| |
| |||||||
Log-Analyse und Auswertung: GVU TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.07.2012, 08:03
| #1 |
| |  GVU Trojaner Hallo ich habe mir gestern abend den GVU Trojaner eingefangen. Sobald ich mich bei Windows anmelde wird er angezeigt und ich kann nichts mehr machen. Auch den Taskmanager konnte ich nicht starten. Nachdem ich den PC vom Netzwerk getrennt habe, konnte ich mich wenigstens anmelden und die gewünschten log-files erstellen. Avira hat übrigends keine Meldung gegeben. Der Trojaner öffnete sich, als ich auf einer Seite ein Video abspielen wollte. Ich weiß leider nicht mehr welche, weil ich da über einen Link auf Facebook hingekommen bin. Mein System: Win 7 Professional 32-bit (mit allen Updates) Avira free Antivirus (eigtl auch auf aktuellem Stand) Ich hoffe, dass mir jemand helfen kann, da ich den PC in den nächsten 3 Wochen wegen Prüfungen dringend benötige und gerade nicht wirklich die Zeit habe, um ihn neu zu installieren :-( Grüße, Mario Code:
ATTFilter OTL logfile created on: 04.07.2012 08:13:57 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Mario\Desktop\GVU Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 71,75% Memory free 6,49 Gb Paging File | 5,48 Gb Available in Paging File | 84,33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,64 Gb Total Space | 62,52 Gb Free Space | 64,03% Space Free | Partition Type: NTFS Drive D: | 489,64 Gb Total Space | 352,03 Gb Free Space | 71,89% Space Free | Partition Type: NTFS Drive E: | 596,16 Gb Total Space | 100,85 Gb Free Space | 16,92% Space Free | Partition Type: NTFS Computer Name: MARIO-PC | User Name: Mario | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.04 08:08:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mario\Desktop\GVU\OTL.exe PRC - [2012.05.18 01:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.05.09 07:48:55 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 07:48:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 07:48:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 07:48:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.02.29 22:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012.07.03 23:41:29 | 000,179,360 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\roper0dun.exe MOD - [2012.02.17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.06.23 14:19:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.23 08:24:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.09 07:48:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.09 07:48:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.12.12 01:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.05.09 07:48:55 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 07:48:55 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.01.17 14:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.12.12 01:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 A8 D1 9C 64 59 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 08:24:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 08:24:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.28 00:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\mozilla\Extensions [2012.07.03 23:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\8276ou77.default\extensions [2012.07.03 23:43:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\8276ou77.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.03.28 00:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.23 08:24:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.23 08:24:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.23 08:24:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.23 08:24:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 08:24:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 08:24:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 08:24:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.04.09 12:11:33 | 000,000,859 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 licensing.ultraedit.com O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB56EBDF-9DC4-4862-8B00-738AD70C1E3A}: DhcpNameServer = 192.168.0.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFFADCDF-2AED-423B-A9CC-2B4F17A6DA10}: DhcpNameServer = 193.175.141.54 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.04 08:11:55 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\GVU [2012.07.03 15:50:16 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\vlc [2012.07.03 15:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.07.03 15:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.07.03 14:40:16 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{337FE37D-C68F-4A5E-9A40-CB38E1FDC942} [2012.07.03 14:39:53 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{E32147DF-5915-49A2-BB05-76D7EE30E569} [2012.07.03 09:03:22 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\usb-stick 3.7.12 [2012.07.02 22:07:54 