Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner eingefangen

GVU Trojaner eingefangen


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.05.2013, 08:37   #1
uncleb
 
GVU Trojaner eingefangen - Standard

GVU Trojaner eingefangen


Hatte schonmal gepostet, weiß aber nicht ob das funktioniert hat.

Hier also nochmals die OTL.txt:

OTL logfile created on: 15.05.2013 08:44:03 - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = D:\PROGRAMS\OTLPE
64bit-Windows 7 Ultimate (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 79,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 196,52 Gb Free Space | 65,95% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 1397,28 Gb Total Space | 1105,63 Gb Free Space | 79,13% Space Free | Partition Type: NTFS
Drive M: | 1397,28 Gb Total Space | 1105,63 Gb Free Space | 79,13% Space Free | Partition Type: NTFS
Drive V: | 1397,28 Gb Total Space | 1105,63 Gb Free Space | 79,13% Space Free | Partition Type: NTFS
Drive W: | 1397,28 Gb Total Space | 1105,63 Gb Free Space | 79,13% Space Free | Partition Type: NTFS

Computer Name: PC009 | User Name: swerner
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.12.01 23:19:44 | 002,357,488 | ---- | M] (RealVNC Ltd) [Auto] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV:64bit: - [2010.03.30 11:02:08 | 000,189,304 | ---- | M] (AVM Berlin) [Auto] -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)
SRV:64bit: - [2010.03.30 11:01:06 | 000,143,224 | ---- | M] (AVM Berlin) [Auto] -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv)
SRV:64bit: - [2010.03.30 10:59:54 | 000,335,224 | ---- | M] (AVM Berlin) [Auto] -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike)
SRV:64bit: - [2009.10.09 14:25:24 | 000,713,488 | ---- | M] (CANON INC) [Auto] -- C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe -- (Canon imagePROGRAF Status Monitor)
SRV:64bit: - [2009.07.14 03:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.16 08:55:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.14 08:59:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.27 17:09:08 | 001,734,416 | ---- | M] () [Auto] -- C:\Program Files (x86)\pc essentials\updater.exe -- (pc essentials)
SRV - [2010.12.10 14:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.07.27 11:44:03 | 000,137,680 | ---- | M] () [Auto] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2007.10.31 12:55:54 | 000,040,448 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hpnuhub.sys -- (HPNUHUB)
DRV:64bit: - [2007.03.27 20:14:12 | 000,016,384 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hpnuhst.sys -- (hpnuhst)
DRV - [2007.10.31 12:55:54 | 000,040,448 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\hpnuhub.sys -- (HPNUHUB)
DRV - [2007.03.27 20:14:12 | 000,016,384 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\hpnuhst.sys -- (hpnuhst)
DRV - [1999.03.08 14:15:00 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\SysWOW64\drivers\PMEMNT.SYS -- (PMEM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1326832379-838882392-2275103834-1108\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1326832379-838882392-2275103834-1108\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1326832379-838882392-2275103834-1108\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 12 DC BA B7 50 CE 01 [binary data]
IE - HKU\S-1-5-21-1326832379-838882392-2275103834-1108\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.de"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010.12.22 12:49:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.12.22 14:50:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.18 12:08:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\pagealicious@pagealicious.com: C:\Program Files (x86)\Pagealicious\Pagealicious.xpi [2013.02.05 16:20:30 | 000,036,695 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.16 08:55:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.16 08:55:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.08 12:33:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.18 12:08:39 | 000,000,000 | ---D | M]

[2013.04.16 08:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\swerner.DUERINGER\AppData\Roaming\mozilla\Extensions
[2013.04.16 08:55:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) --
[2013.04.16 08:55:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2013.03.01 18:37:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.01 18:37:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.01 18:37:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.10 09:02:50 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2013.03.01 18:37:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.01 18:37:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.01 18:37:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.12.22 12:45:08 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Pagealicious) - {60C07B56-542E-4054-A503-4E9E08DF2F84} - C:\Program Files (x86)\Pagealicious\Pagealicious.dll (TODO: <Company name>)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\lotus\org6\organize\iehelper.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKU\S-1-5-21-1326832379-838882392-2275103834-1108\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1326832379-838882392-2275103834-1108..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1326832379-838882392-2275103834-1108..\Run: [ctfmon.exe] File not found
O4 - HKU\S-1-5-21-755987038-800257658-2420284740-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-755987038-800257658-2420284740-1001..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\eschneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - C:\lotus\org6\organize\bandobjs.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} hxxp://196.100.60.124/libs/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dueringer.local
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\System32\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\iw9lof.bat) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.09.11 12:18:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{5bcb1f6c-11a7-11e0-a04c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5bcb1f6c-11a7-11e0-a04c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe -- [2005.07.16 23:36:50 | 000,240,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013.05.15 08:27:45 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Malwarebytes
[2013.05.14 17:43:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.14 12:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013.04.30 12:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.04.30 12:31:49 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Apple Computer
[2013.04.17 06:37:00 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Apple
[2013.04.16 08:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.16 08:16:45 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Macromedia
[2013.04.16 08:16:30 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Mozilla
[2013.04.16 08:16:30 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Mozilla
[2013.04.15 12:26:38 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BECHMANN AVA
[2013.04.15 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Downloaded Installations
[2013.04.15 12:24:44 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Programs
[2013.04.15 10:32:39 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Roaming\InstallShield

