Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU-Trojaner auf Vista 32bit

GVU-Trojaner auf Vista 32bit


Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner auf Vista 32bit

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.08.2012, 08:49   #1
Funker
 
GVU-Trojaner auf Vista 32bit - Standard

GVU-Trojaner auf Vista 32bit


Hi,

Habe seit heute morgen einen GVU-Trojaner. Dieser erscheint nach dem Hochfahren des Desktops und sperrt selbigen. Im abgesichterten Modus kann ich den Laptop nutzen.
Wie kann ich die Sperre aufheben und den Trojaner entfernen?

Vielen Dank im voraus

Funker

Alt 24.08.2012, 14:38   #2
t'john
/// Helfer-Team
 
GVU-Trojaner auf Vista 32bit - Standard

GVU-Trojaner auf Vista 32bit




1. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 24.08.2012, 17:03   #3
Funker
 
GVU-Trojaner auf Vista 32bit - Standard

GVU-Trojaner auf Vista 32bit


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.24.02

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6001.18000
Paul Kloß :: SIMONES-PC [Administrator]

24.08.2012 16:51:14
mbam-log-2012-08-24 (18-01-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 346953
Laufzeit: 56 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Paul Kloß\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWSHHSE9\calc[1].exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\Paul Kloß\AppData\Local\Temp\install_0_msi.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\Paul Kloß\AppData\Local\Temp\wpbt0.dll (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\Paul Kloß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)


Das stammt Malwarebytes.

Der Scan mit OTL folgt gleich nach.

OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.08.2012 18:05:08 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Paul Kloß\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 60,39% Memory free
3,98 Gb Paging File | 3,47 Gb Available in Paging File | 87,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 34,75 Gb Free Space | 23,32% Space Free | Partition Type: NTFS
 
