Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7

GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.09.2012, 20:56   #1
ddPlr
 
GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7 - Standard

GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7


Ausgeführt. Ich hoffe so ist es richtig...


Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-4253318092-3082914856-625760364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5A27AD25-8D7E-4867-BDB3-DEE0F1C44452}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A27AD25-8D7E-4867-BDB3-DEE0F1C44452}\ not found.
Registry key HKEY_USERS\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
HKU\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "chrome://speeddial/content/speeddial.xul" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?affID=109958&tt=060612_6_&babsrc=KW_ss&mntrId=5e10d5f40000000000002225d3e0ee42&q=" removed from keyword.URL
Prefs.js: "192.168.22.1" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "192.168.22.1" removed from network.proxy.backup.gopher
Prefs.js: 8080 removed from network.proxy.backup.gopher_port
Prefs.js: "192.168.22.1" removed from network.proxy.backup.socks
Prefs.js: 8080 removed from network.proxy.backup.socks_port
Prefs.js: "192.168.22.1" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "192.168.42.1" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "localhost, 127.0.0.1, stealthy.co" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}\ not found.
C:\Users\yoshi\AppData\Roaming\13001.032\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.032 folder moved successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b64982b1-d112-42b5-b1e4-d3867c4533f8}\ not found.
C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content folder moved successfully.
C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components folder moved successfully.
C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension folder moved successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Registry value HKEY_USERS\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An vorhandene PDF-Datei anfügen\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\In Adobe PDF konvertieren\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel an vorhandene PDF-Datei anhängen\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel in Adobe PDF konvertieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An vorhandene PDF-Datei anfügen\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\In Adobe PDF konvertieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel an vorhandene PDF-Datei anhängen\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel in Adobe PDF konvertieren\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2445dfed-30bc-11e1-abbd-e0cb4e0b8cb8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2445dfed-30bc-11e1-abbd-e0cb4e0b8cb8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2445dfed-30bc-11e1-abbd-e0cb4e0b8cb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2445dfed-30bc-11e1-abbd-e0cb4e0b8cb8}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{444d2fb0-e5a2-11df-98c1-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{444d2fb0-e5a2-11df-98c1-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{444d2fb0-e5a2-11df-98c1-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{444d2fb0-e5a2-11df-98c1-806e6f6e6963}\ not found.
File E:\InstAll.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df3b16a0-2e6e-11e1-9be7-e0cb4e0b8cb8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df3b16a0-2e6e-11e1-9be7-e0cb4e0b8cb8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df3b16a0-2e6e-11e1-9be7-e0cb4e0b8cb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df3b16a0-2e6e-11e1-9be7-e0cb4e0b8cb8}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df3b16b8-2e6e-11e1-9be7-e0cb4e0b8cb8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df3b16b8-2e6e-11e1-9be7-e0cb4e0b8cb8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df3b16b8-2e6e-11e1-9be7-e0cb4e0b8cb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df3b16b8-2e6e-11e1-9be7-e0cb4e0b8cb8}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0329d81-e3dd-11e1-8311-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0329d81-e3dd-11e1-8311-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0329d81-e3dd-11e1-8311-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0329d81-e3dd-11e1-8311-806e6f6e6963}\ not found.
File E:\InstAll.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe159293-308e-11e1-880e-e0cb4e0b8cb8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe159293-308e-11e1-880e-e0cb4e0b8cb8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe159293-308e-11e1-880e-e0cb4e0b8cb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe159293-308e-11e1-880e-e0cb4e0b8cb8}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled folder moved successfully.
Folder C:\Users\yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\ not found.
C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.565.25 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\ProgramData\Babylon folder moved successfully.
C:\ProgramData\nud0repor.pad moved successfully.
C:\Users\yoshi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe moved successfully.
C:\Users\yoshi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe moved successfully.
ADS C:\ProgramData\Temp:57B2B96C deleted successfully.
ADS C:\ProgramData\Temp:474022C7 deleted successfully.
