Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GUV Trojaner -- LOG FRST (https://www.trojaner-board.de/137129-guv-trojaner-log-frst.html)

uiter 24.06.2013 21:32
GUV Trojaner -- LOG FRST
 

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Ran by SYSTEM on 24-06-2013 22:19:23
Running from M:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7883296 2009-06-16] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-06-16] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2009-08-03] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-24] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [328992 2007-08-30] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1644680 2013-03-10] (Ask)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162336 2009-07-21] ()
HKU\heidi\...\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c [366536 2012-06-26] (IncrediMail, Ltd.)
HKU\heidi\...\Run: [SchnapperPro] C:\Program Files (x86)\SchnapperPro\SchnapperPro.exe [803528 2013-05-30] (Schnapper-Software Robert Beer)
HKU\heidi\...\Run: [AVMUSBFernanschluss] "C:\Users\heidi\AppData\Local\Apps\2.0\QCO7KHHT.6XW\4VV6K58B.3CO\frit..tion_8488884cfbcefd60_0002.0003_f308b4c1084cd0fd\AVMAutoStart.exe" [139264 2012-12-17] (AVM Berlin)
HKU\heidi\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [965560 2012-09-28] (Samsung)
HKU\heidi\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [580096 2012-09-26] (Samsung Electronics)
HKU\heidi\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-09-28] (Samsung)
HKU\heidi\...\Run: [dnsrvideo] "C:\Users\heidi\AppData\Roaming\dnsrvideo.exe" -autorun [0 1678-07-27] ()
HKU\heidi\...\Run: [hlpddef] "C:\Users\heidi\AppData\Roaming\hlpddef.exe" -autorun [0 1670-07-18] ()
HKU\heidi\...\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\co2fv.dat,XFG00 [188416 2013-06-24] (Microsoft Corporation)
HKU\heidi\...\CurrentVersion\Windows: [Load] C:\Users\heidi\LOCALS~1\Temp\mstvxiwco.pif
HKU\UpdatusUser\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162336 2009-07-21] ()
AppInit_DLLs: [0 ] ()
Startup: C:\Users\heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\co2fv.dat (Microsoft Corporation)
Startup: C:\Users\heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
ShortcutTarget: tbhcn.lnk -> (No File)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-30] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-30] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [562744 2013-05-06] (Avira Operations GmbH & Co. KG)
S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database_16abd4d\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2007-09-03] (FirebirdSQL Project)
S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe [2002944 2007-09-03] (FirebirdSQL Project)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database_16abd4d\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241016 2012-11-08] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-11-08] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [177680 2012-11-08] (McAfee, Inc.)
S2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
S2 SchnapperPro-TimeSync; C:\Program Files (x86)\SchnapperPro\TimeSync.exe [45664 2007-08-30] (Schnapper-Software Robert Beer)
S2 Soda PDF Service; C:\Program Files (x86)\Soda PDF\ConversionService.exe [816472 2011-01-28] (LULU Software)
S2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-31] ()
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2011-05-09] (AVM Berlin)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-11-08] (McAfee, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-11-08] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-11-08] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-11-08] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-11-08] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-11-08] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-11-08] (McAfee, Inc.)
S3 QF9USB; C:\Windows\System32\DRIVERS\qf97usb.sys [21504 2010-09-29] (Corechip Semiconductor, Inc. Co Ltd.)
S3 IAMTVE; \SystemRoot\system32\DRIVERS\IAMTVE.sys [x]
S3 IAMTXPE; \SystemRoot\system32\DRIVERS\IAMTXPE.sys [x]
S3 NAL; \??\C:\Windows\system32\Drivers\iqvw64e.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-24 22:04 - 2013-06-24 22:04 - 00000000 ____D C:\FRST
2013-06-24 11:21 - 2013-06-24 04:37 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-24 04:37 - 2013-06-24 11:56 - 95023320 ___AT C:\ProgramData\vf2oc.pad
2013-06-24 04:37 - 2013-06-24 11:56 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-24 04:37 - 2013-06-24 04:37 - 00188416 ____A (Microsoft Corporation) C:\ProgramData\co2fv.dat
2013-06-24 04:37 - 2013-06-24 04:37 - 00002654 ____A C:\ProgramData\vf2oc.js
2013-06-24 04:37 - 2013-06-24 04:37 - 00001009 ____A C:\ProgramData\sdaksda.txt
