Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU Trojaner LOG-File (https://www.trojaner-board.de/137597-gvu-trojaner-log-file.html)

seaking 02.07.2013 20:19
GVU Trojaner LOG-File
 
Hi,

ich habe jetzte ein Logifle mit Hilfe von OTLPE erhalten. Wie muss ich jetzt weiter vorgehen?

LG


Zitat:
OTL logfile created on: 7/2/2013 10:02:47 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.24 Gb Total Space | 61.91 Gb Free Space | 51.92% Space Free | Partition Type: NTFS
Drive D: | 153.85 Gb Total Space | 146.42 Gb Free Space | 95.17% Space Free | Partition Type: NTFS
Drive E: | 3.69 Gb Total Space | 0.24 Gb Free Space | 6.41% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/25 17:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto] -- C:\Windows\System32\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/17 04:52:26 | 000,267,480 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV:64bit: - [2010/09/17 04:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService)
SRV - [2013/06/12 11:06:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/03 07:06:20 | 003,999,512 | ---- | M] () [Auto] -- D:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2012/06/11 10:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 10:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/07/07 19:32:30 | 000,088,704 | ---- | M] (ASUS) [Auto] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2010/12/20 21:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 21:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/12/15 13:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/12/02 17:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 17:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/08 12:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/06/26 06:55:48 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/02 13:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/06/02 13:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/24 03:24:22 | 002,750,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/18 01:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/11/20 07:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/14 13:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/09/17 04:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010/09/17 04:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/09/17 04:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010/09/17 04:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010/08/24 05:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/12/02 17:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 17:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 17:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 17:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/07/20 05:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/07/26 16:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 20:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Manuel_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\Manuel_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\Manuel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011/04/12 22:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/06/12 11:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/12 11:06:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] File not found
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Manuel_ON_C..\Run: [GoogleChromeAutoLaunch_4A220D28DEF0DEF57A4596AFA0CC93AC] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\Manuel_ON_C..\Run: [IExplorer Util] C:\Users\Manuel\AppData\Roaming\ie_util.exe ()
O4 - HKU\Manuel_ON_C..\Run: [rfxsrvtray] D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKU\Manuel_ON_C..\Run: [Seatheec] C:\Users\Manuel\AppData\Roaming\Vyfa\isyc.exe (Ojejy)
O4 - HKU\Manuel_ON_C..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\syncables.exe (syncables, LLC)
O4 - HKU\Manuel_ON_C..\Run: [Uqteishom] C:\Users\Manuel\AppData\Roaming\Ylik\ukkif.exe ()
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Manuel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Manuel_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Manuel_ON_C Winlogon: Shell - (C:\Users\Manuel\AppData\Roaming\skype.dat) - C:\Users\Manuel\AppData\Roaming\skype.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/06/26 07:08:24 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{C124BBB6-F8CD-4819-9F70-F33FA22FF133}
[2013/06/25 12:01:37 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{4FDE77AB-7730-4BA6-926C-37FC5BA3738E}
[2013/06/21 10:44:10 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{D7C70789-F791-4D56-A2A5-DE7879268DC9}
[2013/06/13 09:24:45 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{C11CDAE3-9FD9-4674-A2E4-6028FCFDC22F}
[2013/06/12 11:05:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/06/12 09:49:27 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{00365DC0-05BE-4D97-B16B-92CE82F9730F}
[2013/06/12 09:45:58 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{E846E871-C9E1-4356-8423-A73294577D01}
[2013/06/11 04:32:01 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{5BC41613-E156-4B63-BA63-BDCAC6925683}
[2013/06/10 17:28:50 | 000,000,000 | ---D | C] -- C:\Users\Manuel\Desktop\Neuer Ordner (11)
[2013/06/10 11:49:10 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{1CB9812B-A34D-472C-AACD-DF639011B4B2}
[2013/06/08 08:58:08 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{5BCD9064-4EB9-412D-9228-1DF853FB7803}

========== Files - Modified Within 30 Days ==========

[2013/07/02 15:22:17 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/02 13:24:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/02 13:24:32 | 000,000,004 | ---- | M] () -- C:\Users\Manuel\AppData\Roaming\skype.ini
[2013/07/02 13:24:17 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2013/07/02 13:23:24 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/02 12:17:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/06/30 12:35:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/30 11:19:27 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/30 11:19:27 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/25 11:42:14 | 000,655,722 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/06/25 11:42:14 | 000,619,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/25 11:42:14 | 000,130,332 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/06/25 11:42:14 | 000,107,506 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/10 17:38:01 | 002,474,035 | ---- | M] () -- C:\Users\Manuel\Desktop\IMG_2589.JPG

========== Files Created - No Company Name ==========

[2013/06/30 12:44:10 | 000,000,004 | ---- | C] () -- C:\Users\Manuel\AppData\Roaming\skype.ini
[2013/06/10 17:53:11 | 002,474,035 | ---- | C] () -- C:\Users\Manuel\Desktop\IMG_2589.JPG
[2013/04/08 18:27:08 | 000,075,264 | ---- | C] () -- C:\Users\Manuel\AppData\Roaming\ie_util.exe
[2011/12/11 16:02:07 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2011/12/07 20:11:41 | 000,003,584 | ---- | C] () -- C:\Users\Manuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/07 12:39:43 | 008,618,964 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/07 11:21:43 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011/08/25 01:30:45 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/25 01:30:44 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/25 01:30:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/08/25 01:30:43 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/25 01:30:42 | 013,899,776 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/04/12 22:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011/02/18 15:49:33 | 000,070,144 | ---- | C] () -- C:\Users\Manuel\AppData\Roaming\skype.dat
[2011/02/18 15:49:32 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/29 01:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/02/26 02:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config

