| |
| |||||||
Log-Analyse und Auswertung: GVU-Trojaner 2.07 HilfeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.09.2013, 16:30
| #1 |
| |  GVU-Trojaner 2.07 Hilfe Hallo, Ich habe mittels des Programms FRST64.exe eine FRST.txt erstellt (siehe Anhang). Wie geht es nun weiter? Danke FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 01
Ran by SYSTEM on MININT-BFQQ22T on 03-09-2013 16:49:51
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1680976 2010-10-29] (Logitech, Inc.)
HKLM\...\Run: [MFNetworkScanUtility] - C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-15] (CANON INC.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\pc\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\pc\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\pc\AppData\Local\Temp\eyvthsrubxcvfwjlg.exe [79360 2013-08-30] (Valve Corporation) <===== ATTENTION
HKU\pc\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe [250528 2012-03-23] (Adobe Systems, Inc.)
HKU\pc\...\Winlogon: [Shell] cmd.exe [344576 2009-07-14] (Microsoft Corporation) <==== ATTENTION
HKU\pc\...\Command Processor: "C:\Users\pc\AppData\Local\Temp\eyvthsrubxcvfwjlg.exe" <===== ATTENTION!
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
==================== Services (Whitelisted) =================
S2 Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [5480296 2009-03-27] (CANON INC.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
==================== Drivers (Whitelisted) ====================
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-08-16] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-08-16] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-08-16] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-08-16] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-05-02] (Duplex Secure Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-30 11:24 - 2013-08-30 11:24 - 00163111 _____ C:\Users\pc\AppData\Roaming\2433f433
2013-08-30 11:24 - 2013-08-30 11:24 - 00163072 _____ C:\ProgramData\2433f433
2013-08-30 11:24 - 2013-08-30 11:24 - 00163054 _____ C:\Users\pc\AppData\Local\2433f433
2013-08-17 19:12 - 2013-08-17 19:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 07:53 - 2013-08-15 07:53 - 00000000 ____D C:\Users\pc\AppData\Local\Macromedia
2013-08-15 07:52 - 2013-08-21 11:06 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-08-15 07:52 - 2013-08-21 11:06 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-08-15 07:52 - 2013-08-15 07:52 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-15 07:52 - 2013-08-15 07:52 - 00000000 ____D C:\Windows\System32\Macromed
2013-08-15 07:52 - 2013-08-15 07:52 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-08-15 07:52 - 2013-08-15 07:52 - 00000000 ____D C:\ProgramData\McAfee
2013-08-15 07:50 - 2013-08-15 07:50 - 01069032 _____ (Solid State Networks) C:\Users\pc\Downloads\install_flashplayer11x32_mssa_aaa_aih(1).exe
2013-08-04 18:32 - 2013-08-04 18:32 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
==================== One Month Modified Files and Folders =======
2013-09-03 15:47 - 2010-04-26 01:37 - 01457645 _____ C:\Windows\WindowsUpdate.log
2013-09-03 15:27 - 2009-07-14 05:45 - 00015296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-03 15:27 - 2009-07-14 05:45 - 00015296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-03 15:25 - 2009-07-14 18:58 - 00657438 _____ C:\Windows\System32\perfh007.dat
2013-09-03 15:25 - 2009-07-14 18:58 - 00130810 _____ C:\Windows\System32\perfc007.dat
2013-09-03 15:25 - 2009-07-14 06:13 - 01507106 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-03 15:20 - 2012-05-10 16:37 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-03 15:20 - 2010-11-18 13:44 - 00046048 _____ C:\Windows\setupact.log
2013-09-03 15:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-30 11:24 - 2013-08-30 11:24 - 00163111 _____ C:\Users\pc\AppData\Roaming\2433f433
2013-08-30 11:24 - 2013-08-30 11:24 - 00163072 _____ C:\ProgramData\2433f433
2013-08-30 11:24 - 2013-08-30 11:24 - 00163054 _____ C:\Users\pc\AppData\Local\2433f433