2013-06-24 04:37 - 2013-06-24 04:37 - 00000151 ____A C:\ProgramData\vf2oc.reg
2013-06-24 04:37 - 2013-06-24 04:37 - 00000056 ____A C:\ProgramData\vf2oc.bat
2013-06-15 13:47 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 13:47 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 13:47 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 13:47 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 13:47 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 13:47 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 13:47 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 13:47 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 13:47 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 13:47 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 13:47 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 13:47 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 22:48 - 2013-06-14 22:48 - 00289688 ____A C:\Windows\Minidump\061513-19749-01.dmp
2013-06-12 23:15 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:15 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:15 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:15 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:15 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 23:15 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 23:15 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:15 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 23:15 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:15 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:15 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:15 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:15 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:15 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 23:15 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 23:15 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:15 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 23:15 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 23:15 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 22:35 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 22:10 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 22:10 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 22:09 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 22:09 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 22:09 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 22:09 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 22:08 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 22:08 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 22:08 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 22:08 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 22:08 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 22:08 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 22:08 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 22:08 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 22:08 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 22:08 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 22:08 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 22:08 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 00:23 - 2013-06-14 22:48 - 312487111 ____A C:\Windows\MEMORY.DMP
2013-06-12 00:23 - 2013-06-12 00:23 - 00287656 ____A C:\Windows\Minidump\061213-17160-01.dmp
2013-06-01 06:46 - 2013-06-01 06:54 - 39305432 ____A C:\Users\heidi\Downloads\Xavier Naidoo_Bei Meiner Seele_001_Xavier Naidoo_Bei meiner Seele (DJ Re.wav
2013-06-01 04:06 - 2013-06-01 04:54 - 33991318 ____A C:\Users\heidi\Downloads\Capital Cities_Safe And Sound - Ger_001_Capital Cities_Safe And Sound.wav
2013-06-01 04:05 - 2013-06-01 05:04 - 51563652 ____A C:\Users\heidi\Downloads\Various Artists_Pacha Summer 2013_001_DF&S vs_ Ceresia & Ron_Bang Bang (Explode) (Vo.wav
2013-06-01 04:05 - 2013-06-01 05:03 - 46402814 ____A C:\Users\heidi\Downloads\Pharrell, Robin Thicke_Blurred Lines_001_Pharrell, Robin Thicke_Blurred Lines.wav
2013-06-01 04:05 - 2013-06-01 05:02 - 43820296 ____A C:\Users\heidi\Downloads\Daft Punk feat_ Pharre_Get Lucky_001_Daft Punk feat_ Pharre_Get Lucky - Radio Edit.wav
2013-06-01 04:05 - 2013-06-01 05:01 - 42496234 ____A C:\Users\heidi\Downloads\Various Artists_Music From Baz Luhrm_008_Fergie, GoonRock, Q-Ti_A Little Party Never Ki.wav
2013-06-01 04:05 - 2013-06-01 04:57 - 35007948 ____A C:\Users\heidi\Downloads\Beatrice Egli_Mein Herz_001_Beatrice Egli_Mein Herz.wav
2013-06-01 04:05 - 2013-06-01 04:55 - 32323702 ____A C:\Users\heidi\Downloads\Emmelie de Forest_Only Teardrops_001_Emmelie de Forest_Only Teardrops.wav
1376-163-00 63031:16384 - 1678-07-27 07:39 - 00000000 ____A C:\Users\heidi\AppData\Roaming\dnsrvideo.exe
1376-163-00 63031:16384 - 1670-07-18 10:06 - 00000000 ____A C:\Users\heidi\AppData\Roaming\hlpddef.exe

