Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner legt Geschäfts PC lahm

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.07.2012, 16:20   #1
reisekiste
 
GVU Trojaner legt Geschäfts PC lahm - Standard

GVU Trojaner legt Geschäfts PC lahm



Hallo,
mein GeschäftsPC ist vom GVU Trojaner lahm gelegt worden. Ich kann nichts mehr machen, habe keinen Zugrif mehr auf den Desktop, es erscheint über den gesamten Bildschirm das angebliche Schreiben der GVU mit Zahlungsaufforderung!
Es handelt sich um einen Aldi PC mit Windows 7 Home Edition, 64 Bit.
Der Login Benutzer hat Administrationsrechte,ich benutze Firefox.
Welche Informationen benötigen Sie noch von mir.

Ich brauche bitte dringend Hilfe, da ich ein Reisebüro habe und nicht mehr arbeiten kann!

Herzlichen Dank!
Bernd

Alt 26.07.2012, 16:25   #2
t'john
/// Helfer-Team
 
GVU Trojaner legt Geschäfts PC lahm - Standard

GVU Trojaner legt Geschäfts PC lahm





Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:


Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.
__________________

__________________

Alt 26.07.2012, 17:36   #3
reisekiste
 
GVU Trojaner legt Geschäfts PC lahm - Standard

GVU Trojaner legt Geschäfts PC lahm



Hallo t'john,
danke für die spontane Hilfe, ich bin jetzt bei diesem Punkt:
"Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen"

er startet auch den REATOGO-X-PE, dann kommt das Windows Start Bild und danach habe ich einen Blue Screen mit: problem has been redictet and windows has been shut down.....

Was nun?

Nochmals Danke!
Bernd
__________________

Alt 26.07.2012, 17:42   #4
t'john
/// Helfer-Team
 
GVU Trojaner legt Geschäfts PC lahm - Standard

GVU Trojaner legt Geschäfts PC lahm



Im BIOS bitte SATA von AHCI auf IDE umstellen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.07.2012, 18:29   #5
reisekiste
 
GVU Trojaner legt Geschäfts PC lahm - Standard

GVU Trojaner legt Geschäfts PC lahm



Hat geklappt, hier das Ergebnis, wie geht es jetzt weiter?