ADS C:\ProgramData\Temp:922DA2DB deleted successfully.
ADS C:\ProgramData\Temp:C370B84F deleted successfully.
ADS C:\ProgramData\Temp:65137F0D deleted successfully.
ADS C:\ProgramData\Temp:26499772 deleted successfully.
ADS C:\ProgramData\Temp:BEACE4C8 deleted successfully.
ADS C:\ProgramData\Temp:ED0B32CA deleted successfully.
Folder C:\USERS\YOSHI\APPDATA\Roaming\13001.032\ not found.
Folder C:\Users\yoshi\AppData\Roaming\13001.032\ not found.
C:\Users\yoshi\AppData\Roaming\Babylon folder moved successfully.
C:\END moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.033\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.033 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\blckdom.res moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.016\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.016 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\kock folder moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.017\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.017 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.018\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.018 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.019\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.019 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\urhtps.dat moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.020\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.020 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.021\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.021 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.022\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.022 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.023\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.023 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.024\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.024 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.025\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.025 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.026\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.026 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.027\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.027 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.028\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.028 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.029\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.029 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.030\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.030 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.031\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.031 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\UAs folder moved successfully.
C:\Users\yoshi\AppData\Roaming\AcroIEHelpe.txt moved successfully.
========== FILES ==========
File\Folder C:\Users\yoshi\AppData\Roaming\*croIEHelp*.* not found.
File\Folder C:\Users\yoshi\AppData\Roaming\13* not found.
C:\Users\yoshi\AppData\Local\{1B3CFFE5-5677-4CB0-B5E5-27335436659F} folder moved successfully.
C:\Users\yoshi\AppData\Local\{23D3C06E-15B9-40EA-8E9A-EA2B1DD6347F} folder moved successfully.
C:\Users\yoshi\AppData\Local\{33F219F2-6417-402E-A1E4-78E7CD97996D} folder moved successfully.
C:\Users\yoshi\AppData\Local\{57ADFDCF-3058-4293-9DC4-9A07709BD855} folder moved successfully.
C:\Users\yoshi\AppData\Local\{6C5091E7-78D4-4530-AE3C-A61B9494E819} folder moved successfully.
C:\Users\yoshi\AppData\Local\{6CEB0EA9-B1B2-4896-8B93-E8E8DC05FFFB} folder moved successfully.
C:\Users\yoshi\AppData\Local\{76407DE5-37D8-4254-9C15-A6E0A4BE8570} folder moved successfully.
C:\Users\yoshi\AppData\Local\{766B2D0A-4BC8-40C6-96BE-73441F2D2A1B} folder moved successfully.
C:\Users\yoshi\AppData\Local\{87D11343-4CA8-49A6-8674-B34171DC518F} folder moved successfully.
C:\Users\yoshi\AppData\Local\{95488398-4FCE-4DCA-9FD9-4CE5FD414D4A} folder moved successfully.
C:\Users\yoshi\AppData\Local\{96E54F8D-AD45-4FCC-B6B7-82319DD813B9} folder moved successfully.
C:\Users\yoshi\AppData\Local\{A55E1F9E-60D7-4CFF-8029-D2FCDD0E88E5} folder moved successfully.
C:\Users\yoshi\AppData\Local\{C5041D06-C962-4235-B9E7-32870A4F3EE1} folder moved successfully.
C:\Users\yoshi\AppData\Local\{CD125EE4-DE17-455E-A23D-206A247FD8F5} folder moved successfully.
C:\Users\yoshi\AppData\Local\{CD6C39CD-F424-4667-9081-8C6C6D624CC1} folder moved successfully.
C:\Users\yoshi\AppData\Local\{DC295FF4-07ED-4C32-B424-3C7F0096D6F3} folder moved successfully.
C:\Users\yoshi\AppData\Local\{DCF79B02-4DFF-4EA2-AB62-2BE7012D7B3A} folder moved successfully.
C:\Users\yoshi\AppData\Local\{DEDC58B5-F1E1-4087-89CF-D0FB70131A5B} folder moved successfully.
C:\Users\yoshi\AppData\Local\{DF81E2D0-9095-41D8-8DEB-1F46F75DFEF5} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\TEMP\{B46BEA36-0B71-4A4E-AE41-87241643FA0A} folder moved successfully.
C:\ProgramData\TEMP folder moved successfully.
File\Folder C:\Users\yoshi\AppData\Local\Temp\*.exe not found.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\yoshi\Desktop\cmd.bat deleted successfully.
C:\Users\yoshi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: yoshi
->Temp folder emptied: 923856 bytes
->Temporary Internet Files folder emptied: 2865468 bytes
->FireFox cache emptied: 63493167 bytes
->Flash cache emptied: 28080 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1093404 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 65,00 mb
 