==================== One Month Modified Files and Folders =======

2013-06-24 22:04 - 2013-06-24 22:04 - 00000000 ____D C:\FRST
2013-06-24 21:54 - 2010-01-13 00:37 - 00000000 ____D C:\ProgramData\InstallShield
2013-06-24 21:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-06-24 21:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-06-24 11:56 - 2013-06-24 04:37 - 95023320 ___AT C:\ProgramData\vf2oc.pad
2013-06-24 11:56 - 2013-06-24 04:37 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-24 11:56 - 2013-05-21 05:38 - 00002576 ____A C:\Windows\setupact.log
2013-06-24 11:56 - 2012-09-12 04:33 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-24 11:56 - 2012-07-26 12:01 - 00000000 ____D C:\Users\heidi\AppData\Roaming\BrowserCompanion
2013-06-24 11:56 - 2011-03-27 23:24 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-24 11:56 - 2011-03-10 03:24 - 00000000 ____D C:\Users\heidi\AppData\Roaming\SchnapperPro
2013-06-24 11:56 - 2010-01-11 00:55 - 00000000 ____D C:\users\heidi
2013-06-24 11:56 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-24 09:21 - 2009-09-07 10:35 - 02005899 ____A C:\Windows\WindowsUpdate.log
2013-06-24 09:20 - 2013-05-21 05:38 - 00045045 ____A C:\Windows\avmacc.log
2013-06-24 04:37 - 2013-06-24 11:21 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-24 04:37 - 2013-06-24 04:37 - 00188416 ____A (Microsoft Corporation) C:\ProgramData\co2fv.dat
2013-06-24 04:37 - 2013-06-24 04:37 - 00002654 ____A C:\ProgramData\vf2oc.js
2013-06-24 04:37 - 2013-06-24 04:37 - 00001009 ____A C:\ProgramData\sdaksda.txt
2013-06-24 04:37 - 2013-06-24 04:37 - 00000151 ____A C:\ProgramData\vf2oc.reg
2013-06-24 04:37 - 2013-06-24 04:37 - 00000056 ____A C:\ProgramData\vf2oc.bat
2013-06-24 04:34 - 2012-09-12 04:33 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-24 04:34 - 2012-06-23 01:53 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-24 04:34 - 2012-04-12 02:13 - 00001138 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2614289542-2430297667-1821832189-1000UA.job
2013-06-23 08:27 - 2013-01-18 08:23 - 00000000 ____D C:\Users\heidi\AppData\Local\DoNotTrackPlus
2013-06-23 07:44 - 2012-05-08 02:10 - 00000276 ____A C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-06-22 23:23 - 2009-07-13 20:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-22 23:23 - 2009-07-13 20:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-21 01:32 - 2010-01-11 00:56 - 00000000 ____D C:\Users\heidi\AppData\Local\VirtualStore
2013-06-21 00:21 - 2012-09-12 04:37 - 00002187 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-19 02:10 - 2012-05-08 02:10 - 00000284 ____A C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-06-16 03:44 - 2009-09-04 05:22 - 00654150 ____A C:\Windows\System32\perfh007.dat
2013-06-16 03:44 - 2009-09-04 05:22 - 00130022 ____A C:\Windows\System32\perfc007.dat
2013-06-16 03:44 - 2009-07-13 21:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-14 22:48 - 2013-06-14 22:48 - 00289688 ____A C:\Windows\Minidump\061513-19749-01.dmp
2013-06-14 22:48 - 2013-06-12 00:23 - 312487111 ____A C:\Windows\MEMORY.DMP
2013-06-14 22:48 - 2010-02-23 00:19 - 00000000 ____D C:\Windows\Minidump
2013-06-13 21:57 - 2012-04-12 02:13 - 00001116 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2614289542-2430297667-1821832189-1000Core.job
2013-06-13 04:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 03:17 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2013-06-12 10:29 - 2012-06-23 01:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 10:29 - 2011-07-09 00:22 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 00:23 - 2013-06-12 00:23 - 00287656 ____A C:\Windows\Minidump\061213-17160-01.dmp