Computer Name: SIMONES-PC | User Name: Paul Kloß | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (a54mdvmi) --  File not found
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP) -- C:\Windows\System32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/default
IE - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}
IE - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.20 20:38:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.08.20 19:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Kloß\AppData\Roaming\mozilla\Extensions
[2012.08.22 19:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Kloß\AppData\Roaming\mozilla\Firefox\Profiles\11qik62i.default\extensions
[2012.08.22 19:34:38 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Paul Kloß\AppData\Roaming\mozilla\Firefox\Profiles\11qik62i.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2012.08.20 20:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\PAUL KLOß\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\11QIK62I.DEFAULT\EXTENSIONS\{8B86149F-01FB-4842-9DD8-4D7EB02FD055}
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-612325585-2361590947-2876478774-1001..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D40BF21-612D-4F7F-ADDE-576751109362}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0224866e-9007-11de-98bd-001de029752b}\Shell\1\Command - "" = G:\.\recycled\info.exe
O33 - MountPoints2\{0224866e-9007-11de-98bd-001de029752b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\.\recycled\info.exe
O33 - MountPoints2\{0e60ecb5-e800-11df-a652-001de029752b}\Shell\AutoRun\command - "" = E:\TranscendService(JF).exe
O33 - MountPoints2\{0e60ecc5-e800-11df-a652-001de029752b}\Shell\1\Command - "" = E:\.\recycled\info.exe
O33 - MountPoints2\{0e60ecc5-e800-11df-a652-001de029752b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\.\recycled\info.exe
O33 - MountPoints2\{0e60eccd-e800-11df-a652-001de029752b}\Shell\AutoRun\command - "" = E:\EmDesk.exe
O33 - MountPoints2\{0e60eccd-e800-11df-a652-001de029752b}\Shell\EmDesk\command - "" = E:\EmDesk.exe
O33 - MountPoints2\{11a3abaa-3499-11dd-b2f0-001de029752b}\Shell - "" = AutoRun
O33 - MountPoints2\{11a3abaa-3499-11dd-b2f0-001de029752b}\Shell\AutoRun\command - "" = E:\laucher.exe
O33 - MountPoints2\{1e6b26db-e4ed-11df-9b6d-0090f56ba07a}\Shell - "" = AutoRun
O33 - MountPoints2\{1e6b26db-e4ed-11df-9b6d-0090f56ba07a}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{1e6b26dc-e4ed-11df-9b6d-0090f56ba07a}\Shell - "" = AutoRun
O33 - MountPoints2\{1e6b26dc-e4ed-11df-9b6d-0090f56ba07a}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{3ab4c2b0-6322-11de-9b29-001de029752b}\Shell - "" = AutoRun
O33 - MountPoints2\{3ab4c2b0-6322-11de-9b29-001de029752b}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{3ab4c2b9-6322-11de-9b29-001de029752b}\Shell - "" = AutoRun
O33 - MountPoints2\{3ab4c2b9-6322-11de-9b29-001de029752b}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{4a5aa800-358b-11de-b187-001de029752b}\Shell\1\Command - "" = E:\.\recycled\info.exe
O33 - MountPoints2\{4a5aa800-358b-11de-b187-001de029752b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\.\recycled\info.exe
O33 - MountPoints2\{4d0b808c-339a-11dd-a1bc-806e6f6e6963}\Shell\1\Command - "" = E:\.\recycled\info.exe
O33 - MountPoints2\{4d0b808c-339a-11dd-a1bc-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\.\recycled\info.exe
O33 - MountPoints2\{64f6a84f-d2d6-11df-a33b-001de029752b}\Shell - "" = AutoRun
O33 - MountPoints2\{64f6a84f-d2d6-11df-a33b-001de029752b}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{a1f1d762-ac63-11df-baf3-001de029752b}\Shell - "" = AutoRun
O33 - MountPoints2\{a1f1d762-ac63-11df-baf3-001de029752b}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{a1f1d764-ac63-11df-baf3-001de029752b}\Shell - "" = AutoRun
O33 - MountPoints2\{a1f1d764-ac63-11df-baf3-001de029752b}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{c7b4d1ec-1e18-11df-9e18-0090f56ba07a}\Shell - "" = AutoRun
O33 - MountPoints2\{c7b4d1ec-1e18-11df-9e18-0090f56ba07a}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{dd6bd543-2029-11dd-8f2b-001de029752b}\Shell\1\Command - "" = E:\.\recycled\info.exe
O33 - MountPoints2\{dd6bd543-2029-11dd-8f2b-001de029752b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\.\recycled\info.exe
O33 - MountPoints2\{dd6bd545-2029-11dd-8f2b-001de029752b}\Shell\1\Command - "" = F:\.\recycled\info.exe
O33 - MountPoints2\{dd6bd545-2029-11dd-8f2b-001de029752b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe
O33 - MountPoints2\F\Shell\1\Command - "" = F:\.\recycled\info.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.24 17:25:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Paul Kloß\Desktop\OTL.exe
[2012.08.24 09:53:47 | 000,000,000 | ---D | C] -- C:\Users\Paul Kloß\AppData\Roaming\Malwarebytes
[2012.08.24 09:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.24 09:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.24 09:53:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.24 09:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.23 15:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012.08.23 15:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012.08.23 15:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012.08.23 15:40:07 | 000,117,760 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpzll5ha.dll
[2012.08.23 15:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012.08.23 15:39:29 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012.08.23 15:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.08.23 15:39:11 | 000,267,864 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2012.08.23 15:39:10 | 000,675,840 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpowiax3.dll
[2012.08.23 15:39:10 | 000,569,344 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpotscl3.dll
[2012.08.23 15:39:10 | 000,364,544 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2012.08.23 15:39:10 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2012.08.23 15:39:10 | 000,303,104 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst10.dll
[2012.08.23 12:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012.08.23 12:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TMPGEnc Plus 2.5
[2012.08.23 12:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Pegasys Inc
[2012.08.20 21:16:05 | 000,000,000 | ---D | C] -- C:\Users\Paul Kloß\AppData\Local\Macromedia
[2012.08.20 21:15:04 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.20 21:15:04 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.20 20:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.08.20 20:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.08.20 19:31:36 | 000,000,000 | ---D | C] -- C:\Users\Paul Kloß\AppData\Local\Mozilla
[2012.08.20 15:41:55 | 000,000,000 | ---D | C] -- C:\Users\Paul Kloß\AppData\Roaming\aborange
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.24 17:25:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Kloß\Desktop\OTL.exe
[2012.08.24 15:38:38 | 000,617,444 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.24 15:38:38 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.24 15:38:38 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.24 15:38:38 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.24 09:53:30 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.24 09:35:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.24 09:22:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.24 09:20:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9893A836-ECE3-41B8-AB5C-8375BEB64104}.job
[2012.08.24 08:49:56 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.24 08:49:56 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.24 00:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.23 21:20:00 | 000,002,317 | ---- | M] () -- C:\Users\Paul Kloß\Desktop\33.tabu
[2012.08.23 20:53:33 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{07F0D324-85C4-4560-B21C-C32420E6ABA1}.job
[2012.08.23 19:05:36 | 000,029,184 | ---- | M] () -- C:\Users\Paul Kloß\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.23 15:45:14 | 000,132,142 | ---- | M] () -- C:\Windows\hpoins14.dat
[2012.08.20 21:34:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.20 21:34:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.20 21:13:26 | 000,000,361 | ---- | M] () -- C:\Users\Paul Kloß\Desktop\Download - Verknüpfung.lnk
[2012.08.20 21:06:57 | 000,001,736 | ---- | M] () -- C:\Users\Paul Kloß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.20 20:38:12 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.20 19:59:48 | 001,166,474 | ---- | M] () -- C:\Users\Paul Kloß\Desktop\sbs_71.pdf
 
