Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Schweizer Variante des GVU-Trojaners auf Netbook

Schweizer Variante des GVU-Trojaners auf Netbook


Plagegeister aller Art und deren Bekämpfung: Schweizer Variante des GVU-Trojaners auf Netbook

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 04.02.2013, 21:05   #5
stagatha
 
Schweizer Variante des GVU-Trojaners auf Netbook - Standard

Schweizer Variante des GVU-Trojaners auf Netbook


So hier nun der Scan

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-02-2013 02
Ran by SYSTEM at 04-02-2013 20:50:21
Running from E:\
Windows 7 Home Premium   (X86) OS Language: English(US) 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [HotkeyMon] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101288 2010-12-07] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1248176 2010-12-07] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [412600 2010-11-15] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto [1095080 2011-03-10] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun [414384 2011-01-06] (ASUSTek Computer Inc.)
HKLM\...\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)
HKLM\...\Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF" [x]
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [112632 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" [218448 2010-10-20] (Trend Micro Inc.)
HKLM\...\Run: [Boingo Wi-Fi] "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2429 2012-04-12] ()
HKLM\...\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-15] (ASUSTek Computer Inc.)
HKLM\...\Run: [iSeriesCharge] AsusSender.exe C:\Program Files\ASUS\USBChargeSetting\iSeriesCharge.exe [99792 2012-06-28] (AsusTek Computer Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Brehm\...\Winlogon: [Shell] explorer.exe,C:\Users\Brehm\AppData\Roaming\skype.dat [110592 2011-11-16] ()
HKU\Default\...\RunOnce: [Reboot] AsusSender.exe C:\Windows\Reboot.exe 60 [92096 2010-12-12] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [IconPatch] C:\Windows\AP\IconPatch.vbs [x]
HKU\Default\...\RunOnce: [AskScreensaver] C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [797104 2011-01-26] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] AsusSender.exe C:\Windows\Reboot.exe 60 [92096 2010-12-12] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [IconPatch] C:\Windows\AP\IconPatch.vbs [x]
HKU\Default User\...\RunOnce: [AskScreensaver] C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [797104 2011-01-26] (AsusTek Computer Inc.)
HKLM\...\RunOnce: [*Restore] C:\windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B9553F6-C4F3-434F-B724-B2A98C870D1E}: [NameServer]208.67.222.222,208.67.220.220
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe ()

==================== Services (Whitelisted) ===================

2 AsusService; C:\windows\system32\AsusService.exe [224680 2010-12-07] ()
2 SetupARService; "C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe" [24576 2012-11-01] (Realtek Semiconductor.)
2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [161104 2010-09-17] (Trend Micro Inc.)
3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

3 AiDriver; C:\Windows\System32\DRIVERS\AiDriver.sys [14720 2012-05-07] (ASUSTek Computer Inc.)
1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-27] ()
1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-02] ()
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
3 L6PODX3LV; C:\Windows\System32\Drivers\L6PODX3LV.sys [583168 2011-11-30] (Line 6)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-08-22] (Duplex Secure Ltd.)
1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
2 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [x]
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [x]
3 btwavdt; C:\Windows\system32\drivers\btwavdt.sys [x]
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [x]
3 btwrchid; C:\Windows\system32\drivers\btwrchid.sys [x]
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-02-01 11:54 - 2013-02-01 11:54 - 00000000 ____D C:\Users\Brehm\AppData\Local\{E6834EBB-5CC2-47E0-AFD1-367BA12557FE}
2013-01-25 11:45 - 2013-01-31 11:47 - 00000000 ____D C:\Users\Brehm\AppData\Local\{CAEB7411-A4F2-44CA-A1BE-64482EF0E424}
2013-01-22 00:12 - 2013-01-24 12:13 - 00000000 ____D C:\Users\Brehm\AppData\Local\{13390C2C-4688-4284-B6F8-5F7D178478C8}
2013-01-21 12:22 - 2013-02-02 20:29 - 00000000 ____D C:\Program Files\Hotel Gigant
2013-01-21 12:12 - 2013-01-21 12:12 - 00000000 ____D C:\Users\Brehm\AppData\Local\{08631867-C902-4E35-9C47-696753AE8CC4}
2013-01-18 08:05 - 2013-01-18 08:05 - 00001146 ____A C:\Users\Brehm\Documents\nhl.txt
2013-01-10 06:37 - 2013-02-02 20:28 - 00000000 ____D C:\Program Files\Transport Gigant GOLD
2013-01-10 00:27 - 2013-01-16 10:41 - 00000000 ____D C:\Users\Brehm\AppData\Local\{9C19EAAB-3CA4-4290-A9A5-B1940B33674D}
2013-01-07 11:11 - 2013-01-09 11:40 - 00000000 ____D C:\Users\Brehm\AppData\Local\{8F5BB913-28DA-4A8C-855A-83802D4B9641}


