysieren - Internet extrem langsam geworden
    Log-Analyse und Auswertung - 19.01.2011 (10)
  11. HI Jack Log File analysieren
    Log-Analyse und Auswertung - 25.10.2009 (2)
  12. Hijackthis log file bitte analysieren :)
    Log-Analyse und Auswertung - 01.07.2009 (0)
  13. Hijackthis log-file bitte analysieren.. pls
    Log-Analyse und Auswertung - 12.06.2009 (1)
  14. CID pop Up öffnet sich ständig!!hijack this file bitte bitte analysieren
    Log-Analyse und Auswertung - 12.02.2008 (4)
  15. 1000 Popups - Bitte log file analysieren!
    Log-Analyse und Auswertung - 09.06.2006 (10)
  16. Bitte Log-File analysieren -> Werbe PopUps
    Log-Analyse und Auswertung - 04.11.2005 (4)
  17. Bitte log-File analysieren
    Log-Analyse und Auswertung - 07.06.2005 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner - LOG File Analysieren und Bereinigen - Hallo Liebes Board, ich habe mir den GVU Trojaner eingefangen und mit Farbars Recovery Scan Tool die Log erstellt. Der Username wurde absichtlich nach erstellung der txt geändert. Vielen Dank - GVU Trojaner - LOG File Analysieren und Bereinigen...
Archiv
Du betrachtest: GVU Trojaner - LOG File Analysieren und Bereinigen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129