Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: gvu trojaner 2.07 eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.08.2012, 15:15   #1
homy
 
gvu trojaner 2.07 eingefangen - Standard

gvu trojaner 2.07 eingefangen



hallo

-habe mir gestern den gvu trojaner 2.07 eingefangen
-habe mir die kaspersky rescue disk 10 runtergeladen
-habe dort die windowsunlocker option genutzt
-kann jetzt wieder auf mein pc zugreifen
-nun gilt es nur noch der trojaner zu killen aber wie???
-bitte um hilfe und bedanke mich schonmal im voraus

mein sytem ist windows xp 32bit

Alt 02.08.2012, 15:42   #2
t'john
/// Helfer-Team
 
gvu trojaner 2.07 eingefangen - Standard

gvu trojaner 2.07 eingefangen





1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 02.08.2012, 18:03   #3
homy
 
gvu trojaner 2.07 eingefangen - Standard

gvu trojaner 2.07 eingefangen



wow danke erstmal für die schnelle antwort

habe alles so ausgeführt wie beschrieben
die log´s sind als zip im anhang

mfg homy
__________________

Alt 02.08.2012, 18:10   #4
t'john
/// Helfer-Team
 
gvu trojaner 2.07 eingefangen - Standard

gvu trojaner 2.07 eingefangen



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
SRV - (qgnhqms) -- C:\WINDOWS\System32\fqijxkp.dll File not found 
SRV - (PCSUITEDFRGSVC) -- C:\Programme\MARKEMENT\PCSUITE DEFRAG\pcsuitedefragsvc.exe File not found 
SRV - (NMSAccessU) -- C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\{F316A250-AE78-47E8-AD5E-B22537DBDCC5}\NMSAccessU.exe File not found 
DRV - (WDICA) -- File not found 
DRV - (PDRFRAME) -- File not found 
DRV - (PDRELI) -- File not found 
DRV - (PDFRAME) -- File not found 
DRV - (PDCOMP) -- File not found 
DRV - (PCIDump) -- File not found 
DRV - (lbrtfdc) -- File not found 
DRV - (i2omgmt) -- File not found 
DRV - (Changer) -- File not found 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie 
IE - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\URLSearchHook: - No CLSID value found 
IE - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\SearchScopes\{05FFB01D-0514-4901-9DE8-FDF09C99A0AB}: "URL" = http://downloads.phpnuke.org/de/index.php?rvs=google 
IE - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IEDS 
IE - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4 
IE - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=171011_prot~171011_prot&babsrc=SP_ss&mntrId=4c4f1058000000000000f07d68ac6612 
IE - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRE_deDE359 
IE - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B5CA7B12-C1D3-420F-9898-02A3CED70E94}&mid=66c2908afd3e47d0bbabd157d62328b5-9a17500a96d428a5cdb8b2643968b9a928fc107f&lang=de&ds=AVG&pr=fr&d=2012-07-11 08:48:51&v=11.0.0.10&sap=dsp&q={searchTerms} 
IE - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3208938 
IE - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\SearchScopes\{CCA58F7F-FBB9-4684-AA2C-6407C91FE1AC}: "URL" = http://go.web.de/tb/ie_searchplugin/?su={searchTerms} 
IE - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms} 
IE - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" 
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" 
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=112555&tt=171011_prot~171011_prot&babsrc=HP_ss&mntrId=4c4f1058000000000000f07d68ac6612" 
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Ba5a575f5-7516-4187-a0e5-cbea35062b1d%7D&mid=66c2908afd3e47d0bbabd157d62328b5-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=11.1.0.12&lang=de&pr=fr&d=2012-07-11%2008%3A48%3A51&sap=ku&q=" 
FF - prefs.js..network.proxy.ftp: ":" 
FF - prefs.js..network.proxy.gopher: ":" 
FF - prefs.js..network.proxy.http: ":" 
FF - prefs.js..network.proxy.share_proxy_settings: true 
FF - prefs.js..network.proxy.socks: ":" 
FF - prefs.js..network.proxy.ssl: ":" 
FF - prefs.js..network.proxy.type: 0 
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found 
FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown: File not found 
CHR - homepage: http://search.babylon.com/?AF=111253&babsrc=HP_ss&mntrId=4c4f105800000000000000ff702859fd 
CHR - default_search_provider: facemoods (Enabled) 
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=umail3&s={searchTerms}&f=4 
O3 - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. 
O3 - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. 
O3 - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [HF_G_Jul] C:\Programme\AVG Secure Search\HF_G_Jul.exe () 
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found 
O4 - HKU\.DEFAULT..\Run: [Internet Security Service] taskmrg.exe File not found 
O4 - HKU\S-1-5-18..\Run: [Internet Security Service] taskmrg.exe File not found 
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.) 
O4 - Startup: C:\Dokumente und Einstellungen\killerrellik\Startmenü\Programme\Autostart\CurseClientStartup.ccip () 
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 
O7 - HKU\S-1-5-21-1454471165-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found 
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) 
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) 
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.12.21 21:46:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] 
O33 - MountPoints2\{2d0c1805-215f-11df-9b8e-001e90c7c146}\Shell - "" = AutoRun 
O33 - MountPoints2\{2d0c1805-215f-11df-9b8e-001e90c7c146}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{2d0c1805-215f-11df-9b8e-001e90c7c146}\Shell\AutoRun\command - "" = F:\Startme.exe 
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
[2012.08.02 15:46:41 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\killerrellik\Desktop\j4sk23cd.exe 
 
