GVU Trojaner, abgesicherter Modus nicht Möglich, Windows 7 (x64)

okoda · 17.11.2013, 13:58

Hallo,

seit gestern habe ich auf meinem Laptop so einen GVU Trojaner, der mir den Zugriff auf den Computer verweigert, solange ich denen nicht einen gewissen Betrag überweise.
Ich habe bereits viel zum besagten Problem in diesem Forum gelesen. Wie ich sehe ist es ein relativ weit verbreitetes Problem und ihr löst das auch sehr gut. Trotzdem habe ich mich nicht getraut einfach einer Anleitung, die für einen anderen User bestimmt war, zu folgen.
Ich bitte euch mir zu helfen wenn irgendwie möglich, weil dieser Laptop muss mich noch durchs Studium bringen

Weil ich eben soviel schon im Forum über diesen GVU Trojaner gelesen habe, denke ich dass der erste Schritt ein Scan mit Farbar's Recovery Scan Tool ist.
Was ich bisher geacht habe:

-Farbar's Recovery Scan Tool habe ich von einem anderen Rechner runtergeladen, in der 64Bit Version, auf den Stick geschmissen.
-Den Laptop getartet, F8 gedrückt, -> Computer reparieren
-Eingabeaufforderung geöffnet und mit dem Befehl "g:\frst64.exe" das Scan Tool vom USB-Stick aus geladen.
-Scan durchgeführt

Nachfolgend die Textdatei FRST.txt die dabei erstellt wurde:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013
Ran by SYSTEM on MININT-EEIGKTG on 17-11-2013 13:01:07
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company)
HKLM\...\Run: [MfeEpePcMonitor] - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-02-09] ()
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP HD Webcam [Fixed]_Monitor] - C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe [267128 2010-11-26] ()
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-03] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [IFXSPMGT] - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe [1125728 2011-01-19] (Infineon Technologies AG)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1655568 2013-07-19] (Simply Super Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ulead AutoDetector v2] - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKU\Dario\...\Run: [Google Update] - C:\Users\Dario\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-12] (Google Inc.)
HKU\Dario\...\Winlogon: [Shell] explorer.exe,C:\Users\Dario\AppData\Roaming\Other.res [98304 2013-08-28] () <==== ATTENTION 
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\Users\Dario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) =================

S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-11] (DigitalPersona, Inc.)
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company)
S3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P)
S2 HPDayStarterService; C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-27] (Hewlett-Packard Company)
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company)
S2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-19] (Infineon Technologies AG)
S2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-19] (Infineon Technologies AG)
S2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
S2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [46192 2011-06-14] (National Instruments Corporation)
S2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [56952 2011-06-14] (National Instruments Corporation)
S2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [12696 2011-06-14] (National Instruments Corporation)
S2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [50336 2011-11-16] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [68256 2011-11-16] (National Instruments Corporation)
S2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [362104 2011-06-14] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
S2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [194224 2011-06-01] (National Instruments Corporation)
S2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [121032 2011-11-30] (National Instruments Corporation)
S2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [50328 2011-11-16] (National Instruments Corporation)
S2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [676528 2011-10-23] (National Instruments Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] ()
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
S2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-19] (Infineon Technologies AG)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S2 uArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-10] (ArcSoft, Inc.)
S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)