2013-06-11 04:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-08 06:08 - 2013-06-15 13:47 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 06:07 - 2013-06-15 13:47 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 06:06 - 2013-06-15 13:47 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 06:06 - 2013-06-15 13:47 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 06:06 - 2013-06-15 13:47 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 04:28 - 2013-06-15 13:47 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 03:42 - 2013-06-15 13:47 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 03:40 - 2013-06-15 13:47 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 03:40 - 2013-06-15 13:47 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 03:40 - 2013-06-15 13:47 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 03:40 - 2013-06-15 13:47 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 03:13 - 2013-06-15 13:47 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-04 00:41 - 2012-06-28 04:53 - 00000432 ____A C:\Windows\BRWMARK.INI
2013-06-04 00:30 - 2011-03-28 08:02 - 00010096 ____A C:\Users\heidi\AppData\Roaming\wklnhst.dat
2013-06-04 00:20 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-03 01:18 - 2011-05-02 05:09 - 00000000 ____D C:\Users\heidi\AppData\Roaming\FileZilla
2013-06-01 10:47 - 2011-08-25 05:29 - 00000156 ____A C:\Users\heidi\AppData\Roaming\default.rss
2013-06-01 10:47 - 2010-02-02 08:32 - 00000069 ____A C:\Windows\NeroDigital.ini
2013-06-01 06:54 - 2013-06-01 06:46 - 39305432 ____A C:\Users\heidi\Downloads\Xavier Naidoo_Bei Meiner Seele_001_Xavier Naidoo_Bei meiner Seele (DJ Re.wav
2013-06-01 05:04 - 2013-06-01 04:05 - 51563652 ____A C:\Users\heidi\Downloads\Various Artists_Pacha Summer 2013_001_DF&S vs_ Ceresia & Ron_Bang Bang (Explode) (Vo.wav
2013-06-01 05:03 - 2013-06-01 04:05 - 46402814 ____A C:\Users\heidi\Downloads\Pharrell, Robin Thicke_Blurred Lines_001_Pharrell, Robin Thicke_Blurred Lines.wav
2013-06-01 05:02 - 2013-06-01 04:05 - 43820296 ____A C:\Users\heidi\Downloads\Daft Punk feat_ Pharre_Get Lucky_001_Daft Punk feat_ Pharre_Get Lucky - Radio Edit.wav
2013-06-01 05:01 - 2013-06-01 04:05 - 42496234 ____A C:\Users\heidi\Downloads\Various Artists_Music From Baz Luhrm_008_Fergie, GoonRock, Q-Ti_A Little Party Never Ki.wav
2013-06-01 04:57 - 2013-06-01 04:05 - 35007948 ____A C:\Users\heidi\Downloads\Beatrice Egli_Mein Herz_001_Beatrice Egli_Mein Herz.wav
2013-06-01 04:55 - 2013-06-01 04:05 - 32323702 ____A C:\Users\heidi\Downloads\Emmelie de Forest_Only Teardrops_001_Emmelie de Forest_Only Teardrops.wav
2013-06-01 04:54 - 2013-06-01 04:06 - 33991318 ____A C:\Users\heidi\Downloads\Capital Cities_Safe And Sound - Ger_001_Capital Cities_Safe And Sound.wav

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
C:\ProgramData\rundll32.exe
C:\Users\heidi\GoToAssistDownloadHelper.exe
C:\ProgramData\co2fv.dat
C:\ProgramData\vf2oc.bat
C:\ProgramData\vf2oc.pad
C:\ProgramData\vf2oc.reg

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-06-20 23:29:23
Restore point made on: 2013-06-24 09:22:04

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4087.08 MB
Available physical RAM: 3428.38 MB
Total Pagefile: 4085.23 MB
Available Pagefile: 3422.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:457.95 GB) (Free:367.55 GB) NTFS (Disk=0 Partition=3)
Drive e: (DATA) (Fixed) (Total:458.46 GB) (Free:458.19 GB) NTFS (Disk=0 Partition=4)
Drive f: (PQSERVICE) (Fixed) (Total:15 GB) (Free:5.33 GB) NTFS (Disk=0 Partition=1)
Drive m: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT (Disk=6 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A8CDD550)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=458 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2013-06-23 00:01

==================== End Of Log ============================
--- --- ---
ICH BRAUCHE DRINGEND EURE HILFE.......NIX geht......was soll ich machen????

t'john 24.06.2013 22:30
was soll das werden?
http://www.trojaner-board.de/137128-guv-virus.html


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:41 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129