========== Files - Modified Within 30 Days ==========

[2013.05.15 08:38:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.15 08:37:56 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.15 08:34:40 | 000,628,743 | ---- | M] () -- C:\Users\swerner.DUERINGER\Desktop\adwcleaner_2.3.0.0.exe
[2013.05.15 07:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.14 17:43:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.14 17:34:55 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.14 17:34:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.14 17:29:49 | 000,001,547 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.05.13 17:27:26 | 000,011,539 | ---- | M] () -- C:\Windows\avascript.ini
[2013.05.13 09:31:29 | 000,000,287 | ---- | M] () -- C:\Users\swerner.DUERINGER\AppData\Local\VersionChecker_14.xml
[2013.04.25 10:14:44 | 000,002,108 | ---- | M] () -- C:\Users\swerner.DUERINGER\Desktop\Exchange Server_196.100.60.101.RDP
[2013.04.25 10:12:37 | 000,002,048 | ---- | M] () -- C:\Users\swerner.DUERINGER\Desktop\Daten Server_196.100.60.100.RDP
[2013.04.25 10:11:34 | 000,002,048 | -H-- | M] () -- C:\Users\swerner.DUERINGER\Documents\Default.rdp
[2013.04.22 11:07:57 | 000,003,323 | ---- | M] () -- C:\ProgramData\bechmann.ini

========== Files Created - No Company Name ==========

[2013.05.15 08:34:34 | 000,628,743 | ---- | C] () -- C:\Users\swerner.DUERINGER\Desktop\adwcleaner_2.3.0.0.exe
[2013.05.14 17:34:55 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.25 10:14:39 | 000,002,108 | ---- | C] () -- C:\Users\swerner.DUERINGER\Desktop\Exchange Server_196.100.60.101.RDP
[2013.04.25 10:11:52 | 000,002,048 | ---- | C] () -- C:\Users\swerner.DUERINGER\Desktop\Daten Server_196.100.60.100.RDP
[2013.04.25 10:02:19 | 000,002,048 | -H-- | C] () -- C:\Users\swerner.DUERINGER\Documents\Default.rdp
[2013.04.15 12:24:44 | 000,003,323 | ---- | C] () -- C:\ProgramData\bechmann.ini
[2013.04.11 11:10:29 | 000,000,287 | ---- | C] () -- C:\Users\swerner.DUERINGER\AppData\Local\VersionChecker_14.xml
[2012.01.12 10:16:16 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.19 17:31:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.09.27 11:22:59 | 001,598,970 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.05 12:20:53 | 000,260,248 | ---- | C] () -- C:\Windows\SysWow64\QMO.dll
[2011.09.05 12:20:53 | 000,092,312 | ---- | C] () -- C:\Windows\SysWow64\QMOCameraDll.dll
[2011.03.11 16:19:29 | 006,814,952 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011.01.03 13:36:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll
[2011.01.03 10:55:48 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll
[2011.01.03 10:55:48 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2010.12.27 13:00:52 | 000,003,090 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.12.22 13:21:24 | 000,011,539 | ---- | C] () -- C:\Windows\avascript.ini
[2010.12.22 12:13:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.22 12:13:26 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.12.22 12:13:26 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.12.22 12:13:25 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.12.22 12:13:25 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.12.22 12:13:25 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.09.27 12:52:52 | 000,000,164 | ---- | C] () -- C:\Windows\DBDUIHost.exe.config
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2003.08.22 12:01:08 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\mcdbcall.dll
[2003.07.24 16:13:14 | 000,303,616 | ---- | C] () -- C:\Windows\SysWow64\BP_CallDBDUI.dll
[2002.05.31 10:04:00 | 000,495,616 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll
[2001.06.27 03:24:00 | 000,000,260 | ---- | C] () -- C:\Windows\SysWow64\IC32.INI
[1999.12.06 22:31:22 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\Implode.dll
[1998.12.03 15:00:00 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\u2lbar.dll
[1998.01.13 15:52:30 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\LOTRN13.DLL
[1997.05.16 08:46:22 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\HEKRNL32.DLL
[1996.08.01 06:00:30 | 000,187,392 | ---- | C] () -- C:\Windows\SysWow64\HEICON32.DLL
[1996.08.01 06:00:30 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\HETOOL32.DLL
[1996.08.01 06:00:04 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\HEDLG32.DLL
[1996.08.01 06:00:04 | 000,067,072 | ---- | C] () -- C:\Windows\SysWow64\HERTF32.DLL
[1996.08.01 04:50:10 | 000,382,464 | ---- | C] () -- C:\Windows\SysWow64\HTKRNL32.DLL
[1996.02.21 05:00:10 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\HEMENU32.DLL
[1995.07.01 05:01:00 | 000,225,792 | ---- | C] () -- C:\Windows\SysWow64\IMGMAN30.DLL

