gvu trojaner 2.07 eingefangen
 

hallo

-habe mir gestern den gvu trojaner 2.07 eingefangen
-habe mir die kaspersky rescue disk 10 runtergeladen
-habe dort die windowsunlocker option genutzt
-kann jetzt wieder auf mein pc zugreifen
-nun gilt es nur noch der trojaner zu killen :confused: aber wie???
-bitte um hilfe und bedanke mich schonmal im voraus:daumenhoc

mein sytem ist windows xp 32bit

:hallo:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

• Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Wähle Scanne Alle Benuzer
• Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
• Unter Extra Registrierung, wähle bitte Benutze SafeList
• Klicke nun auf Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

wow danke erstmal für die schnelle antwort:applaus:

habe alles so ausgeführt wie beschrieben
die log´s sind als zip im anhang

mfg homy

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

• Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
• Starte die OTL.exe.
  Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
• Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

• Schließe alle Programme.
• Klicke auf den Fix Button.
• Wenn OTL einen Neustart verlangt, bitte zulassen.
• Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
  Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

soo alles gefixst und hier mein nächster beitrag:abklatsch:





All processes killed
========== OTL ==========
Service qgnhqms stopped successfully!
Service qgnhqms deleted successfully!
File C:\WINDOWS\System32\fqijxkp.dll File not found not found.
Service PCSUITEDFRGSVC stopped successfully!
Service PCSUITEDFRGSVC deleted successfully!
File C:\Programme\MARKEMENT\PCSUITE DEFRAG\pcsuitedefragsvc.exe File not found not found.
Service NMSAccessU stopped successfully!
Service NMSAccessU deleted successfully!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\{F316A250-AE78-47E8-AD5E-B22537DBDCC5}\NMSAccessU.exe File not found not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1454471165-1957994488-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{05FFB01D-0514-4901-9DE8-FDF09C99A0AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05FFB01D-0514-4901-9DE8-FDF09C99A0AB}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CCA58F7F-FBB9-4684-AA2C-6407C91FE1AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA58F7F-FBB9-4684-AA2C-6407C91FE1AC}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "BrotherSoft Extreme Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://search.babylon.com/?affID=112555&tt=171011_prot~171011_prot&babsrc=HP_ss&mntrId=4c4f1058000000000000f07d68ac6612" removed from browser.startup.homepage
Prefs.js: "hxxp://isearch.avg.com/search?cid=%7Ba5a575f5-7516-4187-a0e5-cbea35062b1d%7D&mid=66c2908afd3e47d0bbabd157d62328b5-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=11.1.0.12&lang=de&pr=fr&d=2012-07-11%2008%3A48%3A51&sap=ku&q=" removed from keyword.URL
Prefs.js: ":" removed from network.proxy.ftp
Prefs.js: ":" removed from network.proxy.gopher
Prefs.js: ":" removed from network.proxy.http
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: ":" removed from network.proxy.socks
Prefs.js: ":" removed from network.proxy.ssl
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@rsj.de/prodown\ deleted successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
Registry value HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Programme\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HF_G_Jul deleted successfully.
C:\Programme\AVG Secure Search\HF_G_Jul.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security Service deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security Service not found.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk moved successfully.
C:\Programme\WinZip\WZQKPICK32.EXE moved successfully.
C:\Dokumente und Einstellungen\killerrellik\Startmenü\Programme\Autostart\CurseClientStartup.ccip moved successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d0c1805-215f-11df-9b8e-001e90c7c146}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d0c1805-215f-11df-9b8e-001e90c7c146}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d0c1805-215f-11df-9b8e-001e90c7c146}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d0c1805-215f-11df-9b8e-001e90c7c146}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d0c1805-215f-11df-9b8e-001e90c7c146}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d0c1805-215f-11df-9b8e-001e90c7c146}\ not found.
File F:\Startme.exe not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Dokumente und Einstellungen\killerrellik\Desktop\j4sk23cd.exe moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E6D38BF2 deleted successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1957994488-725345543-1003UA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1957994488-725345543-1003Core.job moved successfully.
C:\Programme\AVG\AVG2012\sounds folder moved successfully.
C:\Programme\AVG\AVG2012\PCTuneup folder moved successfully.
C:\Programme\AVG\AVG2012\Notification folder moved successfully.
C:\Programme\AVG\AVG2012\myapps folder moved successfully.
C:\Programme\AVG\AVG2012\Icons folder moved successfully.
C:\Programme\AVG\AVG2012\html\reportcard folder moved successfully.
C:\Programme\AVG\AVG2012\html folder moved successfully.
C:\Programme\AVG\AVG2012\Firefox\DoNotTrack\defaults\preferences folder moved successfully.
C:\Programme\AVG\AVG2012\Firefox\DoNotTrack\defaults folder moved successfully.
C:\Programme\AVG\AVG2012\Firefox\DoNotTrack\components folder moved successfully.
C:\Programme\AVG\AVG2012\Firefox\DoNotTrack\Chrome folder moved successfully.
C:\Programme\AVG\AVG2012\Firefox\DoNotTrack folder moved successfully.
C:\Programme\AVG\AVG2012\Firefox folder moved successfully.
Folder move failed. C:\Programme\AVG\AVG2012\Drivers scheduled to be moved on reboot.
C:\Programme\AVG\AVG2012\Content folder moved successfully.
C:\Programme\AVG\AVG2012\Chrome folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\speedtest_sp1\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\speedtest_sp1 folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\speedtest\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\speedtest folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\pct\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\pct folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\obx\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\obx folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\multimi-banner-sp1\banner folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\multimi-banner-sp1 folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\multimi-banner\banner folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\multimi-banner folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation_sp1\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation_sp1 folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation_en_sp1\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation_en_sp1 folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation_en\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation_en folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\inclient_trial\banner folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\inclient_trial folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\inclient_free_cnet\upgrade folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\inclient_free_cnet folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\inclient_free\upgrade folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\inclient_free\banner folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\inclient_free folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\fas\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\fas folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\dav\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\dav folder moved successfully.
C:\Programme\AVG\AVG2012\awacs folder moved successfully.
C:\Programme\AVG\AVG2012\3rd_party\licenses folder moved successfully.
C:\Programme\AVG\AVG2012\3rd_party folder moved successfully.
Folder move failed. C:\Programme\AVG\AVG2012 scheduled to be moved on reboot.
Folder move failed. C:\Programme\AVG scheduled to be moved on reboot.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\killerrellik\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\killerrellik\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: killerrellik
->Temp folder emptied: 19271122 bytes
->Temporary Internet Files folder emptied: 420353810 bytes
->Java cache emptied: 19101116 bytes
->FireFox cache emptied: 430646368 bytes
->Google Chrome cache emptied: 6878151 bytes
->Flash cache emptied: 506 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 248690 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1772489 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1100080 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1007810 bytes
RecycleBin emptied: 3466528770 bytes