========== Files Created - No Company Name ==========
 
[2012.08.24 09:53:30 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.23 21:17:59 | 000,002,317 | ---- | C] () -- C:\Users\Paul Kloß\Desktop\33.tabu
[2012.08.23 15:39:16 | 000,132,142 | ---- | C] () -- C:\Windows\hpoins14.dat
[2012.08.23 15:39:16 | 000,001,996 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2012.08.23 15:39:09 | 000,308,621 | ---- | C] () -- C:\Windows\System32\autorun.inf
[2012.08.20 21:15:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.20 21:13:26 | 000,000,361 | ---- | C] () -- C:\Users\Paul Kloß\Desktop\Download - Verknüpfung.lnk
[2012.08.20 21:06:57 | 000,001,736 | ---- | C] () -- C:\Users\Paul Kloß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.20 21:06:55 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.20 19:59:48 | 001,166,474 | ---- | C] () -- C:\Users\Paul Kloß\Desktop\sbs_71.pdf
[2011.07.13 10:51:27 | 000,028,672 | ---- | C] () -- C:\Windows\System32\qttask.exe
[2011.07.13 10:49:47 | 000,001,032 | ---- | C] () -- C:\Windows\disney.ini
[2011.07.13 10:42:22 | 000,000,680 | RHS- | C] () -- C:\Users\Paul Kloß\ntuser.pol
[2010.02.21 15:06:27 | 000,000,552 | ---- | C] () -- C:\Users\Paul Kloß\AppData\Local\d3d8caps.dat
[2009.11.20 16:34:00 | 000,023,580 | ---- | C] () -- C:\Users\Paul Kloß\AppData\Roaming\UserTile.png
[2009.04.03 15:45:19 | 000,029,184 | ---- | C] () -- C:\Users\Paul Kloß\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.14 18:27:57 | 000,000,680 | ---- | C] () -- C:\Users\Paul Kloß\AppData\Local\d3d9caps.dat
[2008.03.07 16:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.03.07 13:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml

< End of report >
--- --- ---


Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.08.2012 18:05:08 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Paul Kloß\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 60,39% Memory free
3,98 Gb Paging File | 3,47 Gb Available in Paging File | 87,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 34,75 Gb Free Space | 23,32% Space Free | Partition Type: NTFS
 