========== LOP Check ==========

[2013.04.11 15:31:49 | 000,000,000 | ---D | M] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Abvent
[2013.04.26 10:31:03 | 000,000,000 | ---D | M] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Abvent_Artlantis3
[2013.04.11 11:10:27 | 000,000,000 | ---D | M] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Nemetschek
[2013.04.30 12:32:39 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2011.01.05 17:57:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Abvent
[2010.12.22 11:24:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012.09.11 12:34:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2011.12.12 09:26:57 | 000,000,000 | ---D | M] -- C:\ProgramData\AVM
[2013.04.15 12:26:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Bechmann
[2011.06.22 09:35:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Canon
[2011.01.10 18:10:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2013.04.18 11:00:16 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM
[2012.10.15 09:10:36 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJWSpt
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010.12.22 11:24:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011.01.03 14:40:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Downloaded Installations
[2011.02.16 15:42:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Driver Mender
[2012.12.20 13:17:30 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2010.12.22 11:24:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.06.21 17:34:23 | 000,000,000 | ---D | M] -- C:\ProgramData\IEConfiguration1und1
[2011.03.10 11:46:00 | 000,000,000 | ---D | M] -- C:\ProgramData\LogSys
[2011.01.18 12:19:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2011.01.18 12:03:58 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2011.01.20 18:00:48 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2010.12.22 13:54:23 | 000,000,000 | ---D | M] -- C:\ProgramData\PixelPlanet
[2011.01.03 10:41:54 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2013.05.14 12:22:21 | 000,000,000 | ---D | M] -- C:\ProgramData\StarApp
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010.12.22 11:24:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011.05.30 15:49:29 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011.03.09 09:36:05 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom
[2012.08.27 13:15:46 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2010.12.22 11:24:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010.12.22 13:54:03 | 000,000,000 | ---D | M] -- C:\ProgramData\VVW
[2010.12.22 14:20:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012.11.21 09:20:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMPBC416F8
< End of report >

Alt 15.05.2013, 13:33   #2
t'john
/// Helfer-Team
 
GVU Trojaner eingefangen - Standard

GVU Trojaner eingefangen




Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTLpe

  • Starte den infizierten Rechner mit der OTLpe-CD und öffne OTLpe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:
ATTFilter
:OTL

O4 - HKU\S-1-5-21-1326832379-838882392-2275103834-1108..\Run: [AdobeBridge] File not found 
O4 - HKU\S-1-5-21-1326832379-838882392-2275103834-1108..\Run: [ctfmon.exe] File not found 
O4 - HKU\S-1-5-21-755987038-800257658-2420284740-1001..\RunOnce: [mctadmin] File not found 
[2013.05.14 17:43:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe 
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\swerner\*.tmp
C:\Users\swerner\AppData\*.dll
C:\Users\swerner\AppData\*.exe
C:\Users\swerner\AppData\Local\Temp\*.exe
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
  • Klicke jetzt auf den Fix Button.
  • Starte danach neu und versuche wieder in den normalen Modus von Windows zu booten.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\OTL\MovedFiles\<time_date.log>)
  • Kopiere nun dessen Inhalt hier in deinen Thread.