@Alternate Data Stream - 130 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E6D38BF2 

[2012.08.02 17:39:59 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.02 17:21:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job 
[2012.08.02 17:01:00 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.02 16:57:00 | 000,001,238 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1957994488-725345543-1003UA.job 
[2012.08.02 00:57:00 | 000,001,186 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1957994488-725345543-1003Core.job 
[2012.07.11 08:47:45 | 000,000,000 | ---D | C] -- C:\Programme\AVG 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.08.2012, 18:57   #5
homy
 
gvu trojaner 2.07 eingefangen - Standard

gvu trojaner 2.07 eingefangen



soo alles gefixst und hier mein nächster beitrag





All processes killed
========== OTL ==========
Service qgnhqms stopped successfully!
Service qgnhqms deleted successfully!
File C:\WINDOWS\System32\fqijxkp.dll File not found not found.
Service PCSUITEDFRGSVC stopped successfully!
Service PCSUITEDFRGSVC deleted successfully!
File C:\Programme\MARKEMENT\PCSUITE DEFRAG\pcsuitedefragsvc.exe File not found not found.
Service NMSAccessU stopped successfully!
Service NMSAccessU deleted successfully!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\{F316A250-AE78-47E8-AD5E-B22537DBDCC5}\NMSAccessU.exe File not found not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1454471165-1957994488-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{05FFB01D-0514-4901-9DE8-FDF09C99A0AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05FFB01D-0514-4901-9DE8-FDF09C99A0AB}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CCA58F7F-FBB9-4684-AA2C-6407C91FE1AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA58F7F-FBB9-4684-AA2C-6407C91FE1AC}\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "BrotherSoft Extreme Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://search.babylon.com/?affID=112555&tt=171011_prot~171011_prot&babsrc=HP_ss&mntrId=4c4f1058000000000000f07d68ac6612" removed from browser.startup.homepage
Prefs.js: "hxxp://isearch.avg.com/search?cid=%7Ba5a575f5-7516-4187-a0e5-cbea35062b1d%7D&mid=66c2908afd3e47d0bbabd157d62328b5-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=11.1.0.12&lang=de&pr=fr&d=2012-07-11%2008%3A48%3A51&sap=ku&q=" removed from keyword.URL
Prefs.js: ":" removed from network.proxy.ftp
Prefs.js: ":" removed from network.proxy.gopher
Prefs.js: ":" removed from network.proxy.http
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: ":" removed from network.proxy.socks
Prefs.js: ":" removed from network.proxy.ssl
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@rsj.de/prodown\ deleted successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
Registry value HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Programme\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HF_G_Jul deleted successfully.
C:\Programme\AVG Secure Search\HF_G_Jul.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security Service deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security Service not found.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk moved successfully.
C:\Programme\WinZip\WZQKPICK32.EXE moved successfully.
C:\Dokumente und Einstellungen\killerrellik\Startmenü\Programme\Autostart\CurseClientStartup.ccip moved successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1454471165-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d0c1805-215f-11df-9b8e-001e90c7c146}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d0c1805-215f-11df-9b8e-001e90c7c146}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d0c1805-215f-11df-9b8e-001e90c7c146}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d0c1805-215f-11df-9b8e-001e90c7c146}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d0c1805-215f-11df-9b8e-001e90c7c146}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d0c1805-215f-11df-9b8e-001e90c7c146}\ not found.
File F:\Startme.exe not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Dokumente und Einstellungen\killerrellik\Desktop\j4sk23cd.exe moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E6D38BF2 deleted successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1957994488-725345543-1003UA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1957994488-725345543-1003Core.job moved successfully.