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/26/2012 10:01:34 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.51 Gb Total Space | 638.28 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1451.48 Gb Free Space | 77.91% Space Free | Partition Type: NTFS
Drive H: | 911.41 Gb Total Space | 405.63 Gb Free Space | 44.51% Space Free | Partition Type: NTFS
Drive I: | 30.00 Gb Total Space | 10.25 Gb Free Space | 34.17% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/10/06 19:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/06 08:45:54 | 000,068,096 | ---- | M] () [On_Demand] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2001/11/09 07:07:42 | 000,055,296 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\CfgSrvc.exe -- (HsspConfig)
SRV - [2001/11/09 07:07:42 | 000,055,296 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\CfgSrvc.exe -- (CfgSrvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010/12/22 10:04:56 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010/12/22 10:04:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/11/25 00:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/10/06 19:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/06 19:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/18 23:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009/09/18 23:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2009/09/18 23:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/30 19:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/04/30 18:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2009/04/30 18:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/07/26 09:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/05/14 14:31:58 | 000,644,608 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008/05/14 14:31:32 | 000,352,384 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\emOEM64.sys -- (USB28xxOEM)
DRV - [2011/08/11 04:43:44 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
DRV - [2008/11/28 08:34:56 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto] -- C:\Windows\sysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Bernd_Jung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Bernd_Jung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Bernd_Jung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 B9 6C 4D 55 5B CD 01  [binary data]
IE - HKU\Bernd_Jung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_262.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Bernd Jung\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 02:26:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 04:05:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/18 14:41:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/05/25 18:13:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd Jung\AppData\Roaming\Mozilla\Extensions
[2011/05/25 18:13:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd Jung\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/29 08:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd Jung\AppData\Roaming\Mozilla\Firefox\D\mozilla\browser\extensions
[2012/05/29 08:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd Jung\AppData\Roaming\Mozilla\Firefox\D\mozilla\browser\extensions\bbrs_002@blabbers.com
[2012/06/01 04:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/01 04:05:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/19 02:26:37 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/04 04:42:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/13 01:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/13 01:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 01:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/13 01:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/13 01:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/13 01:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/07/26 09:16:09 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Device Detector] C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems, Ltd.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\Bernd_Jung_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Bernd Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ()
O4 - Startup: C:\Users\Bernd Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\Bernd_Jung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8:64bit: - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2012\spy.htm ()
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2012\spy.htm ()
O9:64bit: - Extra Button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2012\spy.htm ()
O9:64bit: - Extra 'Tools' menuitem : Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2012\spy.htm ()
O9 - Extra Button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2012\spy.htm ()