2. Schritt
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________
Alt 15.05.2013, 15:49   #3
uncleb
 
GVU Trojaner eingefangen - Standard

GVU Trojaner eingefangen


========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1326832379-838882392-2275103834-1108\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1326832379-838882392-2275103834-1108\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-755987038-800257658-2420284740-1001\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
File C:\ProgramData\rundll32.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll deleted successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\TEMP folder moved successfully.
File\Folder C:\Users\swerner\*.tmp not found.
File\Folder C:\Users\swerner\AppData\*.dll not found.
File\Folder C:\Users\swerner\AppData\*.exe not found.
C:\Users\swerner\AppData\Local\Temp\AcDeltree.exe moved successfully.
C:\Users\swerner\AppData\Local\Temp\EasyLogin_setup_DE.exe moved successfully.
C:\Users\swerner\AppData\Local\Temp\hdinst_x64.exe moved successfully.
C:\Users\swerner\AppData\Local\Temp\ICReinstall_Kings Empire Hack V1.1.rar.exe moved successfully.
C:\Users\swerner\AppData\Local\Temp\MSIM102784285.exe moved successfully.
C:\Users\swerner\AppData\Local\Temp\MSIM103348041.exe moved successfully.
C:\Users\swerner\AppData\Local\Temp\MyClaroTB.exe moved successfully.
C:\Users\swerner\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe moved successfully.
C:\Users\swerner\AppData\Local\Temp\SIMEEI2Installer.exe moved successfully.
C:\Users\swerner\AppData\Local\Temp\SIMEEIInstaller.exe moved successfully.
C:\Users\swerner\AppData\Local\Temp\toolbar103570701.exe moved successfully.
C:\Users\swerner\AppData\Local\Temp\uninst1.exe moved successfully.
C:\Users\swerner\AppData\Local\Temp\uninstall103635332.exe moved successfully.
C:\Users\swerner\AppData\Local\Temp\uninstall103649529.exe moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\swerner\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin

User: Administrator
->Temp folder emptied: 117998 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 36568639 bytes
->Flash cache emptied: 42076 bytes

User: Administrator.DUERINGER
->Temp folder emptied: 88555 bytes
->Temporary Internet Files folder emptied: 301425473 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 57222 bytes

User: All Users

User: cmehmeti
->Temp folder emptied: 131990 bytes
->Temporary Internet Files folder emptied: 2387892 bytes
->Flash cache emptied: 113888 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: eschneider
->Temp folder emptied: 469683 bytes
->Temporary Internet Files folder emptied: 38802 bytes
->FireFox cache emptied: 41811005 bytes
->Flash cache emptied: 42491 bytes

User: ksommerstoll
->Temp folder emptied: 1006027 bytes
->Temporary Internet Files folder emptied: 4496430 bytes
->Flash cache emptied: 56958 bytes

User: mwerner
->Flash cache emptied: 45134 bytes

User: Praktikant
->Temp folder emptied: 62203 bytes
->Temporary Internet Files folder emptied: 860809 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Public

User: swerner
->Temp folder emptied: 909762764 bytes
->Temporary Internet Files folder emptied: 409500232 bytes
->Java cache emptied: 2072625 bytes
->FireFox cache emptied: 104299237 bytes
->Flash cache emptied: 57189 bytes

User: swerner.DUERINGER
->Temp folder emptied: 115820034 bytes
->Temporary Internet Files folder emptied: 42762716 bytes
->Java cache emptied: 10530 bytes
->FireFox cache emptied: 5209838 bytes
->Flash cache emptied: 56987 bytes

User: SWERNE~1~DUE
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: User
->Temp folder emptied: 755190110 bytes
->Temporary Internet Files folder emptied: 4719234 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50677570 bytes
->Flash cache emptied: 539 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 333076707 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes

Total Files Cleaned = 2.979,00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 05152013_164012