Computer Name: SIMONES-PC | User Name: Paul Kloß | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-612325585-2361590947-2876478774-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{086FC9FE-DDEB-431F-9930-1A2362D10C6C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{0B88CC3E-6336-4C83-939F-783EFFC690CD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{17CE832D-4381-4155-8943-344C23F674D6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1C56A02C-1062-417C-A351-5A67BFF467ED}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1D593AD0-95DE-4608-AA33-41F9BB430B7A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2B11EBD4-507E-4292-989E-095647AD2B91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{46CE25E5-DBE1-46D7-B508-53A3C12A60AD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EC26ECD-9497-450C-A604-B1C579EE81C5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{74B06E9C-F617-48FC-80AE-73494B3B19B1}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{80184C0E-1344-40B6-BCE4-6D5C7E2F1BFC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9C06579D-B4A5-4B82-BF71-D339097F3CC7}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{A07EB473-6118-4064-8407-F5505096C26B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A91557AE-9FCB-4720-BA71-55177DE20DE5}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{BAA07090-1B48-4D16-8414-902CC814D8D5}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D0810E58-86CC-4C77-A1DB-EF16C7B8539B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D45E1C5C-3566-4EE4-8527-D60F8E049FBC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E27172A7-8068-4D7B-A685-22563AB561D4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EA1E47E0-C769-4024-9D1F-355D2C875014}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EC5E5560-08DF-410B-81B6-A36685F63227}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{EE9FC653-7D07-4BAB-8C3D-6261875F1A3D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{FD9164D9-A41E-4BBB-9099-D29C2AA357B9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{128994DE-8091-4431-A8AA-457707F02241}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe | 
"{24ACB1C8-FCD7-43BB-8367-2D96D2FA92A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{266D6D12-E492-4CEE-B65B-C0C69D3627DB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2794DEAD-FB94-4B34-9E6B-BB668430F174}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe | 
"{2EAFBC77-08B3-423B-A6FB-2AAC3BCB675C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2F2D94DF-7290-4E6D-A009-35A4BEBD31CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3111E2B0-FAA4-4DC7-BA6F-853A79A516A1}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{3B0517B9-C6E6-49DF-ABC7-DF61547EFDCA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4D442C02-C0DA-4593-BFD7-6C9E817363E9}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe | 
"{4FBA4257-4FB8-4630-824C-DF9F1203216C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5BFF33B6-D4E0-4390-A4AD-94B6DA897A7D}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe | 
"{6B93D850-142E-4325-8A29-8179E7342368}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{8DEB073C-5599-45C4-A521-BE0DE55CC4F2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9853AE10-E73D-4DF6-BB01-D4800BDBD563}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A9521F9C-BA6B-42FA-A86F-10989D9F6130}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{AF1FBB3C-41F1-4E11-9778-0C6CFAED4D96}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C3B8AA2A-85B0-4C00-80B6-4BEAE55812B5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C5FF886D-BE67-4826-8F43-C3AD02D207FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D21A821E-EB2A-4ABD-9F6C-2C8A9A9EE38B}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{DB9282C1-608D-4572-9B0D-134ED82B8834}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe | 
"{DE7FE057-5CC8-43EE-93EF-9E005C461248}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe | 
"{F58D8C05-F33B-469F-AAD5-47A47FFDBF88}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe | 
"{FC46F59A-2B18-4111-A263-570908374237}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe | 
"TCP Query User{066163BE-6DD3-491D-8D3D-8BF30803EA69}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{56726049-CE3B-44AA-9A2A-93E2E181EDC8}C:\users\paul kloß\documents\games\counter strike\hl2.exe" = protocol=6 | dir=in | app=c:\users\paul kloss\documents\games\counter strike\hl2.exe | 
"TCP Query User{63933FD9-EF5B-459C-8FBB-C4569285E525}C:\users\paul kloß\documents\games\stonghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\paul kloss\documents\games\stonghold crusader\stronghold crusader.exe | 
"TCP Query User{8BB21DF4-3AC2-4771-AF69-94C224CCA18E}C:\users\paul kloß\documents\games\stonghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\paul kloss\documents\games\stonghold crusader\stronghold crusader.exe | 
"TCP Query User{B9A7B68A-3DFF-4636-9A3F-2407A4E87D33}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{470E9908-96FB-48C6-82BF-114B4C97E871}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{5485A729-415C-4754-82ED-6CD4847D235B}C:\users\paul kloß\documents\games\stonghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\paul kloss\documents\games\stonghold crusader\stronghold crusader.exe | 
"UDP Query User{6D179038-19AE-489C-9191-85698A3DC41D}C:\users\paul kloß\documents\games\stonghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\paul kloss\documents\games\stonghold crusader\stronghold crusader.exe | 
"UDP Query User{CBAFCDD0-80B0-4E5D-A6F2-BE4E84902EBC}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{F3E366FC-34EB-4259-8882-C16390128B96}C:\users\paul kloß\documents\games\counter strike\hl2.exe" = protocol=17 | dir=in | app=c:\users\paul kloss\documents\games\counter strike\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5F87EF36-A373-11D5-AA2E-0008C760B784}" = Monster Training Einmaleins
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B729B3C1-55A9-45FB-B7AD-D6A42DA8C883}" = Hotkey_Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK Home Center Software
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"Blue Byte Game Channel" = Blue Byte Game Channel
"ENTERPRISER" = Microsoft Office Enterprise 2007
"GameSpy Arcade" = GameSpy Arcade
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"LingoPad_is1" = LingoPad 2.5.1 (Build 325)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"QuickTime" = QuickTime
"SiS VGA Utilities" = SiS VGA Utilities
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 0.9.8a
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.06.2012 07:28:10 | Computer Name = Simones-PC | Source = VSS | ID = 8194
Description = 
 
