|
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner ? Freund sucht ...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.07.2013, 17:57 | #1 |
| GVU Trojaner ? Freund sucht ... Hallo liebes Helferteam Ich habe via Mail Kontakt zu einem Freund, dessen PC offensichtlich durch einen GVU Virus infiziert wurde. Er beschreibt, dass sein PC durch eine Zahlungsaufforderung geblockt wurde. Der PC ( Standort Florida ) wurde in der Eingabeaufforderung mittels CF "bearbeitet" Er ist mittlerweile in der Lage auf den Desktop von Windows zu gelangen. Da das Kind bereits durch CF in den Brunnen geschubst wurde, habe ich ihn gebeten OTL zu nutzen. ( gemäß der Reihenfolge dieses Boards ) Hier seine Logs. Hier der log txt seines Combofix Code:
ATTFilter Combofix Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 7/3/2013 12:05:28 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Robert\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 80.44% Memory free 5.09 Gb Paging File | 4.58 Gb Available in Paging File | 90.09% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 26.61 Gb Free Space | 17.85% Space Free | Partition Type: NTFS Drive E: | 37.20 Gb Total Space | 15.86 Gb Free Space | 42.65% Space Free | Partition Type: NTFS Drive K: | 7.45 Gb Total Space | 3.03 Gb Free Space | 40.68% Space Free | Partition Type: FAT32 Computer Name: BOB-90C805ABDF4 | User Name: Robert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1454471165-884357618-725345543-1004\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02E016E9-4D64-4747-AD7F-7EA990E8897E}" = Eagles Lair 2.0 "{02E24DA0-3CE5-E505-C47C-EDA70E236725}" = ccc-utility "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1 "{0746EA50-4969-1B7C-F36D-C0CF75977A93}" = ATI AVIVO Codecs "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar "{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12 "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{190601AF-7BE4-046E-CEBF-14EE74434250}" = AMD Catalyst Install Manager "{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet "{1B339913-4259-A059-8F62-3C43E72A1BAC}" = Catalyst Control Center Localization All "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3 "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29 "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{36A52BCF-AC3D-32F1-AD5F-A09769EB8887}" = Google Talk Plugin "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client "{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{46CF6A90-7EFB-47E3-9B14-FBCEFA9F9982}" = Catalyst Control Center - Branding "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update "{7524763B-0D8A-4DF4-984D-6D90A319463D}" = IL-2 Sturmovik 1946 "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946 "{7A34F050-4ABE-8BDB-4ABE-F3B649173F34}" = ccc-core-static "{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries "{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert "{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C1C4E8D-6F79-495E-8C9A-FAAC8A31BEAB}" = tazti 2.0.2 "{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2 "{A7D32074-FCF8-4A0A-BD4D-E594E7130573}" = Eagles Lair "{A869FEA9-B223-4324-B130-008AC50B054B}" = HyperLobby client "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AE3DAD62-8464-43F7-8A00-1E5442D9EBA0}" = Eagles Lair Free "{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin "{B41069C7-7E24-473F-B400-BF48B82D9948}" = AMD OverDrive "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2 "{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm "{BA7B13B2-D0A9-B4F8-CB34-C300C3AF843D}" = Skins "{BC4A54D6-6591-4D01-AE21-C9ABAAF69D7F}" = Microsoft Expression Encoder 4 "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{BE6E6BF7-6A81-4EC2-AD29-4580025149F1}" = TrackIR4 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CC67DD84-77C6-C9F8-FA03-953F1C1C92A9}" = Catalyst Control Center InstallProxy "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE58CC8D-CCF4-8D4F-BD04-9AC4A32FA1DB}" = CCC Help English "{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9) "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility "{DD54CF66-090B-43E7-97C1-110EF526474D}" = ArcSoft Multimedia Email "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}" = TrackIR5 "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "{F9EC30D1-F688-4708-9850-CB5120074AAA}" = Microsoft Expression Encoder 4 Screen Capture Codec "{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7 "{FAAA508A-05C0-488B-BFC2-F9217E545A81}" = Logitech Gaming Software "{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility "{FC888095-A35E-4993-A9E0-366BF6F0CCE0}" = ArcSoft PhotoImpression 5 "{FCCDE84B-0154-459E-A8F2-C6B3FA5C1881}" = HydraVision "{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "7-Zip" = 7-zip v9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "All ATI Software" = ATI - Software Uninstall Utility "AnalogX HyperTrace" = AnalogX HyperTrace "AnalogX ITR Client" = AnalogX ITR Client "ASUS WebStorage" = ASUS WebStorage "BOXEE" = Boxee "CCleaner" = CCleaner "Centipede with Pong" = Centipede with Pong "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Creative WebCam Center" = Creative WebCam Center "delta" = Delta toolbar "Delta Chrome Toolbar" = Delta Chrome Toolbar "DivX Setup" = DivX Setup "doPDF 6 printer_is1" = doPDF 6.2 printer "Download Manager" = Download Manager 2.3.8 "Encoder_4.0.3205.0" = Microsoft Expression Encoder 4 "Excel" = Microsoft Excel 97 "Family Tree Builder" = MyHeritage Family Tree Builder "fileopenerpro" = File Opener Pro "FinalTorrent_is1" = FinalTorrent 2011 "Fraps" = Fraps "HP Imaging Device Functions" = HP Imaging Device Functions 5.3 "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3 "ie8" = Windows Internet Explorer 8 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946 "InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor "InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert "InstallShield_{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE "Lexmark Pro700 Series" = Lexmark Pro700 Series "Logitech Vid" = Logitech Vid HD "lvdrivers_12.10" = Logitech Webcam Software Driver Package "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Money2008b" = Microsoft Money Plus "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "OpenAL" = OpenAL "PE Builder_is1" = PE Builder 3.1.10a "PFPortChecker" = PFPortChecker 1.0.39 "SearchProtect" = Search Protect by conduit "Settings Alerter" = Settings Alerter "sl-adk" = SelectionLinks "Steam App 44320" = DiRT 3 "Trusted Software Assistant_is1" = File Type Assistant "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Word8.0" = Microsoft Word 97 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Software Update" = Yahoo! Software Update "Zune" = Zune ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1454471165-884357618-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Applet" = Applet "magicJack" = magicJack "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/29/2013 6:46:23 AM | Computer Name = BOB-90C805ABDF4 | Source = Application Hang | ID = 1002 Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/29/2013 6:48:30 AM | Computer Name = BOB-90C805ABDF4 | Source = Application Hang | ID = 1002 Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/29/2013 10:00:05 AM | Computer Name = BOB-90C805ABDF4 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 49ef8e09, P4 atidemgx, P5 2.0.3882.23348, P6 4c6b8b91, P7 355, P8 6b, P9 system.exception, P10 NIL. Error - 6/29/2013 2:14:45 PM | Computer Name = BOB-90C805ABDF4 | Source = Application Hang | ID = 1002 Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/3/2013 8:50:05 AM | Computer Name = BOB-90C805ABDF4 | Source = MsiInstaller | ID = 10005 Description = Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes, Error - 7/3/2013 8:50:06 AM | Computer Name = BOB-90C805ABDF4 | Source = Microsoft Security Client | ID = 5000 Description = Error - 7/3/2013 8:50:15 AM | Computer Name = BOB-90C805ABDF4 | Source = Microsoft Security Client | ID = 5000 Description = [ Application Events ] Error - 6/29/2013 6:46:23 AM | Computer Name = BOB-90C805ABDF4 | Source = Application Hang | ID = 1002 Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/29/2013 6:48:30 AM | Computer Name = BOB-90C805ABDF4 | Source = Application Hang | ID = 1002 Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/29/2013 10:00:05 AM | Computer Name = BOB-90C805ABDF4 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 49ef8e09, P4 atidemgx, P5 2.0.3882.23348, P6 4c6b8b91, P7 355, P8 6b, P9 system.exception, P10 NIL. Error - 6/29/2013 2:14:45 PM | Computer Name = BOB-90C805ABDF4 | Source = Application Hang | ID = 1002 Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/3/2013 8:50:05 AM | Computer Name = BOB-90C805ABDF4 | Source = MsiInstaller | ID = 10005 Description = Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes, Error - 7/3/2013 8:50:06 AM | Computer Name = BOB-90C805ABDF4 | Source = Microsoft Security Client | ID = 5000 Description = Error - 7/3/2013 8:50:15 AM | Computer Name = BOB-90C805ABDF4 | Source = Microsoft