Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win Vista: GVU Trojaner

Win Vista: GVU Trojaner


Log-Analyse und Auswertung: Win Vista: GVU Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 29.10.2013, 17:02   #1
JANTOR
 
Win Vista: GVU Trojaner - Standard

Win Vista: GVU Trojaner


Hallo an die Expertenrunde

Ich versuche gerade einen Rechner zu retten der mit dem GVU/Europol/BSI Trojaner befahlen ist.
Ich habe mich hier schon etwas belesen und mithilfe einer Live CD und Farbars Recovery Scan Tool eine FRST.txt erstellt.

Ich hoffe auf eure Unterstützung

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by SYSTEM on MININT-BF89ADA on 29-10-2013 15:45:16
Running from H:\
Windows Vista (TM) Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NWEReboot] - [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [TPwrMain] - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [topi] - C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [Seagate Dashboard] - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2010-04-30] ()
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [NeroCheck] - C:\Windows\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [Memeo Send] - C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe [236816 2009-11-05] ()
HKLM\...\Run: [Memeo Instant Backup] - C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-01-24] (Memeo Inc.)
HKLM\...\Run: [Memeo AutoSync] - C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe [144608 2010-04-16] (Memeo Inc.)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1442888 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [ITSecMng] - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-28] ( TOSHIBA CORPORATION)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1406024 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\Toshiba\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] - C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-01-25] (TOSHIBA Corporation.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [Desktop SMS] - C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-09-24] (APN)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Flo\...\Run: [] - [x]
HKU\Flo\...\Run: [Google Update] - [x]
HKU\Flo\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Flo\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-24] (Google Inc.)
HKU\Flo\...\Run: [NTRedirect] - C:\Windows\system32\rundll32.exe  "C:\Users\Flo\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
HKU\Flo\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [ 2012-05-16] (Nokia)
HKU\Flo\...\Run: [ISUSPM] - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
HKU\Flo\...\Run: [ICQ] - "C:\Program Files\ICQ6.5\ICQ.exe" silent
HKU\Flo\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Flo\...\Policies\system: [LogonHoursAction] 2
HKU\Flo\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll  [ 2013-10-08] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wd78h8.lnk
ShortcutTarget: wd78h8.lnk -> C:\PROGRA~2\8h87dw.plz ()

========================== Services (Whitelisted) =================

S4 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-09-24] (APN LLC.)
S2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3032032 2013-10-08] ()
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1836544 2008-02-15] (Google)
S2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-01-24] (Memeo)
S2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International)
S2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-04-30] (Memeo)
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~2\8h87dw.plz [184320 2013-10-09] ()
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{cdd80180-a874-a155-79d3-32d208873e25}\   \...\???\{cdd80180-a874-a155-79d3-32d208873e25}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-10] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-10] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.)
S3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [25160 2007-08-07] (Elaborate Bytes AG)
S0 PzWDM; C:\Windows\System32\Drivers\PzWDM.sys [15172 2009-04-11] (Prassi Technology)
S3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-15] (Avira GmbH)
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 efipsk; \??\C:\Users\Flo\AppData\Local\Temp\efipsk.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 xMrMINI; system32\DRIVERS\xMrMini.sys [x]
S3 xVGAMINI; system32\DRIVERS\xVgaMini.sys [x]
S3 xVGAUSB; system32\drivers\xvgausb.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-29 15:45 - 2013-10-29 15:45 - 00000000 ____D C:\FRST
2013-10-10 15:46 - 2013-10-10 15:46 - 100267706 _____ C:\Windows\System32\摒᯽ᰴ˜
2013-10-09 16:09 - 2013-10-21 21:10 - 00000000 ____D C:\Windows\pss
2013-10-09 15:29 - 2013-10-21 21:34 - 95025368 ____T C:\ProgramData\wd78h8.pff
2013-10-09 15:29 - 2013-10-21 21:34 - 00000000 _____ C:\ProgramData\wd78h8.ctrl
2013-10-09 15:29 - 2013-10-09 15:31 - 00000004 _____ C:\Users\Flo\AppData\Roaming\cache.ini
2013-10-09 15:29 - 2013-10-09 15:29 - 00184320 _____ C:\ProgramData\8h87dw.plz
2013-10-09 14:59 - 2013-10-09 15:12 - 00000000 ____D C:\Users\Flo\Desktop\Luminox
2013-10-03 21:32 - 2013-10-09 15:00 - 100146679 _____ C:\Windows\System32\꘦㝋ᰴ¢
2013-10-02 14:29 - 2013-07-31 11:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-02 14:29 - 2013-07-31 11:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-02 14:29 - 2013-07-31 11:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-02 14:29 - 2013-07-31 10:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-02 14:29 - 2013-07-31 10:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-10-02 14:29 - 2013-07-31 10:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-02 14:29 - 2013-07-31 10:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-10-02 14:29 - 2013-07-31 10:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-02 14:29 - 2013-07-31 10:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-02 14:29 - 2013-07-31 10:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-10-02 14:29 - 2013-07-31 10:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-10-02 14:29 - 2013-07-31 10:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-02 14:29 - 2013-07-31 10:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-02 14:29 - 2013-07-31 10:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-02 14:29 - 2013-07-31 10:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-10-02 14:29 - 2013-07-31 10:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-02 14:03 - 2013-10-02 14:10 - 00000000 ____D C:\Windows\System32\MRT
2013-09-30 21:32 - 2013-09-30 21:32 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Avira
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-09-30 21:06 - 2013-09-30 21:06 - 00000000 ____D C:\ProgramData\APN
2013-09-30 21:05 - 2013-10-21 20:33 - 00001852 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-30 21:04 - 2013-10-10 18:14 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-09-30 21:04 - 2013-10-10 18:14 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-09-30 21:04 - 2013-10-10 18:14 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-09-30 21:04 - 2013-08-15 10:26 - 00028520 _____ (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-09-30 21:03 - 2013-10-21 19:54 - 00000000 ____D C:\ProgramData\Avira
2013-09-30 21:03 - 2013-09-30 21:03 - 00000000 ____D C:\Program Files\Avira
2013-09-29 20:47 - 2013-09-29 20:47 - 00000000 ____D C:\Users\Flo\AppData\Roaming\File Scout