Error - 01.06.2012 16:29:36 | Computer Name = Simones-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 20.08.2012 09:29:55 | Computer Name = Simones-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.08.2012 14:37:19 | Computer Name = Simones-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.08.2012 15:06:58 | Computer Name = Simones-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18639, Zeitstempel
 0x4db02c95, fehlerhaftes Modul USER32.dll, Version 6.0.6001.18538, Zeitstempel 
0x4cb733dc, Ausnahmecode 0xc0000142, Fehleroffset 0x00009cfc,  Prozess-ID 0x1224, 
Anwendungsstartzeit 01cd7f06f881fe96.
 
Error - 20.08.2012 15:13:33 | Computer Name = Simones-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.08.2012 15:13:35 | Computer Name = Simones-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.08.2012 15:13:44 | Computer Name = Simones-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.08.2012 03:56:05 | Computer Name = Simones-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.08.2012 04:01:34 | Computer Name = Simones-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18639, Zeitstempel
 0x4db02c95, fehlerhaftes Modul USER32.dll, Version 6.0.6001.18538, Zeitstempel 
0x4cb733dc, Ausnahmecode 0xc0000142, Fehleroffset 0x00009cfc,  Prozess-ID 0x38c, Anwendungsstartzeit
 01cd7f732e7dad03.
 
[ OSession Events ]
Error - 09.08.2009 04:48:08 | Computer Name = Simones-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1316
 seconds with 1260 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.06.2011 03:37:58 | Computer Name = Simones-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 18.06.2011 03:38:19 | Computer Name = Simones-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.06.2011 03:45:13 | Computer Name = Simones-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 18.06.2011 12:23:24 | Computer Name = Simones-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 18.06.2011 12:24:21 | Computer Name = Simones-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.06.2011 12:31:33 | Computer Name = Simones-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 18.06.2011 12:31:45 | Computer Name = Simones-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{B4BFBA24-0D42-4538-BB7B-471400DFA1BB} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 19.06.2011 09:42:00 | Computer Name = Simones-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 19.06.2011 09:43:23 | Computer Name = Simones-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.06.2011 09:47:58 | Computer Name = Simones-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{B4BFBA24-0D42-4538-BB7B-471400DFA1BB} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
 
< End of report >
--- --- ---
__________________
Alt 24.08.2012, 18:00   #4
t'john
/// Helfer-Team
 
