Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner

GVU Trojaner


Log-Analyse und Auswertung: GVU Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.08.2013, 17:15   #1
peter1956
 
GVU Trojaner - Standard

GVU Trojaner


Hallo,

ich habe mir den GVU Trojaner am Wochenende eingefangen. Ihr seid meine letzte Hilfe.
Habe mir die FRST.exe schon geladen und folgende Log-Datei erzeugt. Was muss ich jetzt machen?


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-08-2013
Ran by SYSTEM on 26-08-2013 18:04:52
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13548064 2008-07-26] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-26] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-25] (Synaptics, Inc.)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2010-12-06] (Nullsoft, Inc.)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1644680 2013-03-10] (Ask)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\peter\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2008-03-17] (Hewlett-Packard Company)
HKU\peter\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2010-10-11] (Google Inc.)
HKU\peter\...\Run: [AnyDVD] - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [ 2011-10-11] (SlySoft, Inc.)
HKU\peter\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\peter\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-20] (Skype Technologies S.A.)
HKU\peter\...\Run: [GoogleChromeAutoLaunch_C33915310E970B1AAC9D49F3C6144E57] - C:\Program Files\Google\Chrome\Application\chrome.exe [ 2013-08-15] (Google Inc.)
HKU\peter\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\peter\AppData\Local\Temp\ongafbviktirfawet.exe [ 2013-08-23] (Valve Corporation) <===== ATTENTION
HKU\peter\...\Command Processor: "C:\Users\peter\AppData\Local\Temp\ongafbviktirfawet.exe" <===== ATTENTION!

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-01] (Avira Operations GmbH & Co. KG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()

==================== Drivers (Whitelisted) ====================

S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121464 2011-08-19] (SlySoft, Inc.)
S3 APL531; C:\Windows\System32\Drivers\ov550i.sys [580992 2006-07-30] (Omnivision Technologies, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-25] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-25] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-25] (Avira Operations GmbH & Co. KG)
S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-05-23] (SAMSUNG ELECTRONICS CO., LTD.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-22] (Avira GmbH)
S3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242048 2008-06-04] (Vimicro Corporation)
S3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [238464 2008-09-03] (Vimicro Corporation)
S0 iaStor; system32\DRIVERS\iaStor.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-23 11:03 - 2013-08-23 11:03 - 01084834 _____ C:\ProgramData\2433f433
2013-08-23 11:03 - 2013-08-23 11:03 - 01084805 _____ C:\Users\peter\AppData\Roaming\2433f433
2013-08-23 11:03 - 2013-08-23 11:03 - 01084771 _____ C:\Users\peter\AppData\Local\2433f433
2013-08-15 03:31 - 2013-07-24 18:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-15 03:31 - 2013-07-24 18:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-15 03:31 - 2013-07-24 18:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-15 03:31 - 2013-07-24 18:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-15 03:31 - 2013-07-24 18:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-15 03:31 - 2013-07-24 18:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-08-15 03:31 - 2013-07-24 18:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-08-15 03:31 - 2013-07-24 18:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-15 03:31 - 2013-07-24 18:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-15 03:31 - 2013-07-24 18:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-15 03:31 - 2013-07-24 18:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-15 03:31 - 2013-07-24 18:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-08-15 03:31 - 2013-07-24 18:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-08-15 03:31 - 2013-07-24 18:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-15 03:31 - 2013-07-24 18:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-15 03:31 - 2013-07-24 18:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-08-14 11:47 - 2013-07-17 11:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 11:47 - 2013-07-10 01:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 11:47 - 2013-07-09 04:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-14 11:47 - 2013-07-07 20:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-08-14 11:47 - 2013-07-07 20:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-14 11:47 - 2013-07-07 20:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 11:47 - 2013-07-07 20:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-14 11:47 - 2013-07-07 20:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 11:47 - 2013-07-07 20:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 11:47 - 2013-07-04 20:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 11:47 - 2013-06-15 05:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll
2013-08-14 11:47 - 2013-06-15 03:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-02 09:05 - 2013-08-02 09:05 - 00977765 _____ C:\Users\peter\Desktop\Lazy Sun.m4r
2013-08-02 02:49 - 2013-08-02 02:53 - 00000000 ____D C:\Users\peter\AppData\Roaming\Apple Computer
2013-08-02 02:49 - 2013-08-02 02:49 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-02 02:49 - 2013-08-02 02:49 - 00000000 ____D C:\Users\peter\AppData\Local\Apple Computer
2013-08-02 02:49 - 2012-08-21 03:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-08-02 02:47 - 2013-08-02 02:48 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-02 02:47 - 2013-08-02 02:48 - 00000000 ____D C:\Program Files\iTunes
2013-08-02 02:47 - 2013-08-02 02:47 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-02 02:47 - 2013-08-02 02:47 - 00000000 ____D C:\Program Files\iPod
2013-08-02 02:46 - 2013-08-02 02:46 - 00000000 ____D C:\Users\peter\AppData\Local\Apple
2013-08-02 02:46 - 2013-08-02 02:46 - 00000000 ____D C:\Program Files\Apple Software Update
2013-08-02 02:43 - 2013-08-02 02:47 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-02 02:43 - 2013-08-02 02:44 - 00000000 ____D C:\Program Files\Bonjour
2013-08-01 23:39 - 2013-08-01 23:39 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2013-07-28 02:14 - 2013-08-02 09:29 - 00000000 ____D C:\Users\peter\Desktop\Bilder LG Handy
2013-07-27 22:25 - 2013-08-15 03:41 - 00000000 ____D C:\Windows\System32\MRT