==================== One Month Modified Files and Folders =======

2013-10-29 15:45 - 2013-10-29 15:45 - 00000000 ____D C:\FRST
2013-10-21 21:34 - 2013-10-09 15:29 - 95025368 ____T C:\ProgramData\wd78h8.pff
2013-10-21 21:34 - 2013-10-09 15:29 - 00000000 _____ C:\ProgramData\wd78h8.ctrl
2013-10-21 21:33 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-21 21:33 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-21 21:10 - 2013-10-09 16:09 - 00000000 ____D C:\Windows\pss
2013-10-21 20:37 - 2010-12-14 22:47 - 00325866 _____ C:\Windows\PFRO.log
2013-10-21 20:33 - 2013-09-30 21:05 - 00001852 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-21 19:54 - 2013-09-30 21:03 - 00000000 ____D C:\ProgramData\Avira
2013-10-21 19:14 - 2008-08-08 15:43 - 00007620 _____ C:\Users\Flo\AppData\Local\d3d9caps.dat
2013-10-21 18:50 - 2013-09-22 21:57 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-10 18:14 - 2013-09-30 21:04 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-10-10 18:14 - 2013-09-30 21:04 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-10-10 18:14 - 2013-09-30 21:04 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-10-10 15:51 - 2008-01-21 08:16 - 01444946 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-10 15:46 - 2013-10-10 15:46 - 100267706 _____ C:\Windows\System32\摒᯽ᰴ˜
2013-10-10 14:58 - 2011-03-01 22:04 - 00001027 _____ C:\Users\Flo\Desktop\Seagate Dashboard.lnk
2013-10-10 14:56 - 2008-08-05 18:55 - 00068096 _____ C:\Users\Flo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-09 16:09 - 2008-08-22 18:34 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-10-09 15:31 - 2013-10-09 15:29 - 00000004 _____ C:\Users\Flo\AppData\Roaming\cache.ini
2013-10-09 15:29 - 2013-10-09 15:29 - 00184320 _____ C:\ProgramData\8h87dw.plz
2013-10-09 15:29 - 2008-02-15 18:04 - 00000000 ____D C:\Program Files\Google
2013-10-09 15:28 - 2008-08-04 16:28 - 00000000 ____D C:\Users\Flo\AppData\Local\Google
2013-10-09 15:12 - 2013-10-09 14:59 - 00000000 ____D C:\Users\Flo\Desktop\Luminox
2013-10-09 15:00 - 2013-10-03 21:32 - 100146679 _____ C:\Windows\System32\꘦㝋ᰴ¢
2013-10-09 15:00 - 2008-08-24 19:41 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Skype
2013-10-05 21:55 - 2008-08-04 16:05 - 01796984 _____ C:\Windows\WindowsUpdate.log
2013-10-02 16:24 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-02 16:14 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-10-02 15:56 - 2006-11-02 13:47 - 00460752 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-02 15:52 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-10-02 15:52 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-10-02 15:52 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-10-02 14:44 - 2008-02-26 14:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-02 14:10 - 2013-10-02 14:03 - 00000000 ____D C:\Windows\System32\MRT
2013-09-30 21:32 - 2013-09-30 21:32 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Avira
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-30 21:07 - 2013-09-30 21:07 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-09-30 21:06 - 2013-09-30 21:06 - 00000000 ____D C:\ProgramData\APN
2013-09-30 21:03 - 2013-09-30 21:03 - 00000000 ____D C:\Program Files\Avira
2013-09-30 19:58 - 2013-03-17 15:27 - 00000000 ____D C:\Users\Flo\Documents\Kontoauszüge
2013-09-29 20:47 - 2013-09-29 20:47 - 00000000 ____D C:\Users\Flo\AppData\Roaming\File Scout

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
C:\Users\Flo\AppData\Roaming\cache.ini
C:\Users\Flo\AppData\Roaming\desktop.ini
ZeroAccess:
C:\Users\Flo\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
C:\ProgramData\8h87dw.plz
C:\ProgramData\wd78h8.ctrl
C:\ProgramData\wd78h8.pff
C:\Users\Flo\AppData\Roaming\cache.dat