Total Files Cleaned = 4.165,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: killerrellik
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 08022012_183442

Files\Folders moved on Reboot...
C:\Programme\AVG\AVG2012\Drivers folder moved successfully.
Folder move failed. C:\Programme\AVG\AVG2012 scheduled to be moved on reboot.
Folder move failed. C:\Programme\AVG\AVG2012 scheduled to be moved on reboot.
Folder move failed. C:\Programme\AVG scheduled to be moved on reboot.
File\Folder C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEAE5.tmp not found!
File\Folder C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEAF2.tmp not found!
File\Folder C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEB63.tmp not found!
File\Folder C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEB70.tmp not found!
C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SGXC6UZD\121052-gvu-trojaner-2-07-eingefangen[1].html moved successfully.
C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SGXC6UZD\si[1].txt moved successfully.
C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\Content.IE5\A6MUN3W9\ads[2].htm moved successfully.
C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...
File C:\Programme\AVG\AVG2012\Drivers not found!
File C:\Programme\AVG\AVG2012 not found!
File C:\Programme\AVG not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEAE5.tmp not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEAF2.tmp not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEB63.tmp not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEB70.tmp not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SGXC6UZD\121052-gvu-trojaner-2-07-eingefangen[1].html not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SGXC6UZD\si[1].txt not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\Content.IE5\A6MUN3W9\ads[2].htm not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat not found!

Registry entries deleted on Reboot...

neues problem!!!

mein antivirenprogramm geht nicht mehr bzw die exe. fehlt

Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Search.
• Nach Ende des Suchlaufs öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

hiho t'john

rechner läudt stabil :daumenhoc

hier das ergebnis von malwarebytes und adwcleaner

Sehr gut! :daumenhoc

• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Delete.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

und weiter geht´s im kampf gegen den trojaner:sword2:
emsisoft hat leider 6 funde ergeben:eek:(sind vorerst in quarantäne)
aber siehe selbst, hier sind die zwei log´s






mfg homy

Sehr gut! :daumenhoc


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

• Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
• Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
• Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

• Lade und starte Eset Smartinstaller
• Haken setzen bei YES, I accept the Terms of Use.
• Klick auf Start.
• Haken setzen bei Remove found threads und Scan archives.
• Klick auf Start.
• Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Finish drücken.
• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

und hier der log von EsetOnlineScanner

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

• Downloade dir bitte die neueste Java-Version von hier
• Speichere die jxpiinstall.exe
• Schließe alle laufenden Programme. Speziell deinen Browser.
• Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
• Wenn die Installation beendet wurde
  Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
• Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

• Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
• Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
• Klicke auf Dateien löschen....
• Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
• Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

ok java ist aktualisiert und die Temporäre Internetdateien sind gelöscht

wie geht es jetzt weiter:confused:

mfg homy

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

hiho

hier der log von malwarebytes



mfg homy