==================== One Month Modified Files and Folders ========

2013-02-04 20:50 - 2013-02-04 20:50 - 00000000 ____D C:\FRST
2013-02-02 20:36 - 2011-04-15 10:39 - 00000000 ____D C:\Program Files\Common Files\InstantOn
2013-02-02 20:36 - 2011-04-15 10:18 - 00000000 ____D C:\Program Files\E-Cam
2013-02-02 20:36 - 2011-02-16 02:40 - 00000000 ____D C:\Windows\System32\Drivers\de-DE
2013-02-02 20:36 - 2011-02-11 02:57 - 00000000 ____D C:\Windows\System32\SPReview
2013-02-02 20:36 - 2009-07-13 23:49 - 00000000 ____D C:\Program Files\Windows Journal
2013-02-02 20:36 - 2009-07-13 23:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-02-02 20:36 - 2009-07-13 23:48 - 00000000 ____D C:\Windows\ShellNew
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\twain_32
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\Offline Web Pages
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\addins
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-02-02 20:36 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\DVD Maker
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 __RSD C:\Windows\Media
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 __RHD C:\Users\Public\Libraries
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\TAPI
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\th-TH
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sl-SI
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\Msdtc
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\lv-LV
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\lt-LT
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\he-IL
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\et-EE
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\com
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\system
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\L2Schemas
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\IME
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Cursors
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-02-02 20:36 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\Services
2013-02-02 20:35 - 2011-02-16 02:40 - 00000000 ____D C:\Windows\de-DE
2013-02-02 20:31 - 2011-04-15 10:04 - 00000000 ____D C:\Windows\System32\Lang
2013-02-02 20:31 - 2011-02-16 02:40 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-02-02 20:31 - 2009-07-13 20:56 - 00000000 ____D C:\Windows\System32\winrm
2013-02-02 20:31 - 2009-07-13 20:56 - 00000000 ____D C:\Windows\System32\WCN
2013-02-02 20:31 - 2009-07-13 20:56 - 00000000 ____D C:\Windows\System32\slmgr
2013-02-02 20:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\spp
2013-02-02 20:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\Speech
2013-02-02 20:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\SMI
2013-02-02 20:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2013-02-02 20:30 - 2012-11-11 09:20 - 00000000 ____D C:\Users\Brehm\AppData\Roaming\vlc
2013-02-02 20:30 - 2012-11-01 12:09 - 00000000 ____D C:\Users\All Users\Skype
2013-02-02 20:30 - 2012-08-23 12:18 - 00000000 ____D C:\Windows\Minidump
2013-02-02 20:30 - 2012-04-12 06:26 - 00000000 ____D C:\users\Brehm
2013-02-02 20:30 - 2011-04-15 10:36 - 00000000 ____D C:\Users\All Users\Trend Micro
2013-02-02 20:30 - 2011-04-15 10:27 - 00000000 ____D C:\Windows\it
2013-02-02 20:30 - 2011-04-15 10:27 - 00000000 ____D C:\Windows\fr
2013-02-02 20:30 - 2011-04-15 10:26 - 00000000 ____D C:\Windows\de
2013-02-02 20:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\schemas
2013-02-02 20:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Resources
2013-02-02 20:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\PLA
2013-02-02 20:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Globalization
2013-02-02 20:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Branding
2013-02-02 20:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\AppCompat
2013-02-02 20:29 - 2013-01-21 12:22 - 00000000 ____D C:\Program Files\Hotel Gigant
2013-02-02 20:29 - 2012-12-06 15:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-02-02 20:29 - 2012-11-01 12:09 - 00000000 ___RD C:\Program Files\Skype
2013-02-02 20:29 - 2012-11-01 12:09 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-02-02 20:29 - 2012-08-22 03:07 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-02-02 20:29 - 2012-08-22 03:01 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-02-02 20:29 - 2012-08-22 01:17 - 00000000 ____D C:\Program Files\Audacity