==================== One Month Modified Files and Folders =======

2013-08-26 06:22 - 2008-10-09 18:51 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-08-26 06:21 - 2012-04-09 06:39 - 00027839 _____ C:\ProgramData\nvModes.001
2013-08-26 06:21 - 2006-11-02 04:47 - 00004784 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 06:21 - 2006-11-02 04:47 - 00004784 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 06:07 - 2009-03-17 13:08 - 01595969 _____ C:\Windows\WindowsUpdate.log
2013-08-26 06:06 - 2012-04-09 06:20 - 00027839 _____ C:\ProgramData\nvModes.dat
2013-08-23 22:19 - 2011-10-16 12:16 - 00000024 _____ C:\Windows\27A79DE698F3EF4D.log
2013-08-23 22:19 - 2011-10-16 11:36 - 00000040 ___SH C:\ProgramData\.zreglib
2013-08-23 11:03 - 2013-08-23 11:03 - 01084834 _____ C:\ProgramData\2433f433
2013-08-23 11:03 - 2013-08-23 11:03 - 01084805 _____ C:\Users\peter\AppData\Roaming\2433f433
2013-08-23 11:03 - 2013-08-23 11:03 - 01084771 _____ C:\Users\peter\AppData\Local\2433f433
2013-08-23 10:54 - 2011-07-13 07:23 - 00000000 ____D C:\Users\peter\AppData\Roaming\Skype
2013-08-20 11:19 - 2012-12-07 07:14 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-19 08:25 - 2006-11-02 02:33 - 01445546 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-19 08:21 - 2006-11-02 04:52 - 00109675 _____ C:\Windows\setupact.log
2013-08-15 07:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-15 07:50 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 07:33 - 2008-01-20 18:47 - 00076692 _____ C:\Windows\PFRO.log
2013-08-15 03:41 - 2013-07-27 22:25 - 00000000 ____D C:\Windows\System32\MRT
2013-08-15 03:41 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-08-15 03:39 - 2006-11-02 02:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-08-15 03:30 - 2006-11-02 02:23 - 00000546 _____ C:\Windows\win.ini
2013-08-12 07:23 - 2010-09-09 08:07 - 00000000 ____D C:\Users\peter\AppData\Local\Adobe
2013-08-02 09:29 - 2013-07-28 02:14 - 00000000 ____D C:\Users\peter\Desktop\Bilder LG Handy
2013-08-02 09:29 - 2011-03-05 03:26 - 00000000 ____D C:\Users\peter\AppData\Roaming\Winamp
2013-08-02 09:05 - 2013-08-02 09:05 - 00977765 _____ C:\Users\peter\Desktop\Lazy Sun.m4r
2013-08-02 07:30 - 2011-01-02 07:38 - 00000000 ____D C:\Users\peter\AppData\Local\Microsoft Games
2013-08-02 02:53 - 2013-08-02 02:49 - 00000000 ____D C:\Users\peter\AppData\Roaming\Apple Computer
2013-08-02 02:49 - 2013-08-02 02:49 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-02 02:49 - 2013-08-02 02:49 - 00000000 ____D C:\Users\peter\AppData\Local\Apple Computer
2013-08-02 02:48 - 2013-08-02 02:47 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-02 02:48 - 2013-08-02 02:47 - 00000000 ____D C:\Program Files\iTunes
2013-08-02 02:47 - 2013-08-02 02:47 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-02 02:47 - 2013-08-02 02:47 - 00000000 ____D C:\Program Files\iPod
2013-08-02 02:47 - 2013-08-02 02:43 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-02 02:46 - 2013-08-02 02:46 - 00000000 ____D C:\Users\peter\AppData\Local\Apple
2013-08-02 02:46 - 2013-08-02 02:46 - 00000000 ____D C:\Program Files\Apple Software Update
2013-08-02 02:45 - 2012-04-09 06:19 - 00000000 ____D C:\ProgramData\Apple
2013-08-02 02:45 - 2010-08-28 02:55 - 00000000 ____D C:\users\peter
2013-08-02 02:44 - 2013-08-02 02:43 - 00000000 ____D C:\Program Files\Bonjour
2013-08-01 23:39 - 2013-08-01 23:39 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2013-07-29 12:27 - 2010-10-11 22:48 - 00000000 ____D C:\Program Files\Google
2013-07-28 04:16 - 2011-02-05 02:54 - 00000000 ____D C:\Users\peter\Desktop\YouTube
2013-07-28 02:14 - 2012-09-22 03:09 - 00000000 ____D C:\ProgramData\LGMOBILEAX
2013-07-28 02:12 - 2012-09-22 03:10 - 00000779 _____ C:\Users\peter\Desktop\LGMobile Support Tool.lnk
2013-07-28 02:12 - 2012-09-22 03:09 - 00002411 _____ C:\Windows\System32\lgAxconfig.ini