==================== Drivers (Whitelisted) ====================

S3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-10] (ArcSoft, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-06] (Hewlett-Packard Company)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-29] (DT Soft Ltd)
S3 hhdspmc64; C:\Windows\System32\DRIVERS\hhdspmc64.sys [39472 2010-10-13] (HHD Software Ltd.)
S0 johci; C:\Windows\System32\DRIVERS\johci.sys [26712 2011-01-18] (JMicron Technology Corp.)
S0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-25] (Infineon Technologies AG)
S3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
S3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
S3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
S3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
S3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2611704 2011-01-12] (Sunplus Technology)
S2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-10-31] (VMware, Inc.)
S0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-17 13:01 - 2013-11-17 13:01 - 00000000 ____D C:\FRST
2013-11-15 01:28 - 2013-11-15 01:29 - 03785846 _____ C:\Users\Dario\Downloads\Folien IPSec.pptx
2013-11-14 23:49 - 2013-11-14 23:49 - 02213459 _____ C:\Users\Dario\Downloads\Folien Firewall.pptx
2013-11-14 23:49 - 2013-11-14 23:49 - 01008744 _____ C:\Users\Dario\Downloads\Layer-2 Security (1).pptx
2013-11-14 23:12 - 2013-11-14 23:12 - 01008744 _____ C:\Users\Dario\Downloads\Layer-2 Security.pptx
2013-11-13 16:20 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-13 16:20 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-13 16:20 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-13 16:20 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-13 16:20 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-13 16:20 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-13 16:20 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-13 16:20 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-13 16:20 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-13 16:20 - 2013-10-12 00:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-13 16:20 - 2013-10-12 00:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-13 16:20 - 2013-10-12 00:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-13 16:20 - 2013-10-12 00:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-13 16:20 - 2013-10-12 00:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-13 16:20 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 16:20 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 16:20 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 16:20 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 16:20 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 16:20 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 16:20 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 16:20 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 16:20 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 16:20 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 16:20 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 16:20 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 16:20 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 16:20 - 2013-10-11 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-13 16:20 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 16:20 - 2013-10-11 21:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-13 16:20 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 15:21 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-13 15:21 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 15:20 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 15:20 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-13 15:20 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-13 15:20 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 15:20 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 15:20 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 15:20 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-13 15:19 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-13 15:19 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-13 15:19 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 15:19 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 15:19 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 15:19 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-13 15:19 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 15:19 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-13 15:19 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-13 15:19 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-13 15:19 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-13 15:19 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-13 15:19 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-13 15:19 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-13 15:19 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-13 15:19 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 15:19 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 15:19 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 15:19 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 15:19 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-13 15:19 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-12 06:53 - 2013-11-12 06:53 - 00000122 _____ C:\Users\Dario\Documents\Savognin.txt
2013-11-12 06:48 - 2013-11-12 06:48 - 02654216 _____ () C:\Users\Dario\Downloads\SwisscomWlanMagicButton.exe
2013-11-12 06:38 - 2013-11-12 06:38 - 00249856 _____ (Nicomsoft Ltd.) C:\Windows\SysWOW64\wifiman.dll
2013-11-12 06:38 - 2013-11-12 06:38 - 00000000 ____D C:\ProgramData\mquadr.at
2013-11-08 04:49 - 2013-11-08 04:49 - 00003581 _____ C:\Users\Dario\Desktop\conf deny router.txt
2013-11-08 04:49 - 2013-11-08 04:49 - 00003328 _____ C:\Users\Dario\Desktop\conf deny switch.txt
2013-11-08 04:32 - 2013-11-08 04:32 - 00000000 ____D C:\Users\Dario\Documents\BA
2013-11-08 02:03 - 2013-11-08 02:03 - 06673100 _____ C:\Users\Dario\Downloads\GV 2013 (1).pptx
2013-11-07 07:42 - 2013-11-07 07:42 - 00003753 _____ C:\Users\Dario\Desktop\exercise ipc.txt
2013-11-03 23:12 - 2013-11-03 23:12 - 00005102 _____ C:\Users\Dario\Desktop\Kundennutzen.odt
2013-10-24 03:49 - 2013-10-24 03:49 - 00007654 _____ C:\Users\Dario\Documents\FEEDBACKFRAGEN 24_10_13.odt
2013-10-23 01:47 - 2013-10-23 01:47 - 00011364 _____ C:\Users\Dario\Documents\BIM_Patente.xlsx
2013-10-20 06:48 - 2013-11-16 13:06 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified Files and Folders =======