Some content of TEMP:
====================
C:\Users\Flo\AppData\Local\Temp\AskSLib.dll
C:\Users\Flo\AppData\Local\Temp\avgnt.exe
C:\Users\Flo\AppData\Local\Temp\DivXSetup.exe
C:\Users\Flo\AppData\Local\Temp\h-1286168718.tmp.dll
C:\Users\Flo\AppData\Local\Temp\h-1987662720.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h-218555463.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h-666281693.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h1029146361.tmp.exe
C:\Users\Flo\AppData\Local\Temp\h2053962218.tmp.exe
C:\Users\Flo\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Flo\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Flo\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Flo\AppData\Local\Temp\msimg32.dll
C:\Users\Flo\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Flo\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Flo\AppData\Local\Temp\Setup_UM_165.exe
C:\Users\Flo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Flo\AppData\Local\Temp\vc8redist.exe
C:\Users\Flo\AppData\Local\Temp\~tmf3780541788549246657.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

4
Restore point made on: 2013-10-02 13:27:47
Restore point made on: 2013-10-02 13:57:51
Restore point made on: 2013-10-05 21:53:50
Restore point made on: 2013-10-09 15:30:30

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 4094.43 MB
Available physical RAM: 3561.68 MB
Total Pagefile: 4092.71 MB
Available Pagefile: 3575.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.08 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:117.54 GB) (Free:7.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:232.89 GB) (Free:62.93 GB) NTFS
Drive e: (Data) (Fixed) (Total:113.88 GB) (Free:108.71 GB) NTFS
Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS
Drive g: (KB3OPK_DE) (CDROM) (Total:1.87 GB) (Free:0 GB) UDF
Drive h: (Transcend) (Removable) (Total:7.35 GB) (Free:7.33 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 22741035)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=114 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 68F4EF2A)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.


LastRegBack: 2013-10-21 21:19

==================== End Of Log ============================
__________________
___________
MfG JANTOR

 

Themen zu Win Vista: GVU Trojaner
adobe, antivir, association, avg, avira, defender, desktop, explorer, farbar recovery scan tool, farbars recovery, google, gvu - trojaner - vista - log, live cd, microsoft, opera, registry, rundll, services.exe, software, svchost.exe, system, temp, trojaner, vista, winlogon.exe, zeroaccess


« QVO6-Problem auf Windows Vista | Windows7 64bit - Seriöse Programme laden Spam herunter? »


Ähnliche Themen: Win Vista: GVU Trojaner


  1. Unter Firefox friert Vista ein - oder doch ein Vista Explorer Problem?
    Alles rund um Windows - 10.11.2015 (24)
  2. Vista x32 GVU Trojaner 2.12
    Log-Analyse und Auswertung - 12.08.2013 (7)
  3. bka trojaner 1.13 vista
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (2)
  4. GVU Trojaner 2.07 Vista
    Log-Analyse und Auswertung - 26.10.2012 (15)
  5. AKM Trojaner auf Vista
    Log-Analyse und Auswertung - 29.09.2012 (61)
  6. Win Vista BKA 1.13 Trojaner
    Log-Analyse und Auswertung - 27.09.2012 (6)
  7. BKA Trojaner 1.13 Vista
    Log-Analyse und Auswertung - 18.09.2012 (3)
  8. GVU-Trojaner mit Web-Cam auf Win Vista 32-Bit
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (8)
  9. Win Vista GVU Trojaner 2.07
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (4)
  10. Win Vista GVU Trojaner 2.07
    Mülltonne - 14.07.2012 (1)
  11. Windows Vista wieder sauber nach entfernen von Vista Recovery?
    Log-Analyse und Auswertung - 14.06.2011 (5)
  12. Vista Security Tool 2010 / Antivirus Vista und deren Verbeitung über dubiose Websites
    Plagegeister aller Art und deren Bekämpfung - 27.04.2010 (4)
  13. Trojaner bei Vista
    Plagegeister aller Art und deren Bekämpfung - 18.04.2010 (1)
  14. Trojaner auf Vista !?
    Plagegeister aller Art und deren Bekämpfung - 24.01.2009 (3)
  15. Vista 64-Bit-Edition auf DVD Alternative Windows Vista-Medien
    Alles rund um Windows - 18.04.2008 (4)
  16. Boot Manager von Vista erneuern, ohne Vista Patition zu löschen
    Alles rund um Windows - 16.01.2008 (1)
  17. Tip: Linux und Vista mit Bitlocker - Dualboot mit dem Vista Boot Manager
    Alles rund um Windows - 19.11.2007 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win Vista: GVU Trojaner - Hallo an die Expertenrunde Ich versuche gerade einen Rechner zu retten der mit dem GVU/Europol/BSI Trojaner befahlen ist. Ich habe mich hier schon etwas belesen und mithilfe einer Live CD - Win Vista: GVU Trojaner...
Archiv
Du betrachtest: Win Vista: GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131