| |
| |||||||
Log-Analyse und Auswertung: Windows 7 : GVU, BundespolizeitrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.08.2013, 20:57
| #1 |
| |  Windows 7 : GVU, Bundespolizeitrojaner Hallo, Habe mir den Farbar Recovery Scan Tool geladen und alles nach anweisung gemacht. Hier die Logfile Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-08-2013 01
Ran by SYSTEM on 13-08-2013 21:28:31
Running from G:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-15] ()
HKLM\...\Run: [snp2uvc] - C:\windows\vsnp2uvc.exe [x]
HKLM\...\Run: [PLFSetL] - C:\windows\PLFSetL.exe [x]
HKLM\...\Run: [VeriFaceManager] - C:\Program Files\Lenovo\VeriFace\PManage.exe [x]
HKLM\...\Run: [UpdateP2GShortCut] - C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [WinampAgent] - "C:\Program Files\Winamp\winampa.exe" [x]
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [111928 2010-10-13] (SweetIM Technologies Ltd.)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-04-26] (Apple Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [887976 2011-08-23] (Ask)
HKLM\...\Run: [DATAMNGR] - C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE [1681472 2012-11-22] (Bandoo Media Inc)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-02] (Sun Microsystems, Inc.)
HKU\Blub\...\Policies\system: [LogonHoursAction] 2
HKU\Blub\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Marie\...\Run: [EA Core] - C:\Program Files\Electronic Arts\EADM\Core.exe [ 2009-03-28] (Electronic Arts)
HKU\Marie\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-09-12] (Microsoft Corporation)
HKU\Marie\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [ 2011-01-20] (DT Soft Ltd)
HKU\Marie\...\Run: [Google Update] - C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-04-30] (Google Inc.)
HKU\Marie\...\Run: [Facebook Update] - C:\Users\Marie\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-07-13] (Facebook Inc.)
HKU\Marie\...\Run: [Clownfish] - [x]
HKU\Marie\...\Run: [Spotify Web Helper] - C:\Users\Marie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [ 2013-07-04] (Spotify Ltd)
HKU\Marie\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [ 2013-05-29] (Sony)
HKU\Marie\...\Run: [GoogleChromeAutoLaunch_D555174A98A2F0684F8075DBE0BF0C0E] - C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe [ 2013-07-24] (Google Inc.)
HKU\Marie\...\Run: [Spotify] - C:\Users\Marie\AppData\Roaming\Spotify\spotify.exe [ 2013-07-04] (Spotify Ltd)
HKU\Marie\...\Run: [spotimote] - C:\Program Files\spotimote\spotimote.exe [ 2013-06-03] ()
HKU\Marie\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-20] (Skype Technologies S.A.)
HKU\Marie\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Marie\AppData\Local\Temp\kapukwiddagsolbmy.exe [ 2013-08-13] (Valve Corporation) <===== ATTENTION
HKU\Marie\...\Policies\system: [LogonHoursAction] 2
HKU\Marie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Marie\...\Command Processor: "C:\Users\Marie\AppData\Local\Temp\kapukwiddagsolbmy.exe" <===== ATTENTION!
Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
========================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [247608 2010-11-21] ()
S2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [66872 2011-07-18] ()
S2 PnkBstrB; C:\windows\system32\PnkBstrB.exe [103736 2011-07-18] ()
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
==================== Drivers (Whitelisted) ====================
S2 ACEDRV05; C:\windows\system32\drivers\ACEDRV05.sys [97792 2010-09-25] (Protect Software GmbH)
S3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-31] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-31] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-31] (Avira Operations GmbH & Co. KG)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-04-15] (DT Soft Ltd)
S1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [54800 2010-03-03] ()
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1759616 2009-03-13] ()
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-06] (Avira GmbH)
S3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [x]
S3 LVRS; system32\DRIVERS\lvrs.sys [x]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-13 09:39 - 2013-08-13 09:39 - 00931152 _____ C:\Users\Marie\AppData\Roaming\2433f433
2013-08-13 09:39 - 2013-08-13 09:39 - 00931112 _____ C:\ProgramData\2433f433