2013-08-30 11:20 - 2012-05-10 16:37 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-30 08:15 - 2012-05-10 16:39 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-26 10:56 - 2012-12-19 11:39 - 00000000 ___RD C:\Users\pc\Dropbox
2013-08-26 10:56 - 2012-12-19 10:33 - 00000000 ____D C:\Users\pc\AppData\Roaming\Dropbox
2013-08-22 07:58 - 2013-01-22 20:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-21 11:06 - 2013-08-15 07:52 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-08-21 11:06 - 2013-08-15 07:52 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-08-17 19:12 - 2013-08-17 19:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 13:44 - 2010-11-15 16:04 - 00045422 _____ C:\Windows\PFRO.log
2013-08-15 07:53 - 2013-08-15 07:53 - 00000000 ____D C:\Users\pc\AppData\Local\Macromedia
2013-08-15 07:53 - 2010-05-02 04:15 - 00000000 ____D C:\Users\pc\AppData\Local\Adobe
2013-08-15 07:52 - 2013-08-15 07:52 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-15 07:52 - 2013-08-15 07:52 - 00000000 ____D C:\Windows\System32\Macromed
2013-08-15 07:52 - 2013-08-15 07:52 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-08-15 07:52 - 2013-08-15 07:52 - 00000000 ____D C:\ProgramData\McAfee
2013-08-15 07:52 - 2012-03-23 14:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-15 07:50 - 2013-08-15 07:50 - 01069032 _____ (Solid State Networks) C:\Users\pc\Downloads\install_flashplayer11x32_mssa_aaa_aih(1).exe
2013-08-15 07:45 - 2013-01-10 14:48 - 00000000 ____D C:\Users\pc\AppData\Roaming\vlc
2013-08-04 18:32 - 2013-08-04 18:32 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 18:31 - 2012-05-10 16:37 - 00000000 ____D C:\Program Files (x86)\Google
Files to move or delete:
====================
C:\Users\pc\AppData\Local\Temp\eyvthsrubxcvfwjlg.exe
C:\Users\pc\AppData\Local\Temp\AskSLib.dll
C:\Users\pc\AppData\Local\Temp\InitBDE.exe
C:\Users\pc\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\pc\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\pc\AppData\Local\Temp\ose00000.exe
C:\Users\pc\AppData\Local\Temp\nsq47DA.tmp\DropboxNSISTools.dll
C:\Users\pc\AppData\Local\Temp\nsaAF44.tmp\DropboxNSISTools.dll
C:\Users\pc\AppData\Local\Temp\nsaAF44.tmp\UAC.dll
C:\Users\pc\AppData\Local\Temp\nsa3AB0.tmp\DropboxNSISTools.dll
C:\Users\pc\AppData\Local\Temp\lu\1_spp_100009c.exe
C:\Users\pc\AppData\Local\Temp\lu\2_spp_2000067.exe
C:\Users\pc\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.3.8.2474.exe
C:\Users\pc\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.3.8.2631.exe
C:\Users\pc\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.3.9.2762.exe
C:\Users\pc\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.4.0.2838.exe
C:\Users\pc\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.4.0.2905.exe
C:\Users\pc\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.4.1.3341.exe
C:\Users\pc\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
C:\Users\pc\AppData\Local\Temp\AEE5.dir\InstallFlashPlayer.exe
C:\Users\pc\AppData\Local\Temp\7C12.dir\InstallFlashPlayer.exe
C:\Users\pc\AppData\Local\Temp\._msige61\GoogleEarth.exe
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthps.dll
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll
C:\Users\pc\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 4095.37 MB
Available physical RAM: 3489.86 MB
Total Pagefile: 4093.52 MB
Available Pagefile: 3475.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:150.64 GB) (Free:121.03 GB) NTFS
Drive d: (Daten) (Fixed) (Total:780.77 GB) (Free:635.03 GB) NTFS
Drive g: () (Removable) (Total:1.92 GB) (Free:1.92 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EDA101F8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=151 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=781 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=2 GB) - (Type=06)
LastRegBack: 2013-09-03 15:38
==================== End Of Log ============================
--- --- --- --- --- --- Geändert von Stefan235 (03.09.2013 um 16:48 Uhr) |
| Themen zu GVU-Trojaner 2.07 Hilfe |
| .exe, anhang, association, canon, erstell, erstellt, farbar, farbar recovery scan tool, frst.txt, frst64.exe, gvu-trojaner, gvu-trojaner 2.07, hilfe |
Baum-Darstellung