GVU-Trojaner auf Vista 32bit - Standard

GVU-Trojaner auf Vista 32bit


Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
DRV - (a54mdvmi) -- File not found 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9} 
IE - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search?q={searchTerms} 
IE - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" 
FF - prefs.js..browser.startup.homepage: "http://de.wikipedia.org/wiki/Wikipedia:Hauptseite" 
FF - user.js - File not found 
File not found (No name found) -- C:\USERS\PAUL KLOß\APPDATA\Roaming\MOZILLA\FIREFOX\PROFILES\11QIK62I.DEFAULT\EXTENSIONS\{8B86149F-01FB-4842-9DD8-4D7EB02FD055} 
O4 - HKU\S-1-5-21-612325585-2361590947-2876478774-1001..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) 
O7 - HKU\S-1-5-21-612325585-2361590947-2876478774-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{0224866e-9007-11de-98bd-001de029752b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\.\recycled\info.exe 
O33 - MountPoints2\{0e60ecb5-e800-11df-a652-001de029752b}\Shell\AutoRun\command - "" = E:\TranscendService(JF).exe 
O33 - MountPoints2\{0e60ecc5-e800-11df-a652-001de029752b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\.\recycled\info.exe 
O33 - MountPoints2\{0e60eccd-e800-11df-a652-001de029752b}\Shell\AutoRun\command - "" = E:\EmDesk.exe 
O33 - MountPoints2\{11a3abaa-3499-11dd-b2f0-001de029752b}\Shell - "" = AutoRun 
O33 - MountPoints2\{11a3abaa-3499-11dd-b2f0-001de029752b}\Shell\AutoRun\command - "" = E:\laucher.exe 
O33 - MountPoints2\{1e6b26db-e4ed-11df-9b6d-0090f56ba07a}\Shell - "" = AutoRun 
O33 - MountPoints2\{1e6b26db-e4ed-11df-9b6d-0090f56ba07a}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe 
O33 - MountPoints2\{1e6b26dc-e4ed-11df-9b6d-0090f56ba07a}\Shell - "" = AutoRun 
O33 - MountPoints2\{1e6b26dc-e4ed-11df-9b6d-0090f56ba07a}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe 
O33 - MountPoints2\{3ab4c2b0-6322-11de-9b29-001de029752b}\Shell - "" = AutoRun 
O33 - MountPoints2\{3ab4c2b0-6322-11de-9b29-001de029752b}\Shell\AutoRun\command - "" = E:\setup.exe 
O33 - MountPoints2\{3ab4c2b9-6322-11de-9b29-001de029752b}\Shell - "" = AutoRun 
O33 - MountPoints2\{3ab4c2b9-6322-11de-9b29-001de029752b}\Shell\AutoRun\command - "" = E:\setup.exe 
O33 - MountPoints2\{4a5aa800-358b-11de-b187-001de029752b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\.\recycled\info.exe 
O33 - MountPoints2\{4d0b808c-339a-11dd-a1bc-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\.\recycled\info.exe 
O33 - MountPoints2\{64f6a84f-d2d6-11df-a33b-001de029752b}\Shell - "" = AutoRun 
O33 - MountPoints2\{64f6a84f-d2d6-11df-a33b-001de029752b}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe 
O33 - MountPoints2\{a1f1d762-ac63-11df-baf3-001de029752b}\Shell - "" = AutoRun 
O33 - MountPoints2\{a1f1d762-ac63-11df-baf3-001de029752b}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe 
O33 - MountPoints2\{a1f1d764-ac63-11df-baf3-001de029752b}\Shell - "" = AutoRun 
O33 - MountPoints2\{a1f1d764-ac63-11df-baf3-001de029752b}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe 
O33 - MountPoints2\{c7b4d1ec-1e18-11df-9e18-0090f56ba07a}\Shell - "" = AutoRun 
O33 - MountPoints2\{c7b4d1ec-1e18-11df-9e18-0090f56ba07a}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe 
O33 - MountPoints2\{dd6bd543-2029-11dd-8f2b-001de029752b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\.\recycled\info.exe 
O33 - MountPoints2\{dd6bd545-2029-11dd-8f2b-001de029752b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe 
O33 - MountPoints2\F\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe 

[2012.08.24 09:22:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad 
[2012.08.20 21:06:57 | 000,001,736 | ---- | M] () -- C:\Users\Paul Kloß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012.08.23 15:39:09 | 000,308,621 | ---- | C] () -- C:\Windows\System32\autorun.inf 
[2012.08.23 15:39:29 | 000,000,000 | -H-D | C] -- C:\Config.Msi 
[2012.08.24 09:20:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9893A836-ECE3-41B8-AB5C-8375BEB64104}.job 
[2012.08.24 00:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.08.23 20:53:33 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{07F0D324-85C4-4560-B21C-C32420E6ABA1}.job 

:Files

C:\Users\Paul Kloß\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Paul Kloß\AppData\Local\Temp\*.exe
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 24.08.2012, 18:44   #5
Funker
 
