| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner! PC wurde gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.07.2013, 09:13
| #1 |
| |  GVU-Trojaner! PC wurde gesperrt Hallo, ich habe leider auch das Problem, dass ich scheinbar einen Trojaner habe. Es erscheint eine Seite der GVU mit der Behauptung ich hätte irgendwelche Urheberrechte verletzt. Nun ist mein Computer gesprerrt. Ich habe versucht über den abgesicherten Modus wieder rein zukommen aber es funktioniert nicht bzw. es steht seit 10 min da : Windows-Dateien werden geladen usw.... Könnt ihr mir helfen? Beste Grüße Libertine |
|
11.07.2013, 09:14
| #2 |
| /// the machine /// TB-Ausbilder    | GVU-Trojaner! PC wurde gesperrt Hi,
__________________welches Betriebssystem?
__________________ |
|
11.07.2013, 09:15
| #3 |
| | GVU-Trojaner! PC wurde gesperrt Windows Vista
__________________ |
|
11.07.2013, 09:28
| #4 |
| /// the machine /// TB-Ausbilder | GVU-Trojaner! PC wurde gesperrt hi, Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.07.2013, 09:57
| #5 |
| | GVU-Trojaner! PC wurde gesperrt ich versuche gerade den usb-stick mit hilfe der eingabeaufforderung zu finden. aber es steht immer nur da: Das Gerät ist nicht bereit. woran könnte das liegen ich habs  FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-07-2013 04
Ran by SYSTEM on 11-07-2013 11:00:16
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [WinampAgent] - "C:\Program Files\Winamp\winampa.exe" [39424 2009-12-21] (Nullsoft)
HKLM\...\Run: [UpdatePSTShortCut] - "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-12-24] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDIRShortCut] - "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdateP2GoShortCut] - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [210216 2008-10-30] (CyberLink Corp.)
HKLM\...\Run: [UpdateLBPShortCut] - "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [SysTrayApp] - %ProgramFiles%\IDT\WDM\sttray.exe [483420 2009-01-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-04] (Synaptics, Inc.)
HKLM\...\Run: [QPService] - "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2008-09-23] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-01-15] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13605408 2009-01-15] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Photo Downloader] - "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [57344 2005-06-23] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM\...\Run: [avast] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4241512 2012-03-07] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s [619008 2010-05-25] (Nikon Corporation)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-11-18] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-11-18] (Hewlett-Packard)
HKU\Gast\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-11-18] (Hewlett-Packard)
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2008-06-09] (Hewlett-Packard Company)
HKU\Kristin\...\Run: [msnmsgr] - ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [ 2010-04-16] (Microsoft Corporation)
HKU\Kristin\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2008-06-09] (Hewlett-Packard Company)
HKU\Kristin\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Kristin\...\Run: [ICQ] - ~"C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 [ 2011-01-05] (ICQ, LLC.)
HKU\Kristin\...\Run: [Facebook Update] - "C:\Users\Kristin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [ 2012-07-11] (Facebook Inc.)
HKU\Kristin\...\Run: [Sony PC Companion] - "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background [ 2013-05-29] (Sony)
HKU\Kristin\...\Winlogon: [Shell] explorer.exe,C:\Users\Kristin\AppData\Roaming\cache.dat <==== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Kristin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk /r \??\C:autocheck autochk *
========================== Services (Whitelisted) =================
S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [81920 2009-01-20] (Andrea Electronics Corporation)
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44768 2012-03-07] (AVAST Software)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [3085264 2013-06-03] ()
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [247096 2010-09-06] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll [135024 2011-10-15] (Symantec Corporation)
S2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
S2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-23] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2008-11-26] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe [249938 2009-01-20] (IDT, Inc.)