C:\Programme\AVG\AVG2012\sounds folder moved successfully.
C:\Programme\AVG\AVG2012\PCTuneup folder moved successfully.
C:\Programme\AVG\AVG2012\Notification folder moved successfully.
C:\Programme\AVG\AVG2012\myapps folder moved successfully.
C:\Programme\AVG\AVG2012\Icons folder moved successfully.
C:\Programme\AVG\AVG2012\html\reportcard folder moved successfully.
C:\Programme\AVG\AVG2012\html folder moved successfully.
C:\Programme\AVG\AVG2012\Firefox\DoNotTrack\defaults\preferences folder moved successfully.
C:\Programme\AVG\AVG2012\Firefox\DoNotTrack\defaults folder moved successfully.
C:\Programme\AVG\AVG2012\Firefox\DoNotTrack\components folder moved successfully.
C:\Programme\AVG\AVG2012\Firefox\DoNotTrack\Chrome folder moved successfully.
C:\Programme\AVG\AVG2012\Firefox\DoNotTrack folder moved successfully.
C:\Programme\AVG\AVG2012\Firefox folder moved successfully.
Folder move failed. C:\Programme\AVG\AVG2012\Drivers scheduled to be moved on reboot.
C:\Programme\AVG\AVG2012\Content folder moved successfully.
C:\Programme\AVG\AVG2012\Chrome folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\speedtest_sp1\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\speedtest_sp1 folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\speedtest\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\speedtest folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\pct\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\pct folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\obx\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\obx folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\multimi-banner-sp1\banner folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\multimi-banner-sp1 folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\multimi-banner\banner folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\multimi-banner folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation_sp1\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation_sp1 folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation_en_sp1\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation_en_sp1 folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation_en\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation_en folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\mobilation folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\inclient_trial\banner folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\inclient_trial folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\inclient_free_cnet\upgrade folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\inclient_free_cnet folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\inclient_free\upgrade folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\inclient_free\banner folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\inclient_free folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\fas\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\fas folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\dav\component folder moved successfully.
C:\Programme\AVG\AVG2012\awacs\dav folder moved successfully.
C:\Programme\AVG\AVG2012\awacs folder moved successfully.
C:\Programme\AVG\AVG2012\3rd_party\licenses folder moved successfully.
C:\Programme\AVG\AVG2012\3rd_party folder moved successfully.
Folder move failed. C:\Programme\AVG\AVG2012 scheduled to be moved on reboot.
Folder move failed. C:\Programme\AVG scheduled to be moved on reboot.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\killerrellik\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\killerrellik\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: killerrellik
->Temp folder emptied: 19271122 bytes
->Temporary Internet Files folder emptied: 420353810 bytes
->Java cache emptied: 19101116 bytes
->FireFox cache emptied: 430646368 bytes
->Google Chrome cache emptied: 6878151 bytes
->Flash cache emptied: 506 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 248690 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1772489 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1100080 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1007810 bytes
RecycleBin emptied: 3466528770 bytes