GVU-Trojaner auf Vista 32bit - Standard

GVU-Trojaner auf Vista 32bit


Windows startet wieder ganz normal

Code:
ATTFilter
All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File  system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File  system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File  system32\DRIVERS\ipinip.sys File not found not found.
Error: No service named a54mdvmi was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a54mdvmi deleted successfully.
File  File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-612325585-2361590947-2876478774-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-612325585-2361590947-2876478774-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-612325585-2361590947-2876478774-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}\ not found.
HKU\S-1-5-21-612325585-2361590947-2876478774-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-612325585-2361590947-2876478774-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Wikipedia (de)" removed from browser.search.selectedEngine
Prefs.js: "hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite" removed from browser.startup.homepage
Registry value HKEY_USERS\S-1-5-21-612325585-2361590947-2876478774-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM deleted successfully.
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-612325585-2361590947-2876478774-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0224866e-9007-11de-98bd-001de029752b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0224866e-9007-11de-98bd-001de029752b}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\.\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e60ecb5-e800-11df-a652-001de029752b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e60ecb5-e800-11df-a652-001de029752b}\ not found.
File E:\TranscendService(JF).exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e60ecc5-e800-11df-a652-001de029752b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e60ecc5-e800-11df-a652-001de029752b}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\.\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e60eccd-e800-11df-a652-001de029752b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e60eccd-e800-11df-a652-001de029752b}\ not found.
File E:\EmDesk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11a3abaa-3499-11dd-b2f0-001de029752b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11a3abaa-3499-11dd-b2f0-001de029752b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11a3abaa-3499-11dd-b2f0-001de029752b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11a3abaa-3499-11dd-b2f0-001de029752b}\ not found.
File E:\laucher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e6b26db-e4ed-11df-9b6d-0090f56ba07a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e6b26db-e4ed-11df-9b6d-0090f56ba07a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e6b26db-e4ed-11df-9b6d-0090f56ba07a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e6b26db-e4ed-11df-9b6d-0090f56ba07a}\ not found.
File E:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e6b26dc-e4ed-11df-9b6d-0090f56ba07a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e6b26dc-e4ed-11df-9b6d-0090f56ba07a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e6b26dc-e4ed-11df-9b6d-0090f56ba07a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e6b26dc-e4ed-11df-9b6d-0090f56ba07a}\ not found.
File E:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ab4c2b0-6322-11de-9b29-001de029752b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ab4c2b0-6322-11de-9b29-001de029752b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ab4c2b0-6322-11de-9b29-001de029752b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ab4c2b0-6322-11de-9b29-001de029752b}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ab4c2b9-6322-11de-9b29-001de029752b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ab4c2b9-6322-11de-9b29-001de029752b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ab4c2b9-6322-11de-9b29-001de029752b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ab4c2b9-6322-11de-9b29-001de029752b}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a5aa800-358b-11de-b187-001de029752b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a5aa800-358b-11de-b187-001de029752b}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\.\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d0b808c-339a-11dd-a1bc-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d0b808c-339a-11dd-a1bc-806e6f6e6963}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\.\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64f6a84f-d2d6-11df-a33b-001de029752b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64f6a84f-d2d6-11df-a33b-001de029752b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64f6a84f-d2d6-11df-a33b-001de029752b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64f6a84f-d2d6-11df-a33b-001de029752b}\ not found.
File E:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f1d762-ac63-11df-baf3-001de029752b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f1d762-ac63-11df-baf3-001de029752b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f1d762-ac63-11df-baf3-001de029752b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f1d762-ac63-11df-baf3-001de029752b}\ not found.
File E:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f1d764-ac63-11df-baf3-001de029752b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f1d764-ac63-11df-baf3-001de029752b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f1d764-ac63-11df-baf3-001de029752b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f1d764-ac63-11df-baf3-001de029752b}\ not found.
File G:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7b4d1ec-1e18-11df-9e18-0090f56ba07a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7b4d1ec-1e18-11df-9e18-0090f56ba07a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7b4d1ec-1e18-11df-9e18-0090f56ba07a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7b4d1ec-1e18-11df-9e18-0090f56ba07a}\ not found.
File E:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd6bd543-2029-11dd-8f2b-001de029752b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd6bd543-2029-11dd-8f2b-001de029752b}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\.\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd6bd545-2029-11dd-8f2b-001de029752b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd6bd545-2029-11dd-8f2b-001de029752b}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe not found.
C:\ProgramData\ism_0_llatsni.pad moved successfully.
C:\Users\Paul Kloß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\Windows\System32\autorun.inf moved successfully.
C:\Config.Msi folder moved successfully.
C:\Windows\Tasks\User_Feed_Synchronization-{9893A836-ECE3-41B8-AB5C-8375BEB64104}.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\User_Feed_Synchronization-{07F0D324-85C4-4560-B21C-C32420E6ABA1}.job moved successfully.
========== FILES ==========
C:\Users\Paul Kloß\AppData\Local\{DA6A30CA-2668-4F5F-93A5-9BDA19E3CCC4} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
C:\Users\Paul Kloß\AppData\Local\Temp\d2l_Install.exe moved successfully.
C:\Users\Paul Kloß\AppData\Local\Temp\eauninstall.exe moved successfully.
C:\Users\Paul Kloß\AppData\Local\Temp\install_0_msi.exe moved successfully.
C:\Users\Paul Kloß\AppData\Local\Temp\The Sims 2_uninst.exe moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Paul Kloß\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Paul Kloß\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
 