O9 - Extra 'Tools' menuitem : Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2012\spy.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Bernd_Jung_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Bernd_Jung_ON_C Winlogon: Shell - (C:\Users\Bernd Jung\AppData\Roaming\msconfig.dat) - C:\Users\Bernd Jung\AppData\Roaming\msconfig.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/11 05:09:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012/07/11 05:09:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 05:09:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/11 05:09:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/11 05:09:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 05:09:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 05:09:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/11 05:09:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 05:09:53 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/11 05:09:53 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012/07/11 05:09:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/11 05:09:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 05:09:53 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/07/11 05:09:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 02:05:35 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/11 02:05:35 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncrypt.dll
[2012/07/10 02:55:35 | 000,000,000 | ---D | C] -- C:\Users\Bernd Jung\AppData\Local\Macromedia
[2012/06/28 12:29:37 | 000,000,000 | ---D | C] -- C:\Users\Bernd Jung\Documents\Tagebau-Simulator 2011
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/26 09:28:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/26 09:27:56 | 000,000,045 | ---- | M] () -- C:\Users\Bernd Jung\AppData\Roaming\msconfig.ini
[2012/07/26 09:22:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 09:22:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 09:19:13 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012/07/26 09:19:13 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/07/26 09:16:17 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/26 09:16:09 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/26 09:16:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\lmhosts
[2012/07/26 09:14:35 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/26 09:02:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/26 04:08:54 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2012/07/26 04:08:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\lmhosts.bak
[2012/07/26 04:08:29 | 000,817,280 | ---- | M] () -- C:\Users\Bernd Jung\Documents\SabreRedStarter.exe
[2012/07/25 07:26:05 | 000,027,136 | ---- | M] () -- C:\Users\Bernd Jung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/24 03:56:53 | 000,694,454 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/07/24 03:56:53 | 000,693,478 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/07/24 03:56:53 | 000,691,216 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012/07/24 03:56:53 | 000,689,750 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012/07/24 03:56:53 | 000,689,132 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012/07/24 03:56:53 | 000,679,366 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2012/07/24 03:56:53 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/07/24 03:56:53 | 000,632,204 | ---- | M] () -- C:\Windows\System32\perfh00E.dat
[2012/07/24 03:56:53 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/24 03:56:53 | 000,610,226 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2012/07/24 03:56:53 | 000,551,794 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2012/07/24 03:56:53 | 000,148,334 | ---- | M] () -- C:\Windows\System32\perfc00E.dat
[2012/07/24 03:56:53 | 000,137,086 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/07/24 03:56:53 | 000,134,864 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012/07/24 03:56:53 | 000,133,776 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2012/07/24 03:56:53 | 000,132,964 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012/07/24 03:56:53 | 000,130,164 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/07/24 03:56:53 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/07/24 03:56:53 | 000,127,168 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012/07/24 03:56:53 | 000,121,550 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2012/07/24 03:56:53 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/24 03:56:53 | 000,089,460 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2012/07/20 07:31:48 | 001,020,997 | ---- | M] () -- C:\Users\Bernd Jung\Documents\Kreuzfahrt ab-an Dubai.pdf
[2012/07/20 05:50:25 | 000,400,370 | ---- | M] () -- C:\Users\Bernd Jung\Documents\Neues Ticket 25 Feb.pdf
[2012/07/19 05:33:16 | 000,002,994 | ---- | M] () -- C:\Users\Bernd Jung\Documents\sabre_red_+_merlin_Reisebestaetigung.pdf
[2012/07/19 02:26:36 | 000,002,114 | ---- | M] () -- C:\Users\Bernd Jung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/07/17 11:39:18 | 000,202,806 | ---- | M] () -- C:\Users\Bernd Jung\Documents\DB BAHN - Verbindungen - Ihre Auskunft.pdf
[2012/07/11 07:06:46 | 000,002,125 | ---- | M] () -- C:\Users\Bernd Jung\Documents\Zahlung.pdf
[2012/07/11 05:24:02 | 000,306,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/10 02:52:38 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/10 02:52:38 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/09 03:21:01 | 507,695,035 | ---- | M] () -- C:\Windows\MEMORY.DMP