2013-11-17 13:01 - 2013-11-17 13:01 - 00000000 ____D C:\FRST
2013-11-17 03:52 - 2013-02-18 23:34 - 00000000 ____D C:\ProgramData\VMware
2013-11-17 03:52 - 2012-08-12 10:25 - 00000000 ____D C:\ProgramData\PDFC
2013-11-17 03:52 - 2012-08-12 10:25 - 00000000 ____D C:\ProgramData\HPQLOG
2013-11-17 03:52 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-17 03:52 - 2009-07-13 20:51 - 00066441 _____ C:\Windows\setupact.log
2013-11-17 03:14 - 2012-09-02 13:53 - 00000000 ___RD C:\Users\Dario\Dropbox
2013-11-17 03:14 - 2012-09-02 13:51 - 00000000 ____D C:\Users\Dario\AppData\Roaming\Dropbox
2013-11-17 01:48 - 2012-08-12 10:40 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835272747-1468128314-2163135394-1000UA.job
2013-11-17 01:48 - 2012-08-12 03:40 - 02001621 _____ C:\Windows\WindowsUpdate.log
2013-11-17 01:48 - 2009-07-13 20:45 - 00010112 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-17 01:48 - 2009-07-13 20:45 - 00010112 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-17 01:47 - 2009-08-29 21:25 - 00700044 _____ C:\Windows\System32\perfh007.dat
2013-11-17 01:47 - 2009-08-29 21:25 - 00149576 _____ C:\Windows\System32\perfc007.dat
2013-11-17 01:47 - 2009-07-13 21:13 - 01622314 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-16 19:27 - 2012-12-05 06:45 - 00000000 ____D C:\Users\Dario\AppData\Local\TSVNCache
2013-11-16 19:22 - 2012-11-28 03:47 - 00000000 ____D C:\Users\Dario\AppData\Local\CrashDumps
2013-11-16 13:06 - 2013-10-20 06:48 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-16 13:06 - 2013-09-23 12:06 - 00001929 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-15 04:21 - 2012-08-12 10:40 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835272747-1468128314-2163135394-1000Core.job
2013-11-15 01:29 - 2013-11-15 01:28 - 03785846 _____ C:\Users\Dario\Downloads\Folien IPSec.pptx
2013-11-14 23:49 - 2013-11-14 23:49 - 02213459 _____ C:\Users\Dario\Downloads\Folien Firewall.pptx
2013-11-14 23:49 - 2013-11-14 23:49 - 01008744 _____ C:\Users\Dario\Downloads\Layer-2 Security (1).pptx
2013-11-14 23:12 - 2013-11-14 23:12 - 01008744 _____ C:\Users\Dario\Downloads\Layer-2 Security.pptx
2013-11-14 11:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 10:14 - 2013-01-30 14:20 - 00000000 _____ C:\END
2013-11-13 02:41 - 2012-11-22 02:20 - 00000000 ____D C:\Users\Dario\AppData\Roaming\SoftGrid Client
2013-11-12 06:53 - 2013-11-12 06:53 - 00000122 _____ C:\Users\Dario\Documents\Savognin.txt
2013-11-12 06:48 - 2013-11-12 06:48 - 02654216 _____ () C:\Users\Dario\Downloads\SwisscomWlanMagicButton.exe
2013-11-12 06:38 - 2013-11-12 06:38 - 00249856 _____ (Nicomsoft Ltd.) C:\Windows\SysWOW64\wifiman.dll
2013-11-12 06:38 - 2013-11-12 06:38 - 00000000 ____D C:\ProgramData\mquadr.at
2013-11-08 04:49 - 2013-11-08 04:49 - 00003581 _____ C:\Users\Dario\Desktop\conf deny router.txt
2013-11-08 04:49 - 2013-11-08 04:49 - 00003328 _____ C:\Users\Dario\Desktop\conf deny switch.txt
2013-11-08 04:32 - 2013-11-08 04:32 - 00000000 ____D C:\Users\Dario\Documents\BA
2013-11-08 02:03 - 2013-11-08 02:03 - 06673100 _____ C:\Users\Dario\Downloads\GV 2013 (1).pptx
2013-11-07 07:42 - 2013-11-07 07:42 - 00003753 _____ C:\Users\Dario\Desktop\exercise ipc.txt
2013-11-07 04:40 - 2013-02-18 23:46 - 00000000 ____D C:\Users\Dario\AppData\Local\VMware
2013-11-07 04:25 - 2013-02-18 23:45 - 00000000 ____D C:\Users\Dario\AppData\Roaming\VMware
2013-11-05 07:00 - 2012-09-02 13:53 - 00001017 _____ C:\Users\Dario\Desktop\Dropbox.lnk
2013-11-03 23:12 - 2013-11-03 23:12 - 00005102 _____ C:\Users\Dario\Desktop\Kundennutzen.odt
2013-10-24 03:49 - 2013-10-24 03:49 - 00007654 _____ C:\Users\Dario\Documents\FEEDBACKFRAGEN 24_10_13.odt
2013-10-23 01:47 - 2013-10-23 01:47 - 00011364 _____ C:\Users\Dario\Documents\BIM_Patente.xlsx
2013-10-21 02:54 - 2012-11-22 04:12 - 00000000 ____D C:\Users\Dario\Documents\Vortsand sitzungen
2013-10-18 19:06 - 2013-10-17 09:11 - 00000000 ____D C:\Users\Dario\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\Dario\AppData\Local\Temp\0ObYc4W.exe
C:\Users\Dario\AppData\Local\Temp\0ObYc4W0.exe
C:\Users\Dario\AppData\Local\Temp\DIFxAPI.dll
C:\Users\Dario\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Dario\AppData\Local\Temp\MyClaroTB.exe
C:\Users\Dario\AppData\Local\Temp\npp.6.5.Installer.exe
C:\Users\Dario\AppData\Local\Temp\setupa2.exe
C:\Users\Dario\AppData\Local\Temp\SetupAC.exe
C:\Users\Dario\AppData\Local\Temp\somoto-master.exe
C:\Users\Dario\AppData\Local\Temp\tbedrs.dll
C:\Users\Dario\AppData\Local\Temp\tbuTor.dll
C:\Users\Dario\AppData\Local\Temp\uninst1.exe
C:\Users\Dario\AppData\Local\Temp\wajam_install.exe
C:\Users\Dario\AppData\Local\Temp\xmlUpdater.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