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{1201784C-B002-4BF5-BC5C-FDF971896161} [2012.07.02 22:07:32 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{64F5407C-5436-4E36-9418-186154EC2685} [2012.07.02 07:25:50 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{57796265-F12D-4D1D-A897-791A3F845660} [2012.07.02 07:25:28 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{9DD97705-DB17-4CE2-B222-D322CA9FCFAE} [2012.07.01 16:56:22 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{12C5CC9A-F896-4EFD-A21E-8C69DCE80FB2} [2012.07.01 16:56:00 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{3B4DE47C-F848-4E02-832F-8660F1BD4E44} [2012.07.01 15:55:55 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{C723A858-8997-4DDA-8882-84CCFA3829C9} [2012.07.01 15:55:33 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{17E156D9-C6CB-4494-A2A6-C5E1798DB71D} [2012.07.01 07:55:21 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{60974DB6-E549-4F2F-9EEE-8A6A34FFE3B0} [2012.07.01 07:54:58 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{184888EF-B4AD-4DF8-93F6-2B4CF99FFEAB} [2012.06.30 22:37:38 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{95268468-F2C8-4131-8122-E075495AF7CD} [2012.06.30 20:34:23 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{89E2A105-F8A1-4DE8-A6E8-7B46E3F7EA68} [2012.06.30 20:34:11 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{E32B4B0A-876A-4347-B074-E9DC844D8566} [2012.06.30 08:04:40 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{AE5404BC-C1EF-430F-92D2-245DC312363C} [2012.06.30 08:04:18 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{2F8C7B68-9851-48D8-B6DF-521E88FCDE7C} [2012.06.29 16:29:07 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{CDC355AA-03C6-4E45-A53F-471DA91C233F} [2012.06.29 16:28:44 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{563D0F75-EE3C-4880-8B8B-B3DFF0B5494C} [2012.06.29 00:41:41 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{AFA6D2C6-F0FA-4F4E-AEAE-37078E166E2A} [2012.06.29 00:41:18 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{9F359942-5907-41CF-9AB1-7D6FF59B65AE} [2012.06.28 12:22:30 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{77E6188C-997F-41AA-8910-DAF0DBB26FA7} [2012.06.28 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{A33CED0D-9F9A-4455-882E-C2848BF233CE} [2012.06.27 21:53:33 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{DAF173C3-F87F-48B1-9C69-9A0B8F9DBB37} [2012.06.27 21:53:10 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{A4B7263D-E786-409F-8AE2-285DED08B0BE} [2012.06.27 09:52:46 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{B3CAAA2D-E4BC-40B3-828B-F537C874756D} [2012.06.27 09:52:23 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{E4372B45-BF5B-4769-9BC0-80F989D3D499} [2012.06.27 09:06:32 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{1DF8871A-AE2E-4D87-93A3-5D31C1CFE57D} [2012.06.27 09:06:21 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{F3D6B6B8-7C53-4DAF-A8C3-ACEE61467F00} [2012.06.26 19:14:30 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{F516432B-5A1E-4363-BCDC-6D071623F17A} [2012.06.26 19:14:19 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{C55500E9-EC73-426B-BC36-B474EADFC9A4} [2012.06.25 23:31:14 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{75BF860D-5043-4627-8036-C00DC696CF14} [2012.06.25 23:30:52 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{DE90AC14-66AF-4AFE-9388-6DBFDEEC8098} [2012.06.25 11:44:07 | 000,000,000 | ---D | C] -- C:\Users\Mario\.pdfsam [2012.06.25 11:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\pdfsam [2012.06.25 11:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge [2012.06.25 09:24:32 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{882AE0DF-AF03-4AC7-9C0B-671C75E0C35D} [2012.06.25 08:46:50 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{A11F2DAB-CED9-464B-B32B-CF712334EF03} [2012.06.24 20:18:56 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{0DEAB3AA-297E-4BF4-83C8-B5E8161EE526} [2012.06.24 20:18:45 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{C5EB4B33-B3F6-4A3D-AC86-DF12D0598AE2} [2012.06.23 16:47:27 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{C8773D7D-104B-4920-9701-9240AC671C0D} [2012.06.23 16:47:04 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{46AFC206-9566-4DBA-9524-CA2F01B11882} [2012.06.23 15:41:44 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\Macromedia [2012.06.23 08:33:43 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{AB8A64A5-7339-46A0-BE5F-F174C9F39FA7} [2012.06.23 07:49:00 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{F5DFCC9F-00B3-4E30-B99B-185550C28417} [2012.06.22 19:59:41 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{26CFC919-77C2-4DCD-9337-E47BDABE7F64} [2012.06.22 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{6C2F93A0-D667-4867-B23A-C18D444B9CDB} [2012.06.22 15:48:47 