Security Client | ID = 5000 Description = [ System Events ] Error - 6/30/2013 12:21:40 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7034 Description = The lxee_device service terminated unexpectedly. It has done this 1 time(s). Error - 6/30/2013 12:21:40 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7031 Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error - 6/30/2013 12:21:40 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7031 Description = The Zune Bus Enumerator service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 6/30/2013 12:21:41 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7034 Description = The Zune Bus Enumerator service terminated unexpectedly. It has done this 3 time(s). Error - 6/30/2013 12:21:50 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7031 Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error - 6/30/2013 12:22:01 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7034 Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s). Error - 7/3/2013 8:31:39 AM | Computer Name = BOB-90C805ABDF4 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.2.7 for the Network Card with network address C860005AD7B8 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). Error - 7/3/2013 8:33:18 AM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7000 Description = The Microsoft Antimalware Service service failed to start due to the following error: %%1920 Error - 7/3/2013 8:33:18 AM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 7/3/2013 11:08:02 AM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7000 Description = The Microsoft Antimalware Service service failed to start due to the following error: %%1920 [ System Events ] Error - 6/30/2013 12:21:40 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7034 Description = The lxee_device service terminated unexpectedly. It has done this 1 time(s). Error - 6/30/2013 12:21:40 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7031 Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error - 6/30/2013 12:21:40 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7031 Description = The Zune Bus Enumerator service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 6/30/2013 12:21:41 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7034 Description = The Zune Bus Enumerator service terminated unexpectedly. It has done this 3 time(s). Error - 6/30/2013 12:21:50 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7031 Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error - 6/30/2013 12:22:01 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7034 Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s). Error - 7/3/2013 8:31:39 AM | Computer Name = BOB-90C805ABDF4 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.2.7 for the Network Card with network address C860005AD7B8 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). Error - 7/3/2013 8:33:18 AM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7000 Description = The Microsoft Antimalware Service service failed to start due to the following error: %%1920 Error - 7/3/2013 8:33:18 AM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 7/3/2013 11:08:02 AM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7000 Description = The Microsoft Antimalware Service service failed to start due to the following error: %%1920 < End of report > Leider hat er die OTL.txt nicht angehängt. Diese habe ich bereits angefordert... Ich hoffe ihr könnt, trotz des umständlichen Umwegs, helfen.
__________________ Quidquid agis prudenter agas et respice finem Was auch immer du tust, tu es klug und bedenke die Folgen --------------------------------------------------------------------------------- Wenn ich nach 24 Stunden nicht antworte, bitte kurze PM |
03.07.2013, 18:12 | #2 |
/// TB-Ausbilder | GVU Trojaner ? Freund sucht ... Und warum benutzt der Kollege unaufgefordert CF?
__________________Macht mal so weiter: Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2: Quick-Scan mit Malwarebytes Downloade Dir bitte Malwarebytes Anti-MalwareSchritt 3: Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!
__________________ |
04.07.2013, 16:19 | #3 |
| GVU Trojaner ? Freund sucht ... Hallo ryder