Total Files Cleaned = 4.165,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: killerrellik
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 08022012_183442

Files\Folders moved on Reboot...
C:\Programme\AVG\AVG2012\Drivers folder moved successfully.
Folder move failed. C:\Programme\AVG\AVG2012 scheduled to be moved on reboot.
Folder move failed. C:\Programme\AVG\AVG2012 scheduled to be moved on reboot.
Folder move failed. C:\Programme\AVG scheduled to be moved on reboot.
File\Folder C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEAE5.tmp not found!
File\Folder C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEAF2.tmp not found!
File\Folder C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEB63.tmp not found!
File\Folder C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEB70.tmp not found!
C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SGXC6UZD\121052-gvu-trojaner-2-07-eingefangen[1].html moved successfully.
C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SGXC6UZD\si[1].txt moved successfully.
C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\Content.IE5\A6MUN3W9\ads[2].htm moved successfully.
C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...
File C:\Programme\AVG\AVG2012\Drivers not found!
File C:\Programme\AVG\AVG2012 not found!
File C:\Programme\AVG not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEAE5.tmp not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEAF2.tmp not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEB63.tmp not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temp\~DFEB70.tmp not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SGXC6UZD\121052-gvu-trojaner-2-07-eingefangen[1].html not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SGXC6UZD\si[1].txt not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\Content.IE5\A6MUN3W9\ads[2].htm not found!
File C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat not found!

Registry entries deleted on Reboot...

neues problem!!!

mein antivirenprogramm geht nicht mehr bzw die exe. fehlt


Alt 03.08.2012, 15:00   #6
t'john
/// Helfer-Team
 
gvu trojaner 2.07 eingefangen - Standard

gvu trojaner 2.07 eingefangen



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> gvu trojaner 2.07 eingefangen

Alt 03.08.2012, 16:48   #7
homy
 
gvu trojaner 2.07 eingefangen - Standard

gvu trojaner 2.07 eingefangen



hiho t'john

rechner läudt stabil

hier das ergebnis von Malwarebytes und adwcleaner




Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.02.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
killerrellik :: INELUKI [Administrator]

03.08.2012 15:52:27
mbam-log-2012-08-03 (15-52-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 293381
Laufzeit: 34 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/03/2012 at 16:28:20
# Updated 01/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : killerrellik - INELUKI
# Running from : C:\Dokumente und Einstellungen\killerrellik\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : vToolbarUpdater11.2.0

***** [Files / Folders] *****

Folder Found : C:\DOKUME~1\KILLER~1\LOKALE~1\Temp\avg@toolbar
Folder Found : C:\Dokumente und Einstellungen\killerrellik\Anwendungsdaten\AVG Secure Search
Folder Found : C:\Dokumente und Einstellungen\killerrellik\Anwendungsdaten\Babylon
Folder Found : C:\Dokumente und Einstellungen\killerrellik\Anwendungsdaten\PriceGong
Folder Found : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
Folder Found : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Folder Found : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
Folder Found : C:\Programme\AVG Secure Search
Folder Found : C:\Programme\Babylon
Folder Found : C:\Programme\Conduit
Folder Found : C:\Programme\Gemeinsame Dateien\AVG Secure Search
File Found : C:\Programme\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2776682[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3208938
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\Smartbar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\SweetIM
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={B5CA7B12-C1D3-420F-9898-02A3CED70E94}&mid=66c2908afd3e47d0bbabd157d62328b5-9a17500a96d428a5cdb8b2643968b9a928fc107f&lang=de&ds=AVG&pr=fr&d=2012-08-03 15:44:50&v=11.0.0.10&sap=nt

*************************

AdwCleaner[R1].txt - [8986 octets] - [03/08/2012 16:27:46]
AdwCleaner[R2].txt - [8917 octets] - [03/08/2012 16:28:20]