2013-08-13 09:39 - 2013-08-13 09:39 - 00931085 _____ C:\Users\Marie\AppData\Local\2433f433
2013-08-09 07:04 - 2013-08-09 07:10 - 00000000 ____D C:\Users\Marie\Desktop\Originals
2013-08-09 06:56 - 2013-08-09 06:59 - 00000000 ____D C:\Users\Marie\Desktop\Færøer
2013-08-08 10:21 - 2013-08-08 10:21 - 00000000 ____D C:\Users\Marie\Downloads\Originals
2013-08-08 03:23 - 2013-08-08 03:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-07 12:55 - 2013-08-11 02:48 - 00000000 ____D C:\Users\Marie\Desktop\wtf
2013-07-21 13:53 - 2013-07-21 14:29 - 00000466 _____ C:\ProgramData\flcd_proxy.log
2013-07-21 13:53 - 2013-07-21 13:53 - 00001081 _____ C:\Users\Public\Desktop\Fragen-Lern-CD 4.3.lnk
2013-07-21 13:53 - 2013-07-21 13:53 - 00000000 ____D C:\Users\Marie\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.FC622282278C06838B5CD08883589F2C8AB9EEDC.1
2013-07-21 13:53 - 2013-07-21 13:53 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-07-21 13:53 - 2013-07-21 13:53 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-07-21 13:52 - 2013-07-21 13:53 - 00000000 ____D C:\Program Files\Wendel-Verlag
2013-07-21 13:52 - 2013-07-21 13:52 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
==================== One Month Modified Files and Folders =======
2013-08-13 10:55 - 2010-10-05 06:50 - 00000000 ____D C:\Users\Marie\Tracing
2013-08-13 10:54 - 2012-06-25 00:15 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Spotify
2013-08-13 10:53 - 2009-07-13 20:39 - 00327734 _____ C:\Windows\setupact.log
2013-08-13 10:36 - 2010-03-03 05:01 - 01452368 _____ C:\Windows\WindowsUpdate.log
2013-08-13 09:39 - 2013-08-13 09:39 - 00931152 _____ C:\Users\Marie\AppData\Roaming\2433f433
2013-08-13 09:39 - 2013-08-13 09:39 - 00931112 _____ C:\ProgramData\2433f433
2013-08-13 09:39 - 2013-08-13 09:39 - 00931085 _____ C:\Users\Marie\AppData\Local\2433f433
2013-08-13 09:14 - 2010-07-28 03:43 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Skype
2013-08-13 02:03 - 2009-07-13 20:34 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-13 02:03 - 2009-07-13 20:34 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-13 01:57 - 2010-10-05 04:59 - 00000000 ____D C:\Users\Marie\AppData\Local\Windows Live
2013-08-13 01:56 - 2012-11-13 10:49 - 00000000 ___RD C:\Users\Marie\Dropbox
2013-08-13 01:56 - 2012-11-13 10:48 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Dropbox
2013-08-12 02:09 - 2012-05-25 13:38 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-08-12 02:09 - 2011-12-06 14:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-08-12 02:03 - 2010-07-26 22:53 - 00000000 ____D C:\Users\Marie\AppData\Local\Adobe
2013-08-11 19:00 - 2013-02-03 08:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-11 02:48 - 2013-08-07 12:55 - 00000000 ____D C:\Users\Marie\Desktop\wtf
2013-08-10 05:02 - 2012-06-25 00:20 - 00000000 ____D C:\Users\Marie\AppData\Local\Spotify
2013-08-10 02:25 - 2010-01-18 09:03 - 01629916 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-09 07:10 - 2013-08-09 07:04 - 00000000 ____D C:\Users\Marie\Desktop\Originals
2013-08-09 07:01 - 2013-06-04 22:18 - 00047104 ____H C:\Users\Marie\Desktop\photothumb.db
2013-08-09 07:01 - 2011-07-23 13:10 - 00056320 ____H C:\Users\Marie\Downloads\photothumb.db
2013-08-09 06:59 - 2013-08-09 06:56 - 00000000 ____D C:\Users\Marie\Desktop\Færøer
2013-08-08 10:21 - 2013-08-08 10:21 - 00000000 ____D C:\Users\Marie\Downloads\Originals
2013-08-08 10:20 - 2013-07-02 03:10 - 00000000 ____D C:\Users\Marie\Desktop\kk
2013-08-08 08:56 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-08-08 07:50 - 2013-06-23 05:02 - 00000000 ____D C:\Users\Marie\AppData\Roaming\spotimote
2013-08-08 03:23 - 2013-08-08 03:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-07 13:00 - 2012-09-06 12:03 - 00000000 ____D C:\Users\Marie\Desktop\nice
2013-08-04 14:10 - 2012-08-29 04:37 - 00000000 ____D C:\Users\Marie\Documents\historier
2013-07-21 14:29 - 2013-07-21 13:53 - 00000466 _____ C:\ProgramData\flcd_proxy.log
2013-07-21 13:53 - 2013-07-21 13:53 - 00001081 _____ C:\Users\Public\Desktop\Fragen-Lern-CD 4.3.lnk
2013-07-21 13:53 - 2013-07-21 13:53 - 00000000 ____D C:\Users\Marie\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.FC622282278C06838B5CD08883589F2C8AB9EEDC.1
2013-07-21 13:53 - 2013-07-21 13:53 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-07-21 13:53 - 2013-07-21 13:53 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-07-21 13:53 - 2013-07-21 13:52 - 00000000 ____D C:\Program Files\Wendel-Verlag