 
OTL by OldTimer - Version 3.2.59.1 log created on 09012012_214614

Files\Folders moved on Reboot...
C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.565.25 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.565.25 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\Users\yoshi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.

Antwort

Themen zu GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7
avira, bildschirm, browser, chip.de, downloader, driver genius, error, excel, fehler, flash player, format, google, google earth, helper, home, install.exe, league of legends, mozilla, nvidia update, programm, realtek, registry, richtlinie, rundll, scan, security, server, software, svchost.exe, system error, tcp, trojaner, usb 2.0, usenext, version., visual studio


« Win32/Obfuscator.xz entdeckt.. | GVU Virus eingefangen - Malwarebytes Scan durchgeführt »


Ähnliche Themen: GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7


  1. 2 Trojaner eingefangen durch E-Mail-Anhänge // Trojan-Banker.Win32.Agent.ubo und Trojan.Win32.Yakes.ghny
    Log-Analyse und Auswertung - 19.07.2015 (28)
  2. WinXp Trojan.Agent/Gen-Reputation Stolen.Data Trojan.Agent/Gen-DunDun Win32/Spy.Banker.YPK trojan
    Log-Analyse und Auswertung - 29.10.2013 (7)
  3. Mehrere Trojaner (trojan.banker, trojan.agent), pup.funmoods
    Log-Analyse und Auswertung - 01.05.2013 (6)
  4. Trojan.Downloader, Trojan.Agent.VGENX, Trojan.Agent, PUP.Pantsoff.PasswordFinder, TR/spy.banker.gen5
    Log-Analyse und Auswertung - 27.10.2012 (1)
  5. Trojan.Banker, Trojan.Agent, Stolen.Data, Malware.Trace, was nun?
    Log-Analyse und Auswertung - 07.10.2012 (1)
  6. Problem mit Trojan.BHO und Trojan.Banker
    Log-Analyse und Auswertung - 11.09.2012 (1)
  7. Trojan.Agent, Backdoor.Agent, Trojan.Banker > 10 Trojaner auf einem PC
    Log-Analyse und Auswertung - 22.07.2012 (0)
  8. Trojan.Banker / Spy.Banker - weitere Vorgehensweise?
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (7)
  9. EXP/2008-5353.AO TR/Kazy.80527.3 Trojan.BT.Soft.Gen Trojan.Banker Trojan.Agent
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (5)
  10. Trojan.Agent,Trojan.Banker,PUP.Blabbers .
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (3)
  11. Trojan.Banker und Trojan.Agend oft mit Antivir gelöscht aber immer wieder gekommen.
    Log-Analyse und Auswertung - 11.07.2012 (2)
  12. 50 € Virus , trojan.Banker, Trojan.Ransom
    Log-Analyse und Auswertung - 14.02.2012 (1)
  13. Infiziert mit Trojan.Passwords und Trojan.Banker
    Log-Analyse und Auswertung - 13.01.2012 (9)
  14. Wie entferne ich Trojan.Banker, Trojan.FakeAlert? C ist (angeblich) leer
    Log-Analyse und Auswertung - 10.10.2011 (5)
  15. Trojan.Banker - 100 tan Trojaner Commerzbank
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  16. Trojan.Banker, Trojan.Agent u.a.
    Plagegeister aller Art und deren Bekämpfung - 16.07.2009 (18)
  17. Trojan.Banker.VB.0D9D0998 und Trojan-Dropper.Win32.Agent.wd
    Log-Analyse und Auswertung - 04.10.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7 - Ausgeführt. Ich hoffe so ist es richtig... Code: Alles auswählen Aufklappen ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted - GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7...
Archiv
Du betrachtest: GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131