########## EOF - C:\AdwCleaner[R2].txt - [9045 octets] ##########
         

Alt 03.08.2012, 17:13   #8
t'john
/// Helfer-Team
 
gvu trojaner 2.07 eingefangen - Standard

gvu trojaner 2.07 eingefangen



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 04.08.2012, 01:14   #9
homy
 
gvu trojaner 2.07 eingefangen - Standard

gvu trojaner 2.07 eingefangen



und weiter geht´s im kampf gegen den trojaner
emsisoft hat leider 6 funde ergeben(sind vorerst in quarantäne)
aber siehe selbst, hier sind die zwei log´s



Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/03/2012 at 18:56:39
# Updated 01/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : killerrellik - INELUKI
# Running from : C:\Dokumente und Einstellungen\killerrellik\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

Folder Deleted : C:\DOKUME~1\KILLER~1\LOKALE~1\Temp\avg@toolbar
Folder Deleted : C:\Dokumente und Einstellungen\killerrellik\Anwendungsdaten\AVG Secure Search
Folder Deleted : C:\Dokumente und Einstellungen\killerrellik\Anwendungsdaten\Babylon
Folder Deleted : C:\Dokumente und Einstellungen\killerrellik\Anwendungsdaten\PriceGong
Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
Folder Deleted : C:\Programme\AVG Secure Search
Folder Deleted : C:\Programme\Babylon
Folder Deleted : C:\Programme\Conduit
Folder Deleted : C:\Programme\Gemeinsame Dateien\AVG Secure Search
File Deleted : C:\Programme\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2776682[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3208938
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Smartbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\SweetIM
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={B5CA7B12-C1D3-420F-9898-02A3CED70E94}&mid=66c2908afd3e47d0bbabd157d62328b5-9a17500a96d428a5cdb8b2643968b9a928fc107f&lang=de&ds=AVG&pr=fr&d=2012-08-03 15:44:50&v=11.1.0.12&sap=nt --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [8986 octets] - [03/08/2012 16:27:46]
AdwCleaner[R2].txt - [9046 octets] - [03/08/2012 16:28:20]
AdwCleaner[S1].txt - [9230 octets] - [03/08/2012 18:56:39]

########## EOF - C:\AdwCleaner[S1].txt - [9358 octets] ##########
         


Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 03.08.2012 19:13:00

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	03.08.2012 19:13:31

C:\WINDOWS\system32\ii 	gefunden: Trojan-Downloader.Bat!E2
C:\WINDOWS\system32\o 	gefunden: Trojan-Downloader.Bat!E2
C:\System Volume Information\_restore{A72CE795-C06D-4D47-B006-CCB43894A24D}\RP570\A0117768.exe 	gefunden: Trojan-PWS.Win32.Ruftar!E2
C:\System Volume Information\_restore{A72CE795-C06D-4D47-B006-CCB43894A24D}\RP562\A0115827.exe -> bie_kms.exe 	gefunden: possible-Threat.Crack.MSO!E2
C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\old_Cache_000\f_00381e 	gefunden: Trojan.IFrame!E2
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\TEMP\AVSCAN-20091222-185929-A045E33E\ARK25.tmp 	gefunden: Worm.Win32.Conficker!E2

Gescannt	570043
Gefunden	6

Scan Ende:	03.08.2012 21:04:02
Scan Zeit:	1:50:31

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\TEMP\AVSCAN-20091222-185929-A045E33E\ARK25.tmp	Quarantäne Worm.Win32.Conficker!E2
C:\Dokumente und Einstellungen\killerrellik\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\old_Cache_000\f_00381e	Quarantäne Trojan.IFrame!E2
C:\System Volume Information\_restore{A72CE795-C06D-4D47-B006-CCB43894A24D}\RP562\A0115827.exe -> bie_kms.exe	Quarantäne possible-Threat.Crack.MSO!E2
C:\System Volume Information\_restore{A72CE795-C06D-4D47-B006-CCB43894A24D}\RP570\A0117768.exe	Quarantäne Trojan-PWS.Win32.Ruftar!E2
C:\WINDOWS\system32\ii	Quarantäne Trojan-Downloader.Bat!E2
C:\WINDOWS\system32\o	Quarantäne Trojan-Downloader.Bat!E2