User: Paul
 
User: Paul Kloß
->Temp folder emptied: 212436936 bytes
->FireFox cache emptied: 381105233 bytes
->Flash cache emptied: 4606 bytes
 
User: Public
 
User: Simone
->Temp folder emptied: 188831898 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 73132865 bytes
->Flash cache emptied: 624 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24160274 bytes
RecycleBin emptied: 353231595 bytes
 
Total Files Cleaned = 1.176,00 mb
 
 
OTL by OldTimer - Version 3.2.58.1 log created on 08242012_193630

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Alt 24.08.2012, 18:54   #6
t'john
/// Helfer-Team
 
GVU-Trojaner auf Vista 32bit - Standard

GVU-Trojaner auf Vista 32bit


Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> GVU-Trojaner auf Vista 32bit

Alt 07.10.2012, 00:09   #7
t'john
/// Helfer-Team
 
GVU-Trojaner auf Vista 32bit - Standard

GVU-Trojaner auf Vista 32bit


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU-Trojaner auf Vista 32bit
32bit, abgesichterten, entferne, entfernen, erschein, erscheint, gvu-trojaner, heute, hochfahren, laptop, modus, morgen, nutze, selbige, sperre, sperrt, trojaner entferne, trojaner entfernen, vista, vista 32bit


« System Progressice Protection gekauft...? gefährlich? | Live Security Platinum Virus bin schon im Abgesichertem Modus und 1. Log erstellt - wie weiter? »


Ähnliche Themen: GVU-Trojaner auf Vista 32bit


  1. Windows Vista 32Bit Interpol-Trojaner, Österr.
    Log-Analyse und Auswertung - 05.03.2014 (21)
  2. BKA-Trojaner Sperrbildschirm Windows Vista (32bit) kein abgesicherter Modus
    Log-Analyse und Auswertung - 07.01.2014 (14)
  3. GVU Trojaner Vista 32bit, abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 11.12.2013 (5)
  4. GVU Trojaner, Vista 32bit
    Log-Analyse und Auswertung - 13.06.2013 (33)
  5. Laptop mit Windows Vista (32bit) infiziert mit JS/Agent.480412 (BKA-Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (12)
  6. BKA Trojaner in Win Vista 32bit, Anmeldung und dann Bildschirm weiß mit sichtbarer Maus
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (22)
  7. BKA-Trojaner auf Vista-32bit PC mit XP als 2. BS
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (23)
  8. GVU 2.11 Trojaner Win Vista 32bit
    Log-Analyse und Auswertung - 17.01.2013 (5)
  9. Trojaner GVU vista 32bit
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (8)
  10. GVU Trojaner Logfiles Vista 32bit
    Log-Analyse und Auswertung - 20.11.2012 (17)
  11. GVU-Trojaner / lsass.exe / Vista 32bit
    Log-Analyse und Auswertung - 07.11.2012 (5)
  12. BKA Trojaner "Ver. 1.09" Vista 32bit, brauche hilfe
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (6)
  13. GVU Trojaner 2.07 win vista 32bit
    Log-Analyse und Auswertung - 19.09.2012 (1)
  14. GVU-Trojaner auf Laptop (Windows Vista / 32bit System)
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (7)
  15. BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (16)
  16. GVU-Trojaner mit Webcam hat System blockiert, Vista 32bit
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (21)
  17. Bundespolizei Trojaner (Vista 32bit)
    Plagegeister aller Art und deren Bekämpfung - 11.10.2011 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU-Trojaner auf Vista 32bit - Hi, Habe seit heute morgen einen GVU-Trojaner. Dieser erscheint nach dem Hochfahren des Desktops und sperrt selbigen. Im abgesichterten Modus kann ich den Laptop nutzen. Wie kann ich die Sperre - GVU-Trojaner auf Vista 32bit...
Archiv
Du betrachtest: GVU-Trojaner auf Vista 32bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55