S4 clr_optimization_v2.0.50727_32; %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
==================== Drivers (Whitelisted) ====================
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20696 2012-03-07] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [57688 2012-03-07] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [35672 2012-03-07] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [612184 2012-03-07] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337880 2012-03-07] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53848 2012-03-07] (AVAST Software)
S1 BHDrvx86; C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys [259632 2009-08-26] (Symantec Corporation)
S1 ccHP; C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys [467592 2011-10-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2009-11-13] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [102448 2009-11-13] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100106.001\IDSvix86.sys [343088 2009-11-05] (Symantec Corporation)
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S3 k750mdfl; C:\Windows\System32\DRIVERS\k750mdfl.sys [6576 2005-07-07] (MCCI)
S3 k750mdm; C:\Windows\System32\DRIVERS\k750mdm.sys [89872 2005-07-07] (MCCI)
S3 k750obex; C:\Windows\System32\DRIVERS\k750obex.sys [79488 2009-12-19] (MCCI)
S3 RT73; C:\Windows\System32\DRIVERS\Dr71WU.sys [329728 2007-05-11] (Ralink Technology Corp.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [86824 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [15016 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [114728 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [106208 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [26024 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [109864 2009-03-25] (MCCI Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS [308272 2009-08-26] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS [43696 2009-08-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1008030.006\SYMEFA.SYS [310320 2009-08-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2009-11-15] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [25648 2009-08-26] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS [217464 2011-09-22] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100109.006\NAVENG.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100109.006\NAVEX15.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SYMDNS; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [x]
S3 SYMREDRV; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-11 11:00 - 2013-07-11 11:00 - 00000000 ____D C:\FRST
2013-07-11 09:30 - 2013-07-11 09:30 - 00000000 ____D C:\ProgramData\䒀ǣ䉀ǣ浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
2013-07-11 08:59 - 2013-07-11 08:59 - 00000000 __SHD C:\found.000
2013-07-11 08:38 - 2013-07-11 09:30 - 00000004 ____A C:\Users\Kristin\AppData\Roaming\cache.ini
2013-07-11 07:38 - 2013-07-11 07:38 - 00000000 ____D C:\ProgramData\䒀´䉀´浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
2013-07-08 09:35 - 2013-07-08 09:35 - 00000000 ____D C:\ProgramData\䒀Î䉀Î浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
2013-07-07 22:06 - 2013-07-07 22:06 - 00008366 ____A C:\Users\Kristin\Documents\marcus aurelius.odt
2013-07-03 17:57 - 2013-06-08 17:14 - 48319438 ____N C:\Users\Kristin\Desktop\MOV_6693.mp4
2013-07-03 17:57 - 2013-06-07 20:26 - 14687106 ____N C:\Users\Kristin\Desktop\MOV_6686.mp4
2013-07-03 17:56 - 2013-06-18 13:28 - 110634224 ____N C:\Users\Kristin\Desktop\MOV_6732.mp4
2013-07-03 17:56 - 2013-06-15 20:48 - 190855125 ____N C:\Users\Kristin\Desktop\MOV_6701.mp4
2013-07-03 17:56 - 2013-06-09 19:40 - 29030061 ____N C:\Users\Kristin\Desktop\MOV_6695.mp4
2013-07-03 17:51 - 2013-06-22 22:08 - 34494439 ____N C:\Users\Kristin\Desktop\MOV_6742.mp4