2013-02-02 20:29 - 2011-04-15 10:38 - 00000000 ____D C:\Program Files\Times Reader
2013-02-02 20:29 - 2011-04-15 10:23 - 00000000 ____D C:\Program Files\Windows Live
2013-02-02 20:29 - 2011-04-15 10:18 - 00000000 ____D C:\Program Files\Common Files\Oberon Media
2013-02-02 20:29 - 2011-04-15 10:16 - 00000000 ____D C:\Program Files\Asus
2013-02-02 20:29 - 2011-04-15 10:08 - 00000000 ____D C:\Program Files\Atheros
2013-02-02 20:29 - 2011-04-15 10:04 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-02-02 20:29 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-02-02 20:29 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\MSBuild
2013-02-02 20:29 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-02-02 20:28 - 2013-01-10 06:37 - 00000000 ____D C:\Program Files\Transport Gigant GOLD
2013-02-02 20:23 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2013-02-02 20:13 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Web
2013-02-02 20:13 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Vss
2013-02-02 20:12 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
2013-02-02 20:12 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\spool
2013-02-02 20:11 - 2009-07-13 20:56 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-02-02 20:11 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NetworkList
2013-02-02 20:10 - 2011-04-15 10:20 - 00000000 ____D C:\Windows\System32\Macromed
2013-02-02 20:10 - 2011-02-11 02:44 - 00000000 ____D C:\Windows\System32\EventProviders
2013-02-02 20:10 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\IME
2013-02-02 20:06 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Speech
2013-02-02 20:05 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\Performance
2013-02-02 20:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\security
2013-02-02 20:04 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-02-02 20:02 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Help
2013-02-02 20:00 - 2012-11-01 12:09 - 00000000 ____D C:\Users\Brehm\AppData\Roaming\Skype
2013-02-02 20:00 - 2009-07-13 18:37 - 00000000 __RHD C:\users\Default
2013-02-02 19:59 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Windows NT
2013-02-02 19:58 - 2011-04-15 10:34 - 00000000 ____D C:\Program Files\syncables
2013-02-02 19:58 - 2011-04-15 10:06 - 00000000 ____D C:\Program Files\Synaptics
2013-02-02 19:58 - 2011-04-15 10:04 - 00000000 ____D C:\Program Files\Realtek
2013-02-02 19:57 - 2011-04-15 10:31 - 00000000 ____D C:\Program Files\Microsoft Office
2013-02-02 19:57 - 2011-04-15 10:26 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-02-02 19:57 - 2011-04-15 10:03 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-02-02 19:57 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Microsoft Games
2013-02-02 19:56 - 2011-04-15 10:21 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-02-02 19:56 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2013-02-02 19:55 - 2011-04-15 10:20 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-02-02 19:55 - 2011-04-15 10:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-02-02 19:55 - 2011-04-15 10:19 - 00000000 ____D C:\Program Files\Adobe
2013-02-02 19:55 - 2011-04-15 10:16 - 00000000 ____D C:\AsusVibeData
2013-02-02 19:24 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-02-01 12:31 - 2012-04-12 10:40 - 00000000 ____D C:\Users\Brehm\Tracing
2013-02-01 12:19 - 2012-04-12 06:26 - 00000000 ____D C:\Users\Brehm\AppData\Local\Windows Live
2013-02-01 11:54 - 2013-02-01 11:54 - 00000000 ____D C:\Users\Brehm\AppData\Local\{E6834EBB-5CC2-47E0-AFD1-367BA12557FE}
2013-01-31 11:47 - 2013-01-25 11:45 - 00000000 ____D C:\Users\Brehm\AppData\Local\{CAEB7411-A4F2-44CA-A1BE-64482EF0E424}
2013-01-24 12:13 - 2013-01-22 00:12 - 00000000 ____D C:\Users\Brehm\AppData\Local\{13390C2C-4688-4284-B6F8-5F7D178478C8}
2013-01-21 12:12 - 2013-01-21 12:12 - 00000000 ____D C:\Users\Brehm\AppData\Local\{08631867-C902-4E35-9C47-696753AE8CC4}
2013-01-18 08:05 - 2013-01-18 08:05 - 00001146 ____A C:\Users\Brehm\Documents\nhl.txt
2013-01-16 14:25 - 2012-04-12 06:26 - 00000000 ____D C:\Users\Brehm\AppData\Local\VirtualStore
2013-01-16 10:41 - 2013-01-10 00:27 - 00000000 ____D C:\Users\Brehm\AppData\Local\{9C19EAAB-3CA4-4290-A9A5-B1940B33674D}
2013-01-09 11:40 - 2013-01-07 11:11 - 00000000 ____D C:\Users\Brehm\AppData\Local\{8F5BB913-28DA-4A8C-855A-83802D4B9641}

