Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Laptop Windows 8 - GVU Trojaner

Laptop Windows 8 - GVU Trojaner


Log-Analyse und Auswertung: Laptop Windows 8 - GVU Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 13.08.2013, 19:31   #1
Inka1981
 
Laptop Windows 8 - GVU Trojaner - Standard

Laptop Windows 8 - GVU Trojaner


Hallo,
ich habe mir am Sonntag (11.08.13) auf meinem Laptop mit Windows 8 (64 Bit) den GVU Trojaner eingefangen.
Beim Hochfahren kann ich mich anmelden, dann erscheint 1 Sekunde ein kleines schwarzes Fenster mit weißer Schrift und anschließend der Sperrbildschirm.
Ich habe mit FRST64 einen Scan durchlaufen lassen:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013
Ran by SYSTEM on 13-08-2013 19:43:09
Running from D:\
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] - C:\Program Files\Bitcasa\Bitcasa.exe [3952128 2012-11-26] (Bitcasa, Inc)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-14] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKU\Inka1981\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Inka1981\AppData\Local\Temp\gqapylrxagtjxlrxu.exe [59392 2013-08-10] (Valve) <===== ATTENTION
HKU\Inka1981\...\Winlogon: [Shell] cmd.exe [404992 2012-07-25] (Microsoft Corporation) <==== ATTENTION 
HKU\Inka1981\...\Command Processor: "C:\Users\Inka1981\AppData\Local\Temp\gqapylrxagtjxlrxu.exe" <===== ATTENTION!
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} -  No File

==================== Services (Whitelisted) =================

S2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-05] (Adobe Systems Incorporated)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)
S2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-29] (Samsung Electronics CO., LTD.)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-14] (Symantec Corporation)
S2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2878152 2012-12-21] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
S1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-01] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-01] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-06-01] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130809.001\IDSvia64.sys [513184 2013-05-31] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130809.001\IDSvia64.sys [513184 2013-05-31] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130809.016\ENG64.SYS [126040 2013-06-01] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130809.016\ENG64.SYS [126040 2013-06-01] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130809.016\EX64.SYS [2098776 2013-06-01] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130809.016\EX64.SYS [2098776 2013-06-01] (Symantec Corporation)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
S3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-13 09:23 - 2013-08-13 09:23 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-08-10 12:30 - 2013-08-10 12:30 - 01084773 _____ C:\Users\Inka1981\AppData\Roaming\2433f433
2013-08-10 12:30 - 2013-08-10 12:30 - 01084760 _____ C:\Users\Inka1981\AppData\Local\2433f433
2013-08-10 12:30 - 2013-08-10 12:30 - 01084711 _____ C:\ProgramData\2433f433
2013-08-10 09:02 - 2013-08-10 09:02 - 00000000 ____D C:\Users\Inka1981\Documents\Symantec
2013-07-25 10:53 - 2013-07-25 10:53 - 00000000 ____D C:\Windows\System32\MRT
2013-07-18 10:30 - 2013-07-18 10:30 - 03293656 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-16 11:53 - 2013-06-16 14:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-07-16 11:53 - 2013-06-01 03:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2013-07-16 11:53 - 2013-06-01 03:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys
2013-07-16 11:53 - 2013-06-01 03:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-07-16 11:53 - 2013-06-01 03:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-07-16 11:53 - 2013-06-01 03:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2013-07-16 11:53 - 2013-06-01 03:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS
2013-07-16 11:53 - 2013-06-01 03:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-07-16 11:53 - 2013-06-01 03:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-07-16 11:53 - 2013-06-01 02:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-07-16 11:53 - 2013-06-01 01:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-16 11:53 - 2013-06-01 01:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-07-16 11:53 - 2013-06-01 01:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-07-16 11:53 - 2013-06-01 01:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-07-16 11:53 - 2013-06-01 01:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-07-16 11:53 - 2013-06-01 01:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-07-16 11:53 - 2013-06-01 01:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\vds.exe
2013-07-16 11:53 - 2013-06-01 01:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-16 11:53 - 2013-06-01 01:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-07-16 11:53 - 2013-06-01 01:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\System32\vdsutil.dll
2013-07-16 11:53 - 2013-06-01 01:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\MbaeParserTask.exe
2013-07-16 11:53 - 2013-06-01 01:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\System32\samsrv.dll
2013-07-16 11:53 - 2013-06-01 01:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\System32\samlib.dll
2013-07-16 11:53 - 2013-06-01 01:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2013-07-16 11:53 - 2013-06-01 01:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2013-07-16 11:53 - 2013-06-01 01:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll
2013-07-16 11:53 - 2013-06-01 01:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\System32\mscms.dll
2013-07-16 11:53 - 2013-06-01 01:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-07-16 11:53 - 2013-06-01 01:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\System32\DeviceSetupManager.dll
2013-07-16 11:53 - 2013-05-31 19:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BthAvrcpTg.sys
2013-07-16 11:53 - 2013-05-24 14:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-07-16 11:53 - 2013-05-24 14:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-07-16 11:53 - 2013-05-24 14:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-07-16 11:53 - 2013-05-24 14:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-07-16 11:53 - 2013-05-19 16:08 - 00386642 _____ C:\Windows\System32\ApnDatabase.xml
2013-07-15 10:39 - 2013-06-27 14:04 - 00693112 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-15 10:39 - 2013-06-27 14:04 - 00078200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified Files and Folders =======