Files to move or delete:
====================
C:\Users\peter\AppData\Local\Temp\ongafbviktirfawet.exe
C:\ProgramData\nvModes.dat
C:\Users\peter\AppData\Local\Temp\isxaqmwsqxhwtradj.exe
C:\Users\peter\AppData\Local\Temp\ongafbviktirfawet.dll
C:\Users\peter\AppData\Local\Temp\SkypeSetup.exe
C:\Users\peter\AppData\Local\Temp\{F6FE42B2-0210-475C-A676-55B8DB67AE8B}\InstallFlashPlayer.exe
C:\Users\peter\AppData\Local\Temp\{9BB3C59E-A88B-426E-AEE6-0231FAD1E82D}\InstallFlashPlayer.exe
C:\Users\peter\AppData\Local\Temp\{575D6417-5EA9-4AEC-B736-E760FA35B75C}\InstallFlashPlayer.exe
C:\Users\peter\AppData\Local\Temp\UpdateWizard_72269\SilentUpdater.exe
C:\Users\peter\AppData\Local\Temp\RarSFX0\avmres.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\avwebloader.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\avwebloader.exe
C:\Users\peter\AppData\Local\Temp\RarSFX0\avwebloadergui.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\msvcp100.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\msvcr100.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\rcimage.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\rcnwload_ar.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\rcNwLoad_de.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\rcnwload_en.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\rcnwload_es.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\rcNwLoad_fr.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\rcNwLoad_it.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\rcNwLoad_jp.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\rcNwLoad_ko.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\rcnwload_nl.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\rcNwLoad_pt.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\rcNwLoad_ru.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\rcnwload_tr.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\rcNwLoad_zhcn.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\rcNwLoad_zhtw.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\scewxmlw.dll
C:\Users\peter\AppData\Local\Temp\RarSFX0\update.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\64bitProxy.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\aebb.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\aecore.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\aeemu.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\aeexp.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\aegen.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\aehelp.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\aeheur.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\aeoffice.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\aepack.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\aerdl.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\aesbx.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\aescn.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\aescript.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\aevdf.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\apcfile.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ApnIC.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ApnStub.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ApnToolbarInstaller.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\AppRemover_64.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\AppRemover_API.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\AppRemover_CLI.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avacl.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avadmin.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avarkt.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avbb.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avcenter.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avconfig.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avconfig.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avesvc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avevtlog.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avgio.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avgnt.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avguard.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avinet.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avipc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avlode.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avmres.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avnotify.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avpref.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avreg.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avrep.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avrestart.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avscan.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avscplr.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avsda.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avsda64.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avsmtp.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avupgsvc.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avwebgrd.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avwebloader.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avwebloader.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avwebloadergui.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avwinll.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avwmi.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\avwsc.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccavscanex.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccev.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccevw.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccgen.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccgenw.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccgrdw.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccguard.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\cchips.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\cclic.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\cclicw.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccmsg.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccprofil.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccquamgr.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccquaw.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccreport.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccrepow.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccscanw.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccsched.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccschedw.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccupdate.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccupdw.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccwebtabs.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccwgrd.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccwgrdw.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ccwkrlib.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\cfglib.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\extdlgfw.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\fact.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\gpavgio.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\gpevtlog.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\gpgavid.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\gpgen.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\gpgenrep.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\gpgrd.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\gpgui.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\gpipc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\gplegacy.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\gpschd.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\grdcore.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\guardgui.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\imp64b.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\inssda64.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\insthlp.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ipmgui.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\libapr-1.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\libapriconv-1.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\libaprutil-1.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\libcurl.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\libdb44.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\libeay32.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\licmgr.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\luke.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\mgrs.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\msgclient.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\msvcp80.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\msvcr80.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\netnt.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\onlcfg.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\presetup.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_ar.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_de.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_en.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_es.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_fr.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_it.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_jp.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_ko.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_nl.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_pt.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_ru.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_tr.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_zhcn.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_zhtw.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\scewxmlw.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\sched.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\setup.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\setuppending.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\shlext.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\shlext64.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\sqlite3.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\ssleay32.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\thorwac.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\toastNotifier.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\unacev2.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\update.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\update.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\updext.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\updgui.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\updrgui.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\vcredist_x86.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\wksstats.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\wsctool.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\xp\avshadow.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\vista64\avipc64.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\vista64\avshadow.exe
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\avconfigrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\avesvcr.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\avevtrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\avnotify.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\avscanrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\avwebgrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccavscanexrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccevrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccgenrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccgrdrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\cchipsrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\cclicrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccmainrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccmsgrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccquarc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccreporc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccscanrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccscherc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccupdrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccwebtabsrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccwgrdrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\factrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\guardmsg.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\licmgr.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\lukeres.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\rchelp.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\rcimage.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\rctext.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\restartrc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\schedr.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\setup.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\updaterc.dll
C:\Users\peter\AppData\Local\Temp\avnwldrtemp\setup\de-de\updguirc.dll