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{3B8BD39F-9AA1-4832-B9CF-0D5D5424956F} [2012.06.22 00:45:19 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{A7BF2C9B-6E7C-48C5-804D-E72E703C0584} [2012.06.22 00:44:43 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{257A6AE1-0766-44F5-8D5C-1D3E67FA1428} [2012.06.21 20:30:54 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{9E1B7D43-7A76-4E1C-B64D-68678AC34F18} [2012.06.21 06:51:47 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{893921CB-F463-4236-B816-880C6B1C6725} [2012.06.21 06:51:25 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{11A7986A-C4B8-4BC5-B78C-A35C95943850} [2012.06.21 06:44:18 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{94708B09-9302-4DC8-80CE-3D0267271F16} [2012.06.20 15:56:57 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{E190C312-8147-401E-BB36-D150B598B18E} [2012.06.20 15:56:34 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{97FF471B-88D1-4A1E-9929-92703B908E62} [2012.06.20 13:04:15 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{CA23BD43-728E-4D52-9F21-441C8A98C0A7} [2012.06.20 12:52:44 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{1E2155E1-60B2-4C23-ADC8-1953536592B6} [2012.06.20 12:23:37 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{CCC07A5A-04A7-40BA-B5B7-21E44FD91C62} [2012.06.20 12:23:15 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{8708A431-5B87-4FDA-A898-8912D1EBA777} [2012.06.19 23:05:03 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{9562B6A6-2D3C-4C04-B827-15AAA9CFDA74} [2012.06.19 23:04:41 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{F8B6EF66-FB0B-4260-8D93-4213BA407DAF} [2012.06.19 19:10:03 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{871FD18E-A805-4A80-A143-B9524D85F51C} [2012.06.19 01:52:59 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{4DE0EC45-B14C-478F-A792-F3A41C989335} [2012.06.19 01:30:10 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{D5FE139A-593A-4C8A-9078-7784FCFE1B7C} [2012.06.18 08:23:56 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{D01B802D-4367-4EC6-BFDB-DB33C6CFE7DF} [2012.06.17 11:56:16 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{64706760-F935-47B4-A778-5A050A1FCCBC} [2012.06.17 11:51:12 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SPORT [2012.06.17 11:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPORT [2012.06.17 11:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\SPORT619 [2012.06.16 23:55:41 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{12DD0AA8-C28F-4C3E-BC0B-754A131C514D} [2012.06.16 17:47:05 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{BBA7FC6B-9225-4D65-AA25-05DFCF91625B} [2012.06.16 13:34:41 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{E945507C-72C0-4845-833A-6BA5E44E81A2} [2012.06.15 22:06:16 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{83771C83-F0B8-4841-B759-D6120804F49E} [2012.06.15 08:46:59 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{8FA41F05-6116-47AB-B9D3-5840C7662A66} [2012.06.14 16:13:26 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{8A0B13AC-E214-474C-AB14-DEA5F0498EAF} [2012.06.14 16:13:03 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{23952502-49D5-4C59-9404-9CE44E0087FA} [2012.06.14 13:27:42 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{92395493-A300-4535-9122-72E420E3B87D} [2012.06.14 12:22:43 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{AC95DEC1-C17E-488A-8E50-3F06CCA1CFD0} [2012.06.14 12:19:16 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{D0D9B58A-2F9D-4E81-8E80-873283C042AA} [2012.06.14 12:18:54 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{457C549B-7D86-49D8-A1BC-F52247EB0CEA} [2012.06.13 23:54:00 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{599449BD-773D-42F6-9E70-3E06E8EB6BB3} [2012.06.13 23:53:38 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{6E4873D2-8267-4F66-83D4-201DB924196D} [2012.06.13 10:32:11 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{94593F72-27FA-45D6-86B5-2270DC131F1E} [2012.06.13 10:31:49 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{C1F4469C-C56D-4650-ACCA-396335634EA4} [2012.06.13 09:10:14 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{166AD03F-CD98-49D6-AAE8-F244E120B379} [2012.06.13 09:09:51 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{38D9488D-BEAC-4B0E-A612-1C8A9E0F2939} [2012.06.12 18:45:28 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{07049809-D2CB-4D42-9B73-922DF762D295} [2012.06.12 18:45:05 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{A2F6C991-6C18-4FBE-A3DF-9BCEEF9F7363} [2012.06.12 07:40:07 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{AC10C8BA-98A1-4AF2-AAEC-E1ABD81683C5} [2012.06.11 21:50:10 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{C87F2CF2-E7A1-4A92-934B-784D10A63072} [2012.06.11 08:33:02 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{0F48D835-9C45-4799-9AEA-F5F0112FE27E} [2012.06.11 