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/26 09:11:56 | 000,000,045 | ---- | C] () -- C:\Users\Bernd Jung\AppData\Roaming\msconfig.ini
[2012/07/20 07:31:47 | 001,020,997 | ---- | C] () -- C:\Users\Bernd Jung\Documents\Kreuzfahrt ab-an Dubai.pdf
[2012/07/20 05:50:25 | 000,400,370 | ---- | C] () -- C:\Users\Bernd Jung\Documents\Neues Ticket 25 Feb.pdf
[2012/07/19 05:33:16 | 000,002,994 | ---- | C] () -- C:\Users\Bernd Jung\Documents\sabre_red_+_merlin_Reisebestaetigung.pdf
[2012/07/17 11:39:17 | 000,202,806 | ---- | C] () -- C:\Users\Bernd Jung\Documents\DB BAHN - Verbindungen - Ihre Auskunft.pdf
[2012/07/11 07:06:46 | 000,002,125 | ---- | C] () -- C:\Users\Bernd Jung\Documents\Zahlung.pdf
[2012/06/04 05:54:45 | 000,947,408 | ---- | C] () -- C:\Windows\Diercke Globus Online Uninstaller.exe
[2012/01/11 08:04:28 | 000,050,176 | ---- | C] () -- C:\Users\Bernd Jung\AppData\Roaming\msconfig.dat
[2011/08/11 07:39:06 | 000,027,136 | ---- | C] () -- C:\Users\Bernd Jung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/27 12:28:38 | 000,000,000 | ---- | C] () -- C:\Windows\sabserv.INI
[2011/05/25 18:53:45 | 000,007,608 | ---- | C] () -- C:\Users\Bernd Jung\AppData\Local\Resmon.ResmonCfg
[2011/05/25 18:42:41 | 000,000,195 | ---- | C] () -- C:\Windows\wininit.ini
[2011/05/25 18:42:40 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\OFEP.DLL
[2011/05/25 18:42:40 | 000,135,168 | ---- | C] () -- C:\Windows\sabserv.exe
[2011/05/25 18:42:40 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\matipsp.dll
[2011/05/25 18:42:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\Csapi10.dll
[2011/05/25 18:42:40 | 000,060,416 | ---- | C] () -- C:\Windows\SysWow64\bsdofep.dll
[2011/05/25 18:42:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\SOCK32M.DLL
[2011/05/25 18:42:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\CSAPI10s.dll
[2011/05/25 18:42:40 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\CfgSrvc.exe
[2011/05/25 18:42:40 | 000,051,392 | ---- | C] () -- C:\Windows\SysWow64\WBTRCALL.DLL
[2011/05/25 18:42:40 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\SvcUitl.dll
[2011/05/25 18:42:40 | 000,048,640 | ---- | C] () -- C:\Windows\SysWow64\sdcomm.dll
[2011/05/25 18:42:40 | 000,048,496 | ---- | C] () -- C:\Windows\MDBCSAPI.EXE
[2011/05/25 18:42:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\sabver.dll
[2011/05/25 18:42:40 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\isgsp.dll
[2011/05/25 18:42:40 | 000,040,860 | ---- | C] () -- C:\Windows\SysWow64\TRAVEL.DLL
[2011/05/25 18:42:40 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\notify.dll
[2011/05/25 18:42:40 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\Csaconn.dll
[2011/05/25 18:42:40 | 000,034,272 | ---- | C] () -- C:\Windows\SysWow64\SI.DLL
[2011/05/25 18:42:40 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\CTL32.DLL
[2011/05/25 18:42:40 | 000,030,873 | ---- | C] () -- C:\Windows\SysWow64\AATOOLS.DLL
[2011/05/25 18:42:40 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\iateclass.dll
[2011/05/25 18:42:40 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DTCTRL.dll
[2011/05/25 18:42:40 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\CsapiComm.dll
[2011/05/25 18:42:40 | 000,015,680 | ---- | C] () -- C:\Windows\SysWow64\CTL.DLL
[2011/05/25 18:42:40 | 000,015,360 | ---- | C] () -- C:\Windows\TASKTRAY.EXE
[2011/05/25 18:42:40 | 000,015,136 | ---- | C] () -- C:\Windows\SysWow64\SABRE.DRV
[2011/05/25 18:42:40 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\STRGRPS.DLL
[2011/05/25 18:42:40 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\STRGRPPC.DLL
[2011/05/25 18:42:40 | 000,012,832 | ---- | C] () -- C:\Windows\SysWow64\SABKEYW.DLL
[2011/05/25 18:42:40 | 000,012,288 | ---- | C] () -- C:\Windows\cfgreg.exe
[2011/05/25 18:42:40 | 000,011,520 | ---- | C] () -- C:\Windows\SysWow64\SB.DLL
[2011/05/25 18:42:40 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\AAPI.DLL
[2011/05/25 18:42:40 | 000,005,408 | ---- | C] () -- C:\Windows\SysWow64\SABWNAPI.DLL
[2011/05/25 18:42:40 | 000,004,244 | ---- | C] () -- C:\Windows\SysWow64\SFWVER.DLL
[2011/05/25 18:42:40 | 000,000,579 | ---- | C] () -- C:\Windows\sabsite.Ini
[2011/05/25 18:42:28 | 000,040,517 | ---- | C] () -- C:\Windows\jRegistryKey.dll
[2011/05/25 18:42:25 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\PORTAL.dll
[2011/05/25 18:42:25 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\JServAPI.dll
[2011/05/25 18:42:25 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\JNIREG.dll
[2011/05/25 18:42:14 | 000,000,800 | ---- | C] () -- C:\Windows\SABRE.INI
[2009/11/06 04:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2002/03/20 16:01:06 | 000,006,688 | ---- | C] () -- C:\Windows\SysWow64\Digita.sys
[2002/03/20 16:00:20 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\TransportUSB.dll
[2002/03/20 16:00:20 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\TransportSerial.dll
[2002/03/20 16:00:18 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\TransportIrDA.dll
[2002/03/20 16:00:18 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\TransportIrCOMM.dll
 