2013-07-21 13:53 - 2010-01-18 09:13 - 00000000 ____D C:\ProgramData\Adobe
2013-07-21 13:53 - 2010-01-18 09:13 - 00000000 ____D C:\Program Files\Adobe
2013-07-21 13:52 - 2013-07-21 13:52 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-07-21 13:51 - 2010-07-26 07:41 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Adobe
2013-07-16 11:11 - 2010-01-18 08:54 - 00223484 _____ C:\Windows\DPINST.LOG
Files to move or delete:
====================
C:\Users\Marie\AppData\Local\Temp\kapukwiddagsolbmy.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-07-13 14:28:44
Restore point made on: 2013-07-14 15:24:56
Restore point made on: 2013-07-16 11:09:52
Restore point made on: 2013-07-19 10:57:32
Restore point made on: 2013-07-21 14:51:58
Restore point made on: 2013-07-23 15:15:49
Restore point made on: 2013-08-04 14:27:36
Restore point made on: 2013-08-06 19:13:33
Restore point made on: 2013-08-06 23:51:12
Restore point made on: 2013-08-07 01:09:18
Restore point made on: 2013-08-07 13:15:13
Restore point made on: 2013-08-09 06:58:10
Restore point made on: 2013-08-11 19:05:45
Restore point made on: 2013-08-12 14:41:22
Restore point made on: 2013-08-13 09:40:32
==================== Memory info ===========================
Percentage of memory in use: 22%
Total physical RAM: 2008.6 MB
Available physical RAM: 1555.54 MB
Total Pagefile: 2008.6 MB
Available Pagefile: 1572.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:252.89 GB) (Free:79.67 GB) NTFS
Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:29.54 GB) NTFS
Drive g: (GRÜNBERG) (Removable) (Total:3.75 GB) (Free:3.73 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: BEC90B8D)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=253 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 1946827B)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-08-12 07:32
==================== End Of Log ============================
|
|
13.08.2013, 21:03
| #2 |
| /// Malware-holic   | Windows 7 : GVU, Bundespolizeitrojaner Hi,
__________________1. Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Marie\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Marie\AppData\Local\Temp\kapukwiddagsolbmy.exe [ 2013-08-13] (Valve Corporation) <===== ATTENTION
HKU\Marie\...\Command Processor: "C:\Users\Marie\AppData\Local\Temp\kapukwiddagsolbmy.exe" <===== ATTENTION!
C:\Users\Marie\AppData\Local\Temp\kapukwiddagsolbmy.exe
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. solltest du normal starten können: 2. Navigiere bitte zu: C:\FRST\Quarantine Rechtsklick, mit Winrar oder einem anderen Archvierer packen und im Uploadchannel hochladen. Trojaner-Board Upload Channel Empfehlungen fürs Deinstallieren Bitte kopiere die Liste der installierten Programme aus der additions.txt hier in deinen Thread. Notiere mir bitte hinter jede Zeile, ob folgendes Kategorie zutrifft: Unbekannt, Nötig, Unnötig
__________________ |
|
13.08.2013, 21:35
| #3 |
| | Windows 7 : GVU, BundespolizeitrojanerCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-08-2013 01
Ran by SYSTEM at 2013-08-13 22:12:45 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
HKU\Marie\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Marie\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Marie\AppData\Local\Temp\kapukwiddagsolbmy.exe => Moved successfully.
==== End of Fixlog ====
Empfehlungen fürs Deinstallieren Bitte kopiere die Liste der installierten Programme aus der additions.txt hier in deinen Thread. Notiere mir bitte hinter jede Zeile, ob folgendes Kategorie zutrifft: Unbekannt, Nötig, Unnötig Aber vielen dank für die schnelle und gute hilfe |
|
15.08.2013, 13:23
| #4 |
| /// Malware-holic | Windows 7 : GVU, Bundespolizeitrojaner sorry, hatte zuviel kopiert. Es sind 2 Logs zu erstellen, möglichst gleichzeitig posten. 1. Scan mit Combofix
2. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Windows 7 : GVU, Bundespolizeitrojaner |
| acedrv05.sys, adobe, antivir, association, avg, avira, bandoo, desktop, explorer, explorer.exe, farbar, farbar recovery scan tool, frage, google, home, icq, microsoft, mozilla, opera, registry, router, scan, security, services.exe, software, spotify web helper, svchost.exe, system, temp, windows, winlogon.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