__________________Hier nun die angeforderten Logs. AdwCleaner Logfile: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.304 - Logfile created 07/04/2013 at 01:21:32 # Updated 03/07/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Robert - BOB-90C805ABDF4 # Boot Mode : Normal # Running from : C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\4HJ0O01G\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} ***** [Registry] ***** ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v13.0.1 (en-US) File : C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\qn49utgt.default\prefs.js [OK] File is clean. -\\ Google Chrome v [Unable to get version] File : C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [20676 octets] - [03/07/2013 18:11:48] AdwCleaner[R2].txt - [1304 octets] - [04/07/2013 01:19:42] AdwCleaner[S1].txt - [20916 octets] - [03/07/2013 18:13:18] AdwCleaner[S2].txt - [1240 octets] - [04/07/2013 01:21:32] ########## EOF - C:\AdwCleaner[S2].txt - [1300 octets] ########## --- --- --- Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.29.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Robert :: BOB-90C805ABDF4 [administrator] 7/4/2013 1:30:31 AM mbam-log-2013-07-04 (01-30-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 266153 Time elapsed: 17 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7assmcud.default\extensions\vtrpcibnrm@vtrpcibnrm.org.xpi Win32/TrojanDownloader.Tracur.AD.Gen trojan C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadagdggdggggbdbdhgfgbdgdedagcgg\background.js Win32/TrojanDownloader.Tracur.V trojan C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadagdggdggggbdbdhgfgbdgdedagcgg\ContentScript.js Win32/TrojanDownloader.Tracur.AD trojan C:\Documents and Settings\Guest\My Documents\Downloads\Firefox_Setup(1).exe a variant of Win32/Adware.iBryte.G application C:\Documents and Settings\Guest\My Documents\Downloads\Firefox_Setup.exe a variant of Win32/Adware.iBryte.G application C:\Documents and Settings\Guest\My Documents\Downloads\Setup.exe a variant of Win32/Adware.iBryte.G application C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\63\1d89e9ff-3bc2bb29 Java/TrojanDownloader.Agent.NCQ trojan C:\Documents and Settings\Robert\Application Data\Download Manager\WINED.exe Win32/Agent.PQF trojan C:\Documents and Settings\Robert\My Documents\Downloads\Firefox_Setup(1).exe a variant of Win32/Adware.iBryte.G application C:\Documents and Settings\Robert\My Documents\Downloads\Firefox_Setup(2).exe a variant of Win32/Adware.iBryte.G application C:\Documents and Settings\Robert\My Documents\Downloads\Firefox_Setup.exe a variant of Win32/Adware.iBryte.G application C:\System Volume Information\_restore{198F089B-A4C0-43F2-840D-FAA26A8DFE78}\RP10\A0012620.dll a variant of Win32/Adware.Yontoo.B application C:\System Volume Information\_restore{198F089B-A4C0-43F2-840D-FAA26A8DFE78}\RP9\A0011336.dll a variant of Win32/Adware.Yontoo.A application C:\System Volume Information\_restore{198F089B-A4C0-43F2-840D-FAA26A8DFE78}\RP9\A0011345.dll a variant of Win32/Adware.Yontoo.B application Operating memory Win32/Agent.PQF trojan Nachtrag: Habs leider erst jetzt gesehen. Er hat wohl nach dem Reboot noch einen adw cleaner run gehabt: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.304 - Logfile created 07/04/2013 at 01:21:32 # Updated 03/07/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Robert - BOB-90C805ABDF4 # Boot Mode : Normal # Running from : C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\4HJ0O01G\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} ***** [Registry] ***** ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v13.0.1 (en-US) File : C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\qn49utgt.default\prefs.js [OK] File is clean. -\\ Google Chrome v [Unable to get version] File : C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [20676 octets] - [03/07/2013 18:11:48] AdwCleaner[R2].txt - [1304 octets] - [04/07/2013 01:19:42] AdwCleaner[S1].txt - [20916 octets] - [03/07/2013 18:13:18] AdwCleaner[S2].txt - [1240 octets] - [04/07/2013 01:21:32] ########## EOF - C:\AdwCleaner[S2].txt - [1300 octets] ########## Im wurde bereits mitgeteilt keinerlei Programme ohne deine Anweisung laufen zu lassen. Der PC ist jetzt vom Netz
__________________ Geändert von Redwulf (04.07.2013 um 17:15 Uhr) Grund: Nachtrag |
04.07.2013, 17:42 | #4 |
/// TB-Ausbilder | GVU Trojaner ? Freund sucht ... okay, die von ESET gefundenen Dateien können gelöscht werden Ansonsten sehe ich da erstmal nix.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
04.07.2013, 17:47 | #5 |
| GVU Trojaner ? Freund sucht ... Hallo ryder Habe noch die adw log Versionen R 1 und S 1 hier gesichert falls du sie brauchst ESET läuft. Ich habe Nachtdienst und es wird auch noch bei ihm ein paar Stunden dauern... Ich melde mich dann wieder. Wären wir dann durch ?