8
Restore point made on: 2013-10-15 11:01:42
Restore point made on: 2013-10-22 01:10:30
Restore point made on: 2013-10-29 16:11:38
Restore point made on: 2013-11-01 17:54:45
Restore point made on: 2013-11-05 03:40:26
Restore point made on: 2013-11-12 14:25:00
Restore point made on: 2013-11-13 01:29:36
Restore point made on: 2013-11-13 16:19:19

==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 8142.36 MB
Available physical RAM: 7229.93 MB
Total Pagefile: 8140.51 MB
Available Pagefile: 7232 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:460.65 GB) (Free:279.99 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:4.99 GB) (Free:4.98 GB) FAT32
Drive g: (USB DISK) (Removable) (Total:14.43 GB) (Free:9.47 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 51AFD21D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=461 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14 GB) - (Type=0C)


LastRegBack: 2013-11-10 03:53

==================== End Of Log ============================

Hoffentlich habe ich soweit alles richtig gemacht. Danke im Voraus für eure Hilfe

GVU Trojaner, abgesicherter Modus nicht Möglich, Windows 7 (x64)

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner, abgesicherter Modus nicht Möglich, Windows 7 (x64)

GVU Trojaner, abgesicherter Modus nicht Möglich, Windows 7 (x64)

Ähnliche Themen: GVU Trojaner, abgesicherter Modus nicht Möglich, Windows 7 (x64)