Quarantäne	6
         

mfg homy

Alt 04.08.2012, 16:10   #10
t'john
/// Helfer-Team
 
gvu trojaner 2.07 eingefangen - Standard

gvu trojaner 2.07 eingefangen



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.08.2012, 15:38   #11
homy
 
gvu trojaner 2.07 eingefangen - Standard

gvu trojaner 2.07 eingefangen



und hier der log von EsetOnlineScanner

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d57df4267a484f4398ddd780e124cf9b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-05 01:16:35
# local_time=2012-08-05 03:16:35 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 2179693 2179693 0 0
# compatibility_mode=5889 16768382 100 100 82741496 184932904 0 82815358
# compatibility_mode=8192 67108863 100 0 889 889 0 0
# scanned=91065
# found=1
# cleaned=1
# scan_time=3649
C:\Dokumente und Einstellungen\killerrellik\Desktop\Neuer Ordner (3)\speedupmypc3plc.exe	Win32/SpeedUpMyPC application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         

Alt 05.08.2012, 21:40   #12
t'john
/// Helfer-Team
 
gvu trojaner 2.07 eingefangen - Standard

gvu trojaner 2.07 eingefangen



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 06.08.2012, 03:08   #13
homy
 
gvu trojaner 2.07 eingefangen - Standard

gvu trojaner 2.07 eingefangen



ok java ist aktualisiert und die Temporäre Internetdateien sind gelöscht

wie geht es jetzt weiter

mfg homy

Alt 06.08.2012, 03:19   #14
t'john
/// Helfer-Team
 
gvu trojaner 2.07 eingefangen - Standard

gvu trojaner 2.07 eingefangen



1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
__________________
Mfg, t'john
Das TB unterstützen

Alt 08.08.2012, 14:16   #15
homy
 
gvu trojaner 2.07 eingefangen - Standard

gvu trojaner 2.07 eingefangen



hiho

hier der log von malwarebytes

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.08.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
killerrellik :: INELUKI [Administrator]

08.08.2012 13:07:34
mbam-log-2012-08-08 (13-07-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 297904
Laufzeit: 1 Stunde(n), 5 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


mfg homy

Antwort

Themen zu gvu trojaner 2.07 eingefangen
eingefangen, gefangen, gen, gestern, gvu trojaner, gvu trojaner 2.07, kaspersky, kaspersky rescue, kaspersky rescue disk, locker, rescue, rescue disk, runtergeladen, schonmal, troja, trojaner, windowsunlocker, zugreife



Ähnliche Themen: gvu trojaner 2.07 eingefangen


  1. Trojaner eingefangen?
    Log-Analyse und Auswertung - 17.10.2015 (13)
  2. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (10)
  3. GVU Trojaner eingefangen...
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (43)
  4. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  5. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (6)
  6. GVU Trojaner eingefangen!
    Log-Analyse und Auswertung - 17.10.2012 (2)
  7. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (17)
  8. Gvu Trojaner 2.07 Eingefangen
    Log-Analyse und Auswertung - 21.08.2012 (6)
  9. GVU Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (11)
  10. GVU-Trojaner 2.07 eingefangen
    Log-Analyse und Auswertung - 25.07.2012 (11)
  11. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (19)
  12. 50€ Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (21)
  13. Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (1)
  14. Trojaner eingefangen....
    Log-Analyse und Auswertung - 27.04.2011 (1)
  15. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (2)
  16. Trojaner eingefangen?
    Log-Analyse und Auswertung - 03.03.2009 (0)
  17. Trojaner VX2 eingefangen
    Log-Analyse und Auswertung - 03.05.2005 (8)

Zum Thema gvu trojaner 2.07 eingefangen - hallo -habe mir gestern den gvu trojaner 2.07 eingefangen -habe mir die kaspersky rescue disk 10 runtergeladen -habe dort die windowsunlocker option genutzt -kann jetzt wieder auf mein pc zugreifen - gvu trojaner 2.07 eingefangen...
Archiv
Du betrachtest: gvu trojaner 2.07 eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.