__________________ Quidquid agis prudenter agas et respice finem Was auch immer du tust, tu es klug und bedenke die Folgen --------------------------------------------------------------------------------- Wenn ich nach 24 Stunden nicht antworte, bitte kurze PM |
04.07.2013, 17:50 | #6 |
/// TB-Ausbilder | GVU Trojaner ? Freund sucht ... Nicht nötig. Wir haben die Erkennungen für dieses Tool sorgfältig eingepflegt und wissen ziemlich genau was da entfernt wird
__________________ --> GVU Trojaner ? Freund sucht ... |
04.07.2013, 17:59 | #7 |
| GVU Trojaner ? Freund sucht ... OK, das ist gut zu wissen Ich muss zugeben, dass mich die ESET Funde ein wenig beunruhigt haben.... Werde dann heute Nacht erst mal wieder für Sicherheit auf den Autobahnen sorgen und melde mich morgen nach dem ESET Lauf bei dir... Gute Nacht
__________________ Quidquid agis prudenter agas et respice finem Was auch immer du tust, tu es klug und bedenke die Folgen --------------------------------------------------------------------------------- Wenn ich nach 24 Stunden nicht antworte, bitte kurze PM Geändert von Redwulf (04.07.2013 um 18:02 Uhr) Grund: typo |
04.07.2013, 19:34 | #8 |
/// TB-Ausbilder | GVU Trojaner ? Freund sucht ... Alles klar.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
05.07.2013, 00:53 | #9 |
| GVU Trojaner ? Freund sucht ... Guten Morgen Ryder Im Verlaufe der Nacht wurden die Funde ( insgesamt 14 ) mittels ESET gelöscht. Hinweis von Eset war jeweils ...cleaned by deleting - quarantined Ich habe meinen Freund auf standby gesetzt, der Rechner ist mittlerweile wieder vom Netz ......und noch ein ESET Lauf, keine Ahnung warum Aber er hat noch einen Fund gelöscht Code:
ATTFilter C:\System Volume Information\_restore{198F089B-A4C0-43F2-840D-FAA26A8DFE78}\RP12\A0015552.exe Win32/Agent.PQF trojan cleaned by deleting - quarantined
__________________ Quidquid agis prudenter agas et respice finem Was auch immer du tust, tu es klug und bedenke die Folgen --------------------------------------------------------------------------------- Wenn ich nach 24 Stunden nicht antworte, bitte kurze PM |
05.07.2013, 14:50 | #10 |
/// TB-Ausbilder | GVU Trojaner ? Freund sucht ... Wir können zur Sicherheit einmal Combofix laufen lassen.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
07.07.2013, 10:19 | #11 |
| GVU Trojaner ? Freund sucht ... Hallo Ryder hat ein wenig gedauert, aber beim ersten Versuch CF ans Laufen zu bekommen wurde die Meldung expired ausgegeben und es löschte sich selbst. Wir habens deshalb nochmals neu gedownloaded ( was ein Wort ) und laufen lassen. Hier das Logfile: Code:
ATTFilter Combofix Logfile:
__________________ Quidquid agis prudenter agas et respice finem Was auch immer du tust, tu es klug und bedenke die Folgen --------------------------------------------------------------------------------- Wenn ich nach 24 Stunden nicht antworte, bitte kurze PM |
07.07.2013, 12:18 | #12 |
/// TB-Ausbilder | GVU Trojaner ? Freund sucht ... Ja sieht gut aus. Combofix.exe in Uninstall.exe umbenennen und laufen lassen. Das wärs von meiner Seite.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
07.07.2013, 18:22 | #13 |
| GVU Trojaner ? Freund sucht ... Ist erledigt....danke für deine Hilfe, auch von jemandem aus ca. 8000 km Entfernung: "Tell this guy hes pretty good " Habe ich hiermit gemacht......
__________________ Quidquid agis prudenter agas et respice finem Was auch immer du tust, tu es klug und bedenke die Folgen --------------------------------------------------------------------------------- Wenn ich nach 24 Stunden nicht antworte, bitte kurze PM |
07.07.2013, 18:30 | #14 |
/// TB-Ausbilder | GVU Trojaner ? Freund sucht ... Alles klar. Für einen Kumpel gibts natürlich auch englischsprachige Foren die bereinigen.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
08.07.2013, 08:21 | #15 |
| GVU Trojaner ? Freund sucht ... Wird ausgerichtet, hab einige Links dazu gefunden. Auch von mir nochmals Danke und ich glaube eine Anerkennung ist auf dem Weg zu euch aus den Staaten
__________________ Quidquid agis prudenter agas et respice finem Was auch immer du tust, tu es klug und bedenke die Folgen --------------------------------------------------------------------------------- Wenn ich nach 24 Stunden nicht antworte, bitte kurze PM |