2013-08-13 19:42 - 2013-08-13 19:42 - 00000000 ____D C:\FRST
2013-08-13 09:32 - 2012-07-25 21:26 - 00262144 ___SH C:\Windows\System32\config\BBI
2013-08-13 09:31 - 2012-07-25 23:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-13 09:30 - 2012-08-05 13:07 - 00017986 _____ C:\Windows\PFRO.log
2013-08-13 09:29 - 2013-01-24 17:52 - 01969701 _____ C:\Windows\WindowsUpdate.log
2013-08-13 09:25 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\sru
2013-08-13 09:23 - 2013-08-13 09:23 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-08-13 09:23 - 2012-07-25 23:21 - 00024461 _____ C:\Windows\setupact.log
2013-08-10 13:24 - 2013-01-24 18:48 - 00000868 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-08-10 13:15 - 2013-01-24 19:10 - 00000360 _____ C:\Windows\Tasks\Xerox PhotoCafe Communicator.job
2013-08-10 12:30 - 2013-08-10 12:30 - 01084773 _____ C:\Users\Inka1981\AppData\Roaming\2433f433
2013-08-10 12:30 - 2013-08-10 12:30 - 01084760 _____ C:\Users\Inka1981\AppData\Local\2433f433
2013-08-10 12:30 - 2013-08-10 12:30 - 01084711 _____ C:\ProgramData\2433f433
2013-08-10 09:11 - 2013-06-01 07:06 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2669165515-361187302-876288576-1001
2013-08-10 09:02 - 2013-08-10 09:02 - 00000000 ____D C:\Users\Inka1981\Documents\Symantec
2013-08-10 09:02 - 2012-07-25 21:26 - 00262144 ___SH C:\Windows\System32\config\ELAM
2013-08-10 08:26 - 2013-01-24 18:58 - 00000000 ____D C:\ProgramData\WinClon
2013-08-07 07:03 - 2013-01-25 11:05 - 00791060 _____ C:\Windows\System32\perfh00C.dat
2013-08-07 07:03 - 2013-01-25 11:05 - 00155620 _____ C:\Windows\System32\perfc00C.dat
2013-08-07 07:03 - 2013-01-25 10:59 - 00782014 _____ C:\Windows\System32\perfh010.dat
2013-08-07 07:03 - 2013-01-25 10:59 - 00153144 _____ C:\Windows\System32\perfc010.dat
2013-08-07 07:03 - 2013-01-25 10:54 - 00754172 _____ C:\Windows\System32\perfh007.dat
2013-08-07 07:03 - 2013-01-25 10:54 - 00156362 _____ C:\Windows\System32\perfc007.dat
2013-08-07 07:03 - 2012-07-25 23:28 - 03630792 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-07 07:02 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-07-25 10:54 - 2013-07-25 10:53 - 00000000 ____D C:\Windows\System32\MRT
2013-07-18 10:30 - 2013-07-18 10:30 - 03293656 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-15 10:36 - 2012-07-25 23:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-15 10:36 - 2012-07-25 21:38 - 00000000 ____D C:\Windows\System32\oobe