08:32:39 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{AB776FFB-3EB6-40BE-B20E-C9016212C47A} [2012.06.10 17:52:46 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{FF2CED81-5482-4BDA-AD79-6E044243F0DC} [2012.06.10 17:52:23 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{EE3B6F32-324D-4518-A31D-13B52C02A7A5} [2012.06.09 16:03:55 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{A676046A-DEB2-48F3-A1FF-E65E7B783002} [2012.06.09 16:03:32 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{E3745950-5109-46BA-9627-1C08112204A5} ========== Files - Modified Within 30 Days ========== [2012.07.04 08:13:10 | 000,000,000 | ---- | M] () -- C:\Users\Mario\defogger_reenable [2012.07.04 08:13:01 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.04 08:13:01 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.04 08:13:01 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.04 08:13:01 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.04 07:53:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad [2012.07.04 07:53:30 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 07:53:30 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 07:45:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.04 07:45:42 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys [2012.07.04 00:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.03 23:41:29 | 000,001,883 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.14 03:21:54 | 000,409,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.12 18:46:45 | 000,001,100 | ---- | M] () -- C:\Users\Mario\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2012.07.04 08:13:10 | 000,000,000 | ---- | C] () -- C:\Users\Mario\defogger_reenable [2012.07.03 23:41:29 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad [2012.07.03 23:41:29 | 000,001,883 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.12 18:46:45 | 000,001,100 | ---- | C] () -- C:\Users\Mario\Desktop\Mozilla Firefox.lnk [2012.04.19 09:41:39 | 000,000,600 | ---- | C] () -- C:\Users\Mario\AppData\Local\PUTTY.RND [2012.04.16 08:43:39 | 000,978,958 | ---- | C] () -- C:\Windows\System32\libstdc++-6.dll [2012.04.16 08:36:59 | 000,118,784 | ---- | C] () -- C:\Windows\System32\libgcc_s_dw2-1.dll [2012.03.29 06:22:51 | 002,515,790 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012.03.28 00:54:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe ========== LOP Check ========== [2012.03.28 09:11:21 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Windows Live Writer [2009.07.14 06:53:46 | 000,012,220 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
04.07.2012, 10:26
| #2 |
| /// Malware-holic   | GVU Trojaner hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012.07.03 23:41:29 | 000,001,883 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
:Files
:Commands
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!
__________________ |
|
04.07.2012, 11:01
| #3 |
| | GVU Trojaner Hallo Markus
__________________erstmal danke für deine Hilfe :-) Ich habe die genannten Schritte befolgt. OTL geöffnet, das Skript reinkopiert und auf fix geklickt. Dann kam eine Meldung, dass ein Neustart zum löschen erforderlich sei. Ich habe bestätigt und der Neustart wurde ausgeführt. Ich kann aber nirgends eine Textdatei finden. Weder auf dem Desktop, noch in dem Verzeichnis, in dem die otl.exe liegt. Noch eine Anmerkung: Ich habe das Alles im "normalen" Modus in Windows ausgeführt. Sollte ich das lieber im abgesicherten Modus machen? Grüße, Mario @edit: Ich habe mal in das im Skript angegebene Verzeichnis geschaut und da ist immer noch eine Verknüpfung mit dem Namen ctfmon. Diese zeigt auf eine exe im "AppData/Local/Temp"-Verzeichnis (roper0dun.exe.FQ10). Sieht also so aus, als ob das löschen nicht funktioniert hat :-( Geändert von mhirtreiter (04.07.2012 um 11:31 Uhr) |
|
04.07.2012, 22:05
| #4 |
| /// Malware-holic | GVU Trojaner dann führe das script noch mal aus
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.07.2012, 22:46
| #5 |
| | GVU Trojaner Hi ich habe es jetzt nochmal 4 mal versucht, aber es bleibt beim gleichen Ergebnis. Die Datei(en) werden nicht gelöscht und es wird keine Textdatei erstellt. Ich habe mittlerweile auch Avira und Spybot deinstalliert, damit die auf keinen Fall dazwischenfunken, aber auch das hat nichts geändert. Kann ich die Dateien nicht einfach von Hand löschen? Grüße, Mario |
|
06.07.2012, 18:16
| #6 |
| /// Malware-holic | GVU Trojaner ja, kannst du.
__________________ --> GVU Trojaner |
|
| Themen zu GVU Trojaner |
| adobe, antivirus, autorun, avg, bho, defender, desktop, dringend, explorer, firefox, firefox 13.0.1, flash player, format, langs, logfile, mozilla, netzwerk, nvidia, nvidia update, plug-in, registry, safer networking, scan, searchscopes, software, system, taskmanager, temp, trojane, trojaner, updates, windows |
Linear-Darstellung
