Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.09.2012, 11:35   #1
NinjaB
 
GVU-trojaner - Standard

GVU-trojaner



hallo wie den überschrieft ist der gvu trojaner
bedanke mich schon mals


otl txt: und extra: und Malwarebytes txt:

Code:
ATTFilter
OTL logfile created on: 05.09.2012 16:48:04 - Run 1
OTL by OldTimer - Version 3.2.61.0     Folder = C:\Users\lini\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 65,94% Memory free
4,00 Gb Paging File | 3,37 Gb Available in Paging File | 84,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 52,35 Gb Free Space | 70,34% Space Free | Partition Type: NTFS
 
Computer Name: LINI-PC | User Name: lini | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\lini\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Bandoo Coordinator) -- C:\Programme\Bandoo\Bandoo.exe (Bandoo Media Inc.)
SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (DozeHDD) -- C:\Windows\System32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (Authentec Inc.)
DRV - (Shockprf) -- C:\Windows\System32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\drivers\ApsHM86.sys (Lenovo.)
DRV - (X6XSEx) -- C:\Programme\Free Ride Games\X6XSEx.sys (Exent Technologies Ltd.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 83 DE BB D9 B1 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9205C1C7-1C65-4C3A-BF0C-03A26FA982B7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9205C1C7-1C65-4C3A-BF0C-03A26FA982B7}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=wbst&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer@divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: fblayouts@hotlayouts2u.com:3.2.0
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\lini\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.29 20:41:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\lini\AppData\Roaming\Mozilla\Firefox\Profiles\qtbrly7d.default\extensions\ffox@bandoo.com [2012.01.26 22:27:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.29 20:41:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.06.27 21:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\Extensions
[2012.07.25 09:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\Firefox\Profiles\qtbrly7d.default\extensions
[2011.12.31 20:23:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\lini\AppData\Roaming\mozilla\Firefox\Profiles\qtbrly7d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.26 22:27:53 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\lini\AppData\Roaming\mozilla\Firefox\Profiles\qtbrly7d.default\extensions\ffox@bandoo.com
[2012.03.05 23:00:08 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\lini\AppData\Roaming\mozilla\Firefox\Profiles\qtbrly7d.default\extensions\ffxtlbr@funmoods.com
[2012.02.20 18:40:35 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\extensions\DivXWebPlayer@divx.com.xpi
[2011.12.17 13:23:14 | 000,010,560 | ---- | M] () (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\extensions\fblayouts@hotlayouts2u.com.xpi
[2011.12.21 17:11:00 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\extensions\personas@christopher.beard.xpi
[2012.07.25 09:26:09 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.13 20:19:17 | 000,002,045 | ---- | M] () -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\searchplugins\benefind.xml
[2012.03.05 22:59:28 | 000,001,798 | ---- | M] () -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\searchplugins\funmoods.xml
[2012.01.26 22:29:10 | 000,002,519 | ---- | M] () -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\searchplugins\Search_Results.xml
[2012.06.27 21:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.29 20:41:35 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.19 13:08:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 20:41:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.19 13:08:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 13:08:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.26 22:29:10 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.19 13:08:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 13:08:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://start.funmoods.com/?f=1&a=wbst
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://start.funmoods.com/?f=1&a=wbst
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\lini\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Bandoo (Enabled) = C:\Users\lini\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\lini\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Bandoo = C:\Users\lini\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\
CHR - Extension: Funmoods = C:\Users\lini\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\
CHR - Extension: Funmoods = C:\Users\lini\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\funmoods\
CHR - Extension: Fieldrunners = C:\Users\lini\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak\1.0.0.5_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Programme\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (Social Extras Plugin) - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - C:\Programme\SocialExtras\socialx.dll (FBSkins.com)
O3 - HKLM\..\Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (Authentec Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [Facebook Update] C:\Users\lini\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [fectgmtutyhgsam] C:\ProgramData\fectgmtu.exe (Novatech)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\lini\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BDDA0CA-AA8A-43F3-9C29-1BE71F3D290C}: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Programme\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1dffbd87-2ef2-11e1-a3ea-0016d32dba2e}\Shell - "" = AutoRun