2013-07-03 17:51 - 2013-06-18 13:32 - 22899543 ____N C:\Users\Kristin\Desktop\MOV_6736.mp4
2013-07-03 17:50 - 2013-06-22 22:42 - 118360235 ____N C:\Users\Kristin\Desktop\MOV_6745.mp4
2013-07-03 17:50 - 2013-06-22 22:24 - 24786058 ____N C:\Users\Kristin\Desktop\MOV_6744.mp4
2013-07-03 17:50 - 2013-06-22 22:23 - 145642819 ____N C:\Users\Kristin\Desktop\MOV_6743.mp4
2013-07-03 17:49 - 2013-06-22 22:46 - 168742240 ____N C:\Users\Kristin\Desktop\MOV_6746.mp4
2013-07-03 17:10 - 2013-07-03 17:10 - 00000000 ____D C:\ProgramData\䒀Ñ䉀Ñ浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
2013-06-29 21:35 - 2013-06-29 21:35 - 00012162 ____A C:\Users\Kristin\Documents\editors konzertticket.odt
2013-06-29 14:00 - 2013-06-29 14:00 - 00000000 ____D C:\ProgramData\䒀œ䉀œ浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
2013-06-23 20:20 - 2013-06-23 20:20 - 00017395 ____A C:\Users\Kristin\Documents\Zeugnisse.odt
2013-06-23 10:49 - 2013-06-23 10:49 - 00027224 ____A C:\Users\Kristin\Documents\sven meyer.odt
2013-06-22 14:35 - 2013-06-22 14:35 - 00029534 ____A C:\Users\Kristin\Documents\laura bertemes.odt
2013-06-22 14:28 - 2013-06-22 14:28 - 00029853 ____A C:\Users\Kristin\Documents\bato arora.odt
2013-06-22 14:15 - 2013-06-22 14:15 - 00149643 ____A C:\Users\Kristin\Documents\leon diederich.odt
2013-06-21 14:45 - 2013-06-21 14:54 - 213966019 ____A C:\Users\Kristin\Downloads\Die Aerzte - Cologne - 15.06.13 - RheinEnergie Stadion(1).zip
2013-06-21 14:45 - 2013-06-21 14:50 - 213966019 ____A C:\Users\Kristin\Downloads\Die Aerzte - Cologne - 15.06.13 - RheinEnergie Stadion.zip
2013-06-13 16:03 - 2013-06-13 16:03 - 00000000 ____D C:\ProgramData\䒀»䉀»浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
==================== One Month Modified Files and Folders =======
2013-07-11 11:00 - 2013-07-11 11:00 - 00000000 ____D C:\FRST
2013-07-11 09:43 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 09:43 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 09:36 - 2009-07-20 01:27 - 01586981 ____A C:\Windows\WindowsUpdate.log
2013-07-11 09:30 - 2013-07-11 09:30 - 00000000 ____D C:\ProgramData\䒀ǣ䉀ǣ浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
2013-07-11 09:30 - 2013-07-11 08:38 - 00000004 ____A C:\Users\Kristin\AppData\Roaming\cache.ini
2013-07-11 09:21 - 2012-12-01 10:26 - 00001576 ____A C:\Windows\System32\spsys.log
2013-07-11 08:59 - 2013-07-11 08:59 - 00000000 __SHD C:\found.000
2013-07-11 07:39 - 2009-07-20 02:48 - 00000247 ___AH C:\ProgramData\hpqp.ini
2013-07-11 07:38 - 2013-07-11 07:38 - 00000000 ____D C:\ProgramData\䒀´䉀´浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
2013-07-08 09:35 - 2013-07-08 09:35 - 00000000 ____D C:\ProgramData\䒀Î䉀Î浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
2013-07-08 09:34 - 2013-05-18 14:09 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-07-08 09:34 - 2012-06-16 08:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-08 09:34 - 2012-03-29 11:26 - 00077402 ____A C:\Windows\PFRO.log
2013-07-07 22:06 - 2013-07-07 22:06 - 00008366 ____A C:\Users\Kristin\Documents\marcus aurelius.odt
2013-07-07 22:06 - 2013-04-14 09:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-05 19:59 - 2010-05-22 23:17 - 00000000 ___HD C:\Users\Kristin\AppData\Roaming\vlc
2013-07-05 19:53 - 2006-11-02 11:33 - 01475618 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 19:52 - 2010-01-04 21:17 - 00000000 ___HD C:\Users\Kristin\AppData\Roaming\Winamp
2013-07-03 18:10 - 2009-11-15 14:07 - 00159232 ___AH C:\Users\Kristin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-03 17:10 - 2013-07-03 17:10 - 00000000 ____D C:\ProgramData\䒀Ñ䉀Ñ浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
2013-06-30 16:57 - 2009-11-14 12:40 - 00000000 ____D C:\users\Kristin
2013-06-29 21:35 - 2013-06-29 21:35 - 00012162 ____A C:\Users\Kristin\Documents\editors konzertticket.odt