Files to move or delete:
====================
C:\Users\Inka1981\AppData\Local\Temp\gqapylrxagtjxlrxu.exe
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-25 10:53:05
Restore point made on: 2013-08-04 02:51:35

==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 8083.41 MB
Available physical RAM: 7168.6 MB
Total Pagefile: 8083.42 MB
Available Pagefile: 7182.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:436.5 GB) (Free:385.13 GB) NTFS (Disk=0 Partition=4)
Drive d: () (Removable) (Total:58.98 GB) (Free:58.83 GB) NTFS (Disk=1 Partition=1)
Drive e: (SAMSUNG_REC2) (Fixed) (Total:27.36 GB) (Free:1 GB) NTFS
Drive f: (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.28 GB) FAT32 ==>[System with boot components (obtained from reading drive)]
Drive g: (CD_09_2011_09) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: C774ED6C)

Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 60 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=59 GB) - (Type=07 NTFS)


LastRegBack: 2013-08-04 02:55

==================== End Of Log ============================
Vielen Dank im voraus für die Hilfe!

Inka

 

Themen zu Laptop Windows 8 - GVU Trojaner
.dll, association, cdrom, defender, explorer, farbar, farbar recovery scan tool, ics, log, micro, microsoft, norton internet security, realtek, registry, scan, security, service.exe, services.exe, svchost.exe, symantec, system, temp, trojaner, windows, windows xp, winlogon, winlogon.exe, wlan


« Malware findet "Tarma.A" | Trojaner searchnu.com/410 entfernen »


Ähnliche Themen: Laptop Windows 8 - GVU Trojaner


  1. DHL Trojaner auf Windows 7 Laptop
    Log-Analyse und Auswertung - 04.03.2015 (17)
  2. Polizei-Trojaner sperrt Windows-XP Laptop
    Plagegeister aller Art und deren Bekämpfung - 06.02.2014 (3)
  3. GVU-Trojaner Windows 8 Sony Vaio-Laptop
    Log-Analyse und Auswertung - 29.07.2013 (23)
  4. BKA TRojaner, Windows 7 , Lenovo Laptop, 64 Bit
    Plagegeister aller Art und deren Bekämpfung - 17.07.2013 (21)
  5. GVU Trojaner auf Windows 7 Laptop
    Log-Analyse und Auswertung - 15.07.2013 (3)
  6. Problem mit GUV Trojaner 2.11 auf Windows 7 Laptop
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (19)
  7. Windows XP Laptop mit verunreinigten USB-Stick infiziert, Trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (19)
  8. Bundespolizei-Trojaner auf Windows XP Laptop
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (4)
  9. GVU Trojaner auf Laptop (Windows Vista basic)
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (8)
  10. GVU 2.07 Trojaner auf Laptop Windows Vista
    Log-Analyse und Auswertung - 26.09.2012 (12)
  11. GVU Trojaner auf Windows 7-Laptop
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (12)
  12. Trojaner Windows Update - OTL Log von meinem Laptop
    Log-Analyse und Auswertung - 06.06.2012 (6)
  13. Trojaner BankerGen2 auf Laptop mit Windows 7 gefunden
    Log-Analyse und Auswertung - 05.05.2012 (7)
  14. Trojaner auf alten Laptop mit Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 03.05.2012 (7)
  15. Bundespolizei Trojaner auf Laptop Windows 7
    Log-Analyse und Auswertung - 09.12.2011 (12)
  16. Bundespolizei Trojaner auf Laptop Windows 7
    Plagegeister aller Art und deren Bekämpfung - 07.12.2011 (2)
  17. 20 TAN Trojaner auf Laptop Windows XP
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Laptop Windows 8 - GVU Trojaner - Hallo, ich habe mir am Sonntag (11.08.13) auf meinem Laptop mit Windows 8 (64 Bit) den GVU Trojaner eingefangen. Beim Hochfahren kann ich mich anmelden, dann erscheint 1 Sekunde ein - Laptop Windows 8 - GVU Trojaner...
Archiv
Du betrachtest: Laptop Windows 8 - GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131