========== LOP Check ==========

[2013/06/30 11:10:31 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Ahokpo
[2011/12/11 15:27:33 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\ASUS WebStorage
[2012/09/26 08:10:59 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\DVDVideoSoft
[2012/07/03 07:47:59 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\DVDVideoSoftIEHelpers
[2013/05/14 19:35:46 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\ICQ
[2013/03/24 12:58:46 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Ilic
[2011/12/07 11:52:54 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Nuance
[2012/06/23 10:00:25 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\OpenCandy
[2011/12/08 21:44:00 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\PlayFirst
[2013/06/01 08:36:17 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\SoftGrid Client
[2011/12/11 16:02:24 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Tobit
[2011/12/07 12:40:42 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\TP
[2012/06/23 10:00:53 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\TuneUp Software
[2013/01/15 17:35:06 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Vyfa
[2011/12/28 04:52:14 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Windows Live Writer
[2013/01/15 17:35:06 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Ycbe
[2013/03/24 12:58:46 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Ylik
[2013/02/05 07:48:00 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Yshya
[2011/12/07 11:52:52 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Zeon
[2011/12/10 10:38:37 | 000,000,000 | -H-D | M] -- C:\ProgramData\.Syncables
[2011/12/10 10:38:46 | 000,000,000 | -H-D | M] -- C:\ProgramData\.syncID
[2011/09/25 07:47:36 | 000,000,000 | ---D | M] -- C:\ProgramData\AmUStor
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/12/07 11:25:27 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
[2012/08/15 19:10:54 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/12/07 11:22:00 | 000,000,000 | ---D | M] -- C:\ProgramData\ChangeFolderView
[2012/06/23 10:00:45 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/04/12 22:33:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Downloaded Installations
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/12/07 11:22:01 | 000,000,000 | ---D | M] -- C:\ProgramData\FolderView
[2013/04/08 16:02:59 | 000,000,000 | ---D | M] -- C:\ProgramData\mnij
[2011/12/07 11:52:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Nuance
[2011/04/12 22:48:44 | 000,000,000 | ---D | M] -- C:\ProgramData\OberonGameConsole
[2013/07/02 12:17:50 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G
[2011/12/29 05:12:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Partner
[2011/12/08 21:44:00 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayFirst
[2011/04/12 22:33:05 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/12/11 16:12:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/01/26 18:11:31 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2012/06/23 10:01:07 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2011/12/15 08:59:57 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2012/06/23 10:00:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013/07/02 15:22:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:81F83028
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:3AE22B1A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC
< End of report >

aharonov 02.07.2013 20:36
Hallo seaking und :hallo:

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eins vorneweg: Ich kann dir keine Garantien geben, dass ich alles finden werde. Bei schwerwiegenden Infektionen ist ein Formatieren und Neuinstallieren meist der schnellere und immer der sicherere Weg.
Wenn du dich für eine Bereinigung entscheidest, dann sollten wir gründlich vorgehen. Bleib also dran, bis ich dir eindeutig mitteile, dass wir fertig sind.
Auch wenn die auffälligen Symptome schon früh verschwinden, bedeutet das nicht, dass dein Rechner dann schon sauber und sicher ist.

Hinweise zum Ablauf
  • Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
    • Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
    • Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles erst zum Schluss gesammelt in einer Antwort.
    • Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
    • Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.
  • Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert:
    • Lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
    • Installiere oder deinstalliere während der Bereinigung keine Software.

Los geht's:

Bei dir läuft auch noch andere Malware als der GVU-Sperrbildschirm!
Aber eines nach dem anderen.. Kannst du nach folgendem Fix den Rechner wieder normal starten?

  • Starte den infizierten Rechner mit der OTLpe-CD und öffne OTLpe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
:OTL
O20 - HKU\Manuel_ON_C Winlogon: Shell - (C:\Users\Manuel\AppData\Roaming\skype.dat) - C:\Users\Manuel\AppData\Roaming\skype.dat ()
[2013/06/30 12:44:10 | 000,000,004 | ---- | C] () -- C:\Users\Manuel\AppData\Roaming\skype.ini
  • Klicke jetzt auf den Fix Button.
  • Starte danach neu und versuche wieder in den normalen Modus von Windows zu booten.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\OTL\MovedFiles\<time_date.log>)
  • Kopiere nun dessen Inhalt hier in deinen Thread.

seaking 02.07.2013 21:27
Sauber, danke, PC ist hochgefahren...
Würde dann jetzt meine Daten sichern und das Ding platt machen.

Nochmal danke für den schnellen Support!:dankeschoen:

Hier noch der Inhalt des Logfiles:

Zitat:
========== OTL ==========
Registry value HKEY_USERS\Manuel_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Manuel\AppData\Roaming\skype.dat deleted successfully.
C:\Users\Manuel\AppData\Roaming\skype.dat moved successfully.
C:\Users\Manuel\AppData\Roaming\skype.ini moved successfully.

OTLPE by OldTimer - Version 3.1.48.0 log created on 07022013_225806

aharonov 03.07.2013 00:13
Hi,

Zitat:
Würde dann jetzt meine Daten sichern und das Ding platt machen.
Ok, alles klar.

Die andere Malware, die ich erwähnt hatte, sind unschöne Banker, welche es auf deine Daten abgesehen haben. Und die laufen wohl schon länger. Deshalb:


Warnung: Infostealer

Aus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat.
Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen.

Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern.

aharonov 08.07.2013 10:46
Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131