========== LOP Check ==========
 
[2011/08/11 04:45:28 | 000,000,000 | ---D | M] -- C:\Users\Bernd Jung\AppData\Roaming\ACD Systems
[2011/10/19 06:37:40 | 000,000,000 | ---D | M] -- C:\Users\Bernd Jung\AppData\Roaming\Amazon
[2012/07/26 09:16:10 | 000,000,000 | ---D | M] -- C:\Users\Bernd Jung\AppData\Roaming\BrowserCompanion
[2012/06/04 05:55:35 | 000,000,000 | ---D | M] -- C:\Users\Bernd Jung\AppData\Roaming\Diercke Globus Online
[2011/10/28 06:30:49 | 000,000,000 | ---D | M] -- C:\Users\Bernd Jung\AppData\Roaming\EAC
[2011/07/15 03:54:38 | 000,000,000 | ---D | M] -- C:\Users\Bernd Jung\AppData\Roaming\FinalMediaPlayer
[2012/04/20 02:38:17 | 000,000,000 | ---D | M] -- C:\Users\Bernd Jung\AppData\Roaming\FreeFileViewer
[2011/09/29 06:34:08 | 000,000,000 | ---D | M] -- C:\Users\Bernd Jung\AppData\Roaming\Leadertech
[2011/05/25 19:48:13 | 000,000,000 | ---D | M] -- C:\Users\Bernd Jung\AppData\Roaming\OpenOffice.org
[2012/05/14 06:04:48 | 000,000,000 | ---D | M] -- C:\Users\Bernd Jung\AppData\Roaming\TeamViewer
[2011/05/25 18:13:46 | 000,000,000 | ---D | M] -- C:\Users\Bernd Jung\AppData\Roaming\Thunderbird
[2011/05/25 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Bernd Jung\AppData\Roaming\TightVNC
[2011/12/05 05:47:37 | 000,000,000 | ---D | M] -- C:\Users\Bernd Jung\AppData\Roaming\TravelTainment
[2011/07/05 08:40:01 | 000,000,000 | ---D | M] -- C:\Users\Bernd Jung\AppData\Roaming\UDC Profiles
[2011/08/11 04:43:46 | 000,000,000 | ---D | M] -- C:\ProgramData\ACD Systems
[2012/01/20 06:14:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Altova
[2011/05/25 17:33:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/06/26 12:11:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Codemasters
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/05/25 17:33:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/05/25 17:33:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/05/25 17:33:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/10/31 09:29:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/05/25 17:33:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/08/11 04:34:42 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2012/07/26 09:19:13 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2012/07/26 09:19:13 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
[2012/06/04 08:04:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---


Alt 26.07.2012, 20:37   #6
t'john
/// Helfer-Team
 
GVU Trojaner legt Geschäfts PC lahm - Standard

GVU Trojaner legt Geschäfts PC lahm



Fixen mit OTLpe


  • Starte den unbootbaren Computer erneut mit der OTLPE-CD,
  • warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.



  • Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
  • Sollte das mangels Internet-Verbindung nicht möglich sein,
  • kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
  • Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
  • Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:


Code:
ATTFilter
:OTL
SRV - [2012/02/06 08:45:54 | 000,068,096 | ---- | M] () [On_Demand] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service) 
SRV - [2001/11/09 07:07:42 | 000,055,296 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\CfgSrvc.exe -- (HsspConfig) 
SRV - [2001/11/09 07:07:42 | 000,055,296 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\CfgSrvc.exe -- (CfgSrvc) 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\Bernd_Jung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) 
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) 
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) 
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) 
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () 
O4 - HKU\Bernd_Jung_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found 
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found 
O4 - Startup: C:\Users\Bernd Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk () 
O4 - Startup: C:\Users\Bernd Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKU\Bernd_Jung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] 
O18:64bit: - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKU\Bernd_Jung_ON_C Winlogon: Shell - (C:\Users\Bernd Jung\AppData\Roaming\msconfig.dat) - C:\Users\Bernd Jung\AppData\Roaming\msconfig.dat () 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] 
O34 - HKLM BootExecute: (autocheck autochk *) - File not found 
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found 
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 
 

[2012/07/26 09:19:13 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job 
[2012/07/26 09:19:13 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job 
[2012/07/26 09:16:17 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012/07/26 09:16:10 | 000,000,000 | ---D | M] -- C:\Users\Bernd Jung\AppData\Roaming\BrowserCompanion 
[2012/07/26 09:02:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[emptyjava]
         