Files\Folders moved on Reboot...
C:\Users\swerner.DUERINGER\AppData\Local\Temp\ExchangePerflog_8484fa31980089d7cfcccd43.dat moved successfully.
C:\Users\swerner.DUERINGER\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\swerner.DUERINGER\AppData\Local\Temp\~DF7488EADAC1DD301B.TMP moved successfully.
File\Folder C:\Users\swerner.DUERINGER\AppData\Local\Temp\~PIB9FC.tmp not found!
File\Folder C:\Users\swerner.DUERINGER\AppData\Local\Temp\~PIB9FD.tmp not found!
C:\Users\swerner.DUERINGER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{43661966-BC31-4E82-87D7-C333EBD7F281}.tmp moved successfully.
File\Folder C:\Users\swerner.DUERINGER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1FF7A69B-5173-44A4-9620-F333F4A575BC}.tmp not found!
C:\Users\swerner.DUERINGER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3AB84800-2536-4140-B6B5-30EAB4BD545B}.tmp moved successfully.
File\Folder C:\Users\swerner.DUERINGER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{78D7A531-95CF-4A43-9CFD-727BDFF95E7D}.tmp not found!
C:\Users\swerner.DUERINGER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8A28BB0B-ABCB-4F33-A1A2-15EAB3FAF7A2}.tmp moved successfully.
C:\Users\swerner.DUERINGER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A77F97B6-CFC0-4E71-932E-469448CC142F}.tmp moved successfully.
File\Folder C:\Users\swerner.DUERINGER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EAF01EC7-6BC0-489A-825E-57D12F9C6E1F}.tmp not found!
File\Folder C:\Users\swerner.DUERINGER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EBDC713A-DE09-488C-B85C-213975224738}.tmp not found!
C:\Users\swerner.DUERINGER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FA8A272E-0A9E-4B2D-8036-780DDA3C5429}.tmp moved successfully.
C:\Users\swerner.DUERINGER\AppData\Local\Mozilla\Firefox\Profiles\hz97w923.default\startupCache\startupCache.4.little moved successfully.
C:\Users\swerner.DUERINGER\AppData\Local\Mozilla\Firefox\Profiles\hz97w923.default\Cache\_CACHE_001_ moved successfully.
C:\Users\swerner.DUERINGER\AppData\Local\Mozilla\Firefox\Profiles\hz97w923.default\Cache\_CACHE_002_ moved successfully.
C:\Users\swerner.DUERINGER\AppData\Local\Mozilla\Firefox\Profiles\hz97w923.default\Cache\_CACHE_003_ moved successfully.
C:\Users\swerner.DUERINGER\AppData\Local\Mozilla\Firefox\Profiles\hz97w923.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\swerner.DUERINGER\AppData\Local\Mozilla\Firefox\Profiles\hz97w923.default\_CACHE_CLEAN_ moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

Registry entries deleted on Reboot...
__________________
Alt 13.07.2013, 15:36   #4
t'john
/// Helfer-Team
 
GVU Trojaner eingefangen - Standard

GVU Trojaner eingefangen


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU Trojaner eingefangen
adobe, adobe flash player, autorun, bho, bonjour, canon, error, explorer, firefox, flash player, format, helper, home, logfile, microsoft, mozilla, nvidia, object, plug-in, programme, registry, rundll, scan, server, software, trojaner, winlogon


« GVU Trojaner, abgesicherter Modus funktioniert nicht | GVU Trojaner »


Ähnliche Themen: GVU Trojaner eingefangen


  1. Trojaner eingefangen?
    Log-Analyse und Auswertung - 17.10.2015 (13)
  2. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (10)
  3. GVU Trojaner eingefangen...
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (43)
  4. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  5. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (6)
  6. GVU Trojaner eingefangen!
    Log-Analyse und Auswertung - 17.10.2012 (2)
  7. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (17)
  8. Gvu Trojaner 2.07 Eingefangen
    Log-Analyse und Auswertung - 21.08.2012 (6)
  9. GVU Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (11)
  10. GVU-Trojaner 2.07 eingefangen
    Log-Analyse und Auswertung - 25.07.2012 (11)
  11. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (19)
  12. 50€ Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (21)
  13. Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (1)
  14. Trojaner eingefangen....
    Log-Analyse und Auswertung - 27.04.2011 (1)
  15. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (2)
  16. Trojaner eingefangen?
    Log-Analyse und Auswertung - 03.03.2009 (0)
  17. Trojaner VX2 eingefangen
    Log-Analyse und Auswertung - 03.05.2005 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner eingefangen - Hatte schonmal gepostet, weiß aber nicht ob das funktioniert hat. Hier also nochmals die OTL.txt: OTL logfile created on: 15.05.2013 08:44:03 - Run OTLPE by OldTimer - Version 3.1.48.0 Folder - GVU Trojaner eingefangen...

Alle Zeitangaben in WEZ +1. Es ist jetzt 03:06 Uhr.

Kontakt - Trojaner-Board - Archiv - Datenschutzerklärung - Nach oben

Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: GVU Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131