2013-06-29 14:02 - 2010-12-24 13:48 - 00000000 ___HD C:\Users\Kristin\AppData\Roaming\Uniblue
2013-06-29 14:02 - 2010-12-24 13:48 - 00000000 ____D C:\Program Files\Uniblue
2013-06-29 14:00 - 2013-06-29 14:00 - 00000000 ____D C:\ProgramData\䒀œ䉀œ浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
2013-06-28 15:01 - 2013-06-06 17:05 - 00000000 ____D C:\Users\Kristin\Desktop\101NIKON
2013-06-28 14:35 - 2010-08-25 18:11 - 00000000 ___HD C:\Users\Kristin\AppData\Local\Last.fm
2013-06-28 14:12 - 2012-03-23 15:25 - 00161858 ____A C:\Windows\DpInst.log
2013-06-28 14:11 - 2012-12-19 20:15 - 00001879 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-28 14:11 - 2012-12-19 20:15 - 00001879 ____A C:\ProgramData\Desktop\Sony PC Companion 2.1.lnk
2013-06-28 14:11 - 2009-02-28 07:50 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-23 20:20 - 2013-06-23 20:20 - 00017395 ____A C:\Users\Kristin\Documents\Zeugnisse.odt
2013-06-23 10:49 - 2013-06-23 10:49 - 00027224 ____A C:\Users\Kristin\Documents\sven meyer.odt
2013-06-22 22:46 - 2013-07-03 17:49 - 168742240 ____N C:\Users\Kristin\Desktop\MOV_6746.mp4
2013-06-22 22:42 - 2013-07-03 17:50 - 118360235 ____N C:\Users\Kristin\Desktop\MOV_6745.mp4
2013-06-22 22:24 - 2013-07-03 17:50 - 24786058 ____N C:\Users\Kristin\Desktop\MOV_6744.mp4
2013-06-22 22:23 - 2013-07-03 17:50 - 145642819 ____N C:\Users\Kristin\Desktop\MOV_6743.mp4
2013-06-22 22:08 - 2013-07-03 17:51 - 34494439 ____N C:\Users\Kristin\Desktop\MOV_6742.mp4
2013-06-22 15:36 - 2009-11-15 14:31 - 00000000 ___HD C:\Users\Kristin\AppData\Roaming\ICQ
2013-06-22 14:35 - 2013-06-22 14:35 - 00029534 ____A C:\Users\Kristin\Documents\laura bertemes.odt
2013-06-22 14:28 - 2013-06-22 14:28 - 00029853 ____A C:\Users\Kristin\Documents\bato arora.odt
2013-06-22 14:15 - 2013-06-22 14:15 - 00149643 ____A C:\Users\Kristin\Documents\leon diederich.odt
2013-06-21 14:54 - 2013-06-21 14:45 - 213966019 ____A C:\Users\Kristin\Downloads\Die Aerzte - Cologne - 15.06.13 - RheinEnergie Stadion(1).zip
2013-06-21 14:50 - 2013-06-21 14:45 - 213966019 ____A C:\Users\Kristin\Downloads\Die Aerzte - Cologne - 15.06.13 - RheinEnergie Stadion.zip
2013-06-21 14:47 - 2012-06-07 18:39 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-21 14:47 - 2011-07-02 20:15 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-21 14:44 - 2012-04-15 15:50 - 00011827 ____A C:\Windows\setupact.log
2013-06-21 14:37 - 2009-12-29 18:54 - 00000000 ___HD C:\ProgramData\Sony Ericsson
2013-06-21 14:37 - 2009-12-29 18:54 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-06-21 14:32 - 2009-12-09 20:45 - 00008268 ____A C:\Users\Kristin\AppData\Local\d3d9caps.dat
2013-06-18 17:30 - 2013-01-13 12:16 - 00015780 ____A C:\Users\Kristin\Documents\namen zeugnis.odt
2013-06-18 13:32 - 2013-07-03 17:51 - 22899543 ____N C:\Users\Kristin\Desktop\MOV_6736.mp4
2013-06-18 13:28 - 2013-07-03 17:56 - 110634224 ____N C:\Users\Kristin\Desktop\MOV_6732.mp4
2013-06-15 20:48 - 2013-07-03 17:56 - 190855125 ____N C:\Users\Kristin\Desktop\MOV_6701.mp4
2013-06-13 16:03 - 2013-06-13 16:03 - 00000000 ____D C:\ProgramData\䒀»䉀»浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
Files to move or delete:
====================
C:\ProgramData\nvModes.dat
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-04-13 14:51:56
Restore point made on: 2013-04-14 10:24:33
Restore point made on: 2013-04-19 19:30:44
Restore point made on: 2013-04-19 19:36:02
Restore point made on: 2013-04-19 19:37:16
Restore point made on: 2013-04-19 19:41:13
Restore point made on: 2013-04-21 09:12:29
Restore point made on: 2013-04-28 11:15:21
Restore point made on: 2013-05-03 15:59:00
Restore point made on: 2013-05-03 16:02:02
Restore point made on: 2013-05-03 16:03:12
Restore point made on: 2013-05-09 15:47:25
Restore point made on: 2013-05-10 12:21:42
Restore point made on: 2013-05-11 15:37:10