  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
  • Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.
__________________
--> GVU Trojaner legt Geschäfts PC lahm

Alt 27.07.2012, 10:15   #7
reisekiste
 
GVU Trojaner legt Geschäfts PC lahm - Standard

GVU Trojaner legt Geschäfts PC lahm



hallo t'john,

hier das Ergebnis.
Wenn ich den PC neu strate erhalte ich eine startup repair anfrage!
soll ich den PC restoren?


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Macromedia Licensing Service deleted successfully.
File C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HsspConfig deleted successfully.
File C:\Windows\SysWOW64\CfgSrvc.exe not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CfgSrvc deleted successfully.
File C:\Windows\SysWOW64\CfgSrvc.exe not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Bernd_Jung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ deleted successfully.
File C:\Program Files (x86)\BrowserCompanion\jsloader.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}\ deleted successfully.
File C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\LogitechQuickCamRibbon deleted successfully.
File C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe not found.
Registry key HKEY_USERS\Bernd_Jung_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe not found.
Registry key HKEY_USERS\LocalService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
File C:\Users\Bernd Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk not found.
File C:\Users\Bernd Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\Bernd_Jung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\base64\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}\ not found.
File {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\chrome\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}\ not found.
File {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\prox\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}\ not found.
File {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found.
File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_USERS\Bernd_Jung_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Bernd Jung\AppData\Roaming\msconfig.dat deleted successfully.
File C:\Users\Bernd Jung\AppData\Roaming\msconfig.dat not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
File/Folder C:\Windows\SysWow64\*.tmp not found.
File C:\Windows\tasks\Final Media Player Update Checker.job not found.
File C:\Windows\tasks\FreeFileViewerUpdateChecker.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
Folder C:\Users\Bernd Jung\AppData\Roaming\BrowserCompanion\ not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bernd Jung
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Bernd Jung
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[emptyjava]> in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 07272012_164454

Files\Folders moved on Reboot...
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
File\Folder C:\Users\Bernd Jung\AppData\Local\Temp\2011-09-15-1182985418_04-RG.PDF not found!
File\Folder C:\Users\Bernd Jung\AppData\Local\Temp\2011-10-14-1193277784_04-RG.PDF not found!

Registry entries deleted on Reboot...

Alt 27.07.2012, 12:44   #8
t'john
/// Helfer-Team
 
GVU Trojaner legt Geschäfts PC lahm - Standard

GVU Trojaner legt Geschäfts PC lahm



Nein, nicht restoren!

Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.07.2012, 13:33   #9
reisekiste
 
GVU Trojaner legt Geschäfts PC lahm - Standard

GVU Trojaner legt Geschäfts PC lahm



habe vollscan noch nicht gestartet. OTLPD-CD ist nicht im Laufwerk, er bringt system recovery options und will wohl ein kompletten neuanfang machen, will nun erst mal meine daten sichern, oder gibt es andere Möglichkeit?

Alt 27.07.2012, 13:36   #10
t'john
/// Helfer-Team
 
GVU Trojaner legt Geschäfts PC lahm - Standard

GVU Trojaner legt Geschäfts PC lahm



Was genau steht auf dem Bildschirm?
Kannst du Windows normal starten?
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.07.2012, 16:31   #11
reisekiste
 
GVU Trojaner legt Geschäfts PC lahm - Standard

GVU Trojaner legt Geschäfts PC lahm



beim start kommt unten "del to enter oder f8"
wenn ich nichts drücke kommt
mit starthilfe starten oder windos normal starten
wenn ich nichts mache kommt nach 30 sec
system recovery options wie oben erwähnt