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-01-09 18:00:58
Restore point made on: 2013-01-17 00:12:55
Restore point made on: 2013-01-24 17:19:12

==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 2038.12 MB
Available physical RAM: 1656.75 MB
Total Pagefile: 2038.12 MB
Available Pagefile: 1651.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:100 GB) (Free:66.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:350.74 GB) (Free:343.45 GB) NTFS
3 Drive e: (HITMANPRO) (Removable) (Total:29.75 GB) (Free:29.73 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B         
  Disk 1    Online           29 GB      0 B         

Partitions of Disk 0:
===============

Disk ID: 90DD1478

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            100 GB  1024 KB
  Partition 2    Primary             15 GB   100 GB
  Partition 3    Primary            350 GB   115 GB
  Partition 4    Primary             16 MB   465 GB

=========================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 0     C                NTFS   Partition    100 GB  Healthy            

=========================================================

Disk: 0
Partition 2
Type  : 1B
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     D                NTFS   Partition    350 GB  Healthy            

=========================================================

Disk: 0
Partition 4
Type  : EF
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Disk ID: F910D2C7

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             29 GB    31 KB

=========================================================

Disk: 1
Partition 1
Type  : 0B
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     E   HITMANPRO    FAT32  Removable     29 GB  Healthy            

=========================================================

Last Boot: 2013-01-23 17:39

==================== End Of Log ============================


 

Themen zu Schweizer Variante des GVU-Trojaners auf Netbook
abgesicherten, angeblich, antivir, arbeiten, avira, avira antivir, betriebssystem, diverse, ergebnis, fenster, firefox, foren, griff, home, januar, modus, nichts, registrierungsdatenbank, rescue, systemwiederherstellung, variante, versuche, viren, weiterhelfen, windows, windows 7


« Laptop wurde vom GVU Virus/Trojaner befallen | Newsbuster.com und ihvahenet.com »


Ähnliche Themen: Schweizer Variante des GVU-Trojaners auf Netbook


  1. Schweizer IT-Sicherheitsbehörde warnt vor Vormachtstellung der USA
    Nachrichten - 30.10.2013 (0)
  2. FEDPOL-Trojaner KOBIK (Schweizer Variante)
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (9)
  3. Trojaner Bundeskriminalpolizei (Schweizer Version) auf Win 7 Pro
    Log-Analyse und Auswertung - 05.07.2013 (11)
  4. CIBS POL Schweizer Eidgenossenschaft
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (10)
  5. Schweizer Eidgenossenschaft Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.01.2013 (10)
  6. Schweizer Chaos Computer Club gegründet
    Nachrichten - 16.12.2012 (0)
  7. Eidgenössische Hacker wollen Schweizer CCC gründen
    Nachrichten - 10.12.2012 (0)
  8. BKA-Virus schweizer Version, Windows XP
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (18)
  9. Virus Schweizer Eidgenossenschaft
    Plagegeister aller Art und deren Bekämpfung - 24.11.2012 (22)
  10. schweizer eidgenossenschaft - trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (59)
  11. Schweizer Eidgenossenschaft Virus eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (3)
  12. PC gesperrt - Schweizer Eidgenossenschaft
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (1)
  13. Virus Schweizer Eidgenossenschaft
    Plagegeister aller Art und deren Bekämpfung - 27.08.2012 (13)
  14. Laptop gesperrt: Schweizer Eidgenossenschaft
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (25)
  15. neue Variante des GVU-Trojaners eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (12)
  16. Variante des BKA-Trojaners
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (23)
  17. Schweizer Hacker-Messer: BackTrack in Version 5
    Nachrichten - 11.05.2011 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Schweizer Variante des GVU-Trojaners auf Netbook - So hier nun der Scan Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-02-2013 02 Ran by SYSTEM at 04-02-2013 20:50:21 Running from - Schweizer Variante des GVU-Trojaners auf Netbook...
Archiv
Du betrachtest: Schweizer Variante des GVU-Trojaners auf Netbook auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131