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-09 07:21:25
Restore point made on: 2013-08-10 01:39:24
Restore point made on: 2013-08-11 02:32:39
Restore point made on: 2013-08-12 07:18:02
Restore point made on: 2013-08-13 09:56:13
Restore point made on: 2013-08-14 07:02:59
Restore point made on: 2013-08-15 03:27:59
Restore point made on: 2013-08-17 08:17:57
Restore point made on: 2013-08-18 02:32:15
Restore point made on: 2013-08-21 02:08:13
Restore point made on: 2013-08-23 04:38:38

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3065.88 MB
Available physical RAM: 2589.72 MB
Total Pagefile: 2796.48 MB
Available Pagefile: 2644.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100.25 GB) (Free:48.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:187.83 GB) (Free:187.74 GB) NTFS
Drive f: () (Removable) (Total:0.95 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive z: (RECOVERY) (Fixed) (Total:10 GB) (Free:1.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: ECE69603)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=188 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 968 MB) (Disk ID: 00292BAC)
Partition 1: (Active) - (Size=968 MB) - (Type=06)


LastRegBack: 2013-08-26 05:59

==================== End Of Log ============================

 

Themen zu GVU Trojaner
antivir, association, avg, avira, crypt, defender, desktop, explorer, explorer.exe, farbar, farbar recovery scan tool, google, home, log-datei, microsoft, nvidia, opera, realtek, registry, scan, security, services.exe, software, svchost.exe, system, temp, trojaner, vcredist, vista, winlogon.exe


« TR/Downloader.Gen2 Virus am Laptop | Virus, schon 3 mal Formatiert und mehrere antivirenprogramme benutzt. »


Zum Thema GVU Trojaner - Hallo, ich habe mir den GVU Trojaner am Wochenende eingefangen. Ihr seid meine letzte Hilfe. Habe mir die FRST.exe schon geladen und folgende Log-Datei erzeugt. Was muss ich jetzt machen? - GVU Trojaner...
Archiv
Du betrachtest: GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131