Alt 27.07.2012, 16:34   #12
t'john
/// Helfer-Team
 
GVU Trojaner legt Geschäfts PC lahm - Standard

GVU Trojaner legt Geschäfts PC lahm



Bitte windows normal starten!
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.07.2012, 16:40   #13
reisekiste
 
GVU Trojaner legt Geschäfts PC lahm - Standard

GVU Trojaner legt Geschäfts PC lahm



windows konnte nicht gestartet werden, dann wieder das selbe spiel
mit starthilfe und normal starten

Alt 27.07.2012, 16:41   #14
t'john
/// Helfer-Team
 
GVU Trojaner legt Geschäfts PC lahm - Standard

GVU Trojaner legt Geschäfts PC lahm



Dann Starthilfe.
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.07.2012, 17:13   #15
reisekiste
 
GVU Trojaner legt Geschäfts PC lahm - Standard

GVU Trojaner legt Geschäfts PC lahm



cannot repair
statement online:
//go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409


habe jetzt folgende optionen:
startup repair
system restore
system image recovery
windows memory diagnostik
command prompt

Geändert von reisekiste (27.07.2012 um 18:07 Uhr)

Antwort

Themen zu GVU Trojaner legt Geschäfts PC lahm
angebliche, arbeiten, benutzer, benötige, bildschirm, brauche, desktop, dringend, edition, erschein, erscheint, gelegt, gesamte, gesamten, gvu bundespolizei bka ukash, home, informationen, lahm, login, nicht mehr, nichts, troja, trojaner, windows, windows 7



Ähnliche Themen: GVU Trojaner legt Geschäfts PC lahm


  1. BKA-Trojaner/Österreich legt Windows XP lahm
    Log-Analyse und Auswertung - 29.09.2013 (7)
  2. Interpol Trojaner legt meinen PC lahm
    Log-Analyse und Auswertung - 17.09.2013 (8)
  3. Trojaner legt Windows 7 PC lahm
    Log-Analyse und Auswertung - 09.08.2013 (3)
  4. GVU Trojaner legt Computer lahm
    Plagegeister aller Art und deren Bekämpfung - 21.04.2013 (29)
  5. Trojaner legt onlinebanking lahm
    Log-Analyse und Auswertung - 13.12.2012 (1)
  6. GVU Trojaner legt PC lahm
    Log-Analyse und Auswertung - 06.08.2012 (2)
  7. GVU-Trojaner legt Benutzer lahm
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (9)
  8. BKA Trojaner legt alles lahm
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  9. Spyeye Trojaner legt Onlinebanking lahm
    Plagegeister aller Art und deren Bekämpfung - 22.07.2011 (3)
  10. Trojaner legt alles lahm
    Plagegeister aller Art und deren Bekämpfung - 30.08.2009 (6)
  11. Trojaner legt Firefox lahm
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (1)
  12. Trojaner? IExplore.exe legt System lahm
    Log-Analyse und Auswertung - 12.04.2009 (1)
  13. Trojaner legt alles lahm
    Log-Analyse und Auswertung - 14.01.2009 (4)
  14. Trojaner legt alles lahm
    Plagegeister aller Art und deren Bekämpfung - 29.12.2008 (0)
  15. trojaner/virus legt pc lahm
    Log-Analyse und Auswertung - 23.09.2008 (35)
  16. Trojaner legt Pc lahm....need Help
    Log-Analyse und Auswertung - 02.04.2008 (4)
  17. Trojaner der AntivirXP lahm legt
    Plagegeister aller Art und deren Bekämpfung - 02.01.2005 (10)

Zum Thema GVU Trojaner legt Geschäfts PC lahm - Hallo, mein GeschäftsPC ist vom GVU Trojaner lahm gelegt worden. Ich kann nichts mehr machen, habe keinen Zugrif mehr auf den Desktop, es erscheint über den gesamten Bildschirm das angebliche - GVU Trojaner legt Geschäfts PC lahm...
Archiv
Du betrachtest: GVU Trojaner legt Geschäfts PC lahm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.