Restore point made on: 2013-05-12 15:53:01
Restore point made on: 2013-05-18 11:12:30
Restore point made on: 2013-05-18 14:07:31
Restore point made on: 2013-06-21 14:38:40
Restore point made on: 2013-06-21 14:39:48
Restore point made on: 2013-06-21 14:41:09
Restore point made on: 2013-06-28 14:12:38
Restore point made on: 2013-07-03 17:13:35
Restore point made on: 2013-07-07 10:03:20
Restore point made on: 2013-07-11 07:44:36
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 4061.98 MB
Available physical RAM: 3488.45 MB
Total Pagefile: 3746.98 MB
Available Pagefile: 3551.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:222.42 GB) (Free:101.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.47 GB) (Free:1.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.94 GB) (Free:0.92 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 9BE9C306)
Partition 1: (Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 964 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=964 MB) - (Type=06)
LastRegBack: 2013-07-11 07:44
==================== End Of Log ============================
--- --- --- |
|
11.07.2013, 11:03
| #6 |
| /// the machine /// TB-Ausbilder | GVU-Trojaner! PC wurde gesperrt Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Kristin\...\Winlogon: [Shell] explorer.exe,C:\Users\Kristin\AppData\Roaming\cache.dat <==== ATTENTION
2013-07-11 09:30 - 2013-07-11 09:30 - 00000000 ____D C:\ProgramData\䒀ǣ䉀ǣ浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
2013-07-11 08:38 - 2013-07-11 09:30 - 00000004 ____A C:\Users\Kristin\AppData\Roaming\cache.ini
2013-07-11 07:38 - 2013-07-11 07:38 - 00000000 ____D C:\ProgramData\䒀´䉀´浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
2013-07-08 09:35 - 2013-07-08 09:35 - 00000000 ____D C:\ProgramData\䒀Î䉀Î浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
2013-07-03 17:10 - 2013-07-03 17:10 - 00000000 ____D C:\ProgramData\䒀Ñ䉀Ñ浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
2013-06-29 14:00 - 2013-06-29 14:00 - 00000000 ____D C:\ProgramData\䒀œ䉀œ浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
2013-06-13 16:03 - 2013-06-13 16:03 - 00000000 ____D C:\ProgramData\䒀»䉀»浡䘠汩獥䵜䅣敦敓畣楲祴匠慣屮⸳⸰ㄳ尸瑦潣普杩椮楮
C:\ProgramData\nvModes.dat
C:\Users\Kristin\AppData\Roaming\cache.dat
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. neu booten, freuen 
__________________ --> GVU-Trojaner! PC wurde gesperrt |
|
11.07.2013, 16:30
| #7 |
| | GVU-Trojaner! PC wurde gesperrtCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-07-2013 04
Ran by SYSTEM at 2013-07-11 17:28:40 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
HKU\Kristin\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
"C:\ProgramData\?????????????????????????????" => Could not move.
C:\Users\Kristin\AppData\Roaming\cache.ini => Moved successfully.
"C:\ProgramData\?´?´?????????????????????????" => Could not move.
"C:\ProgramData\?Î?Î?????????????????????????" => Could not move.
"C:\ProgramData\?Ñ?Ñ?????????????????????????" => Could not move.
"C:\ProgramData\?œ?œ?????????????????????????" => File/Directory not found.
"C:\ProgramData\?»?»?????????????????????????" => Could not move.
C:\ProgramData\nvModes.dat => Moved successfully.
C:\Users\Kristin\AppData\Roaming\cache.dat => Moved successfully.
==== End of Fixlog ====
ist der trojaner jetzt ganz weg??? viele grüße |
|
11.07.2013, 19:13
| #8 |
| /// the machine /// TB-Ausbilder | GVU-Trojaner! PC wurde gesperrt Kontrollscans im normalen Windows Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu GVU-Trojaner! PC wurde gesperrt |
| abgesicherte, abgesicherten, abgesicherten modus, compu, computer, funktionier, funktioniert, funktioniert nicht, geladen, gesperrt, gvu-trojaner, min, modus, pc wurde gesperrt, problem, schei, seite, troja, trojaner, versuch, versucht |
Linear-Darstellung