O33 - MountPoints2\{1dffbd87-2ef2-11e1-a3ea-0016d32dba2e}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{43e7a0ba-ae44-11e1-85ef-0016d32dba2e}\Shell - "" = AutoRun
O33 - MountPoints2\{43e7a0ba-ae44-11e1-85ef-0016d32dba2e}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.05 16:44:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.05 16:44:59 | 000,000,000 | ---D | C] -- C:\Users\lini\AppData\Roaming\Malwarebytes
[2012.09.05 16:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.05 16:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.05 16:44:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.05 16:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.05 16:41:01 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\lini\Desktop\OTL.exe
[2012.09.05 16:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\arcbujbatfmzlyz
[2012.09.05 16:29:26 | 000,146,432 | ---- | C] (Novatech) -- C:\ProgramData\fectgmtu.exe
[2012.09.03 08:06:32 | 000,000,000 | ---D | C] -- C:\Users\lini\AppData\Roaming\PhotoScape
[2012.09.03 08:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2012.09.03 08:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2012.09.01 14:34:01 | 000,000,000 | ---D | C] -- C:\Users\lini\Desktop\Gotye-Making_Mirrors-2011-OZM - Kopie
[2012.08.19 14:28:09 | 000,000,000 | ---D | C] -- C:\Users\lini\Desktop\Neuer Ordner
[2012.08.17 12:56:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.16 13:29:01 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.08.16 13:29:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.16 13:29:00 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.16 13:29:00 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.16 13:28:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.16 13:28:58 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.16 13:28:56 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.05 16:45:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.05 16:44:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.05 16:42:31 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.05 16:42:31 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.05 16:42:31 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.05 16:42:31 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.05 16:41:03 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\lini\Desktop\OTL.exe
[2012.09.05 16:37:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.05 16:37:57 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.05 16:29:27 | 000,076,346 | ---- | M] () -- C:\ProgramData\fjashyznlwteutv
[2012.09.05 16:28:54 | 000,146,432 | ---- | M] (Novatech) -- C:\ProgramData\fectgmtu.exe
[2012.09.05 16:09:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.05 15:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.05 13:52:16 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2337877463-2995840925-1545946237-1001UA.job
[2012.09.05 10:52:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2337877463-2995840925-1545946237-1001Core.job
[2012.09.05 10:38:44 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 10:38:44 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 10:33:40 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.03 08:15:07 | 000,003,072 | -H-- | M] () -- C:\Users\lini\Desktop\photothumb.db
[2012.09.03 08:06:26 | 000,000,993 | ---- | M] () -- C:\Users\lini\Desktop\PhotoScape.lnk
[2012.08.30 10:14:01 | 000,292,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.15 20:42:05 | 000,003,754 | ---- | M] () -- C:\Users\lini\Desktop\Unbenannt 1.odt
[2012.08.15 13:53:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.15 13:53:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.09.05 16:44:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.05 16:28:54 | 000,076,346 | ---- | C] () -- C:\ProgramData\fjashyznlwteutv
[2012.09.03 08:15:07 | 000,003,072 | -H-- | C] () -- C:\Users\lini\Desktop\photothumb.db
[2012.09.03 08:06:26 | 000,000,993 | ---- | C] () -- C:\Users\lini\Desktop\PhotoScape.lnk
[2012.08.30 10:13:31 | 000,292,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.12 13:56:32 | 000,000,036 | ---- | C] () -- C:\Users\lini\AppData\Local\housecall.guid.cache
[2012.01.01 21:30:29 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011.12.04 15:56:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.12.04 15:55:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.12.03 19:21:08 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin

< End of report >
         

extra:

Code:
ATTFilter
OTL Extras logfile created on: 05.09.2012 16:48:04 - Run 1
OTL by OldTimer - Version 3.2.61.0     Folder = C:\Users\lini\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 65,94% Memory free
4,00 Gb Paging File | 3,37 Gb Available in Paging File | 84,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 52,35 Gb Free Space | 70,34% Space Free | Partition Type: NTFS
 
Computer Name: LINI-PC | User Name: lini | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{091BFF09-DAC7-4445-B781-81A8F6871EF5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0D849BD3-EC90-4E2D-989B-93A911CD4F72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{18549716-986A-455A-BC0B-0CDAE13937BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{22142436-8F50-4DFB-A257-A13CC68A5E06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3108F826-7FE5-4D10-98A2-CE63BCCE85CB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{461BAC66-A9DC-4093-92B9-B30FCC3E7B9A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5D274EF5-35D9-4D55-84FA-BAA1FE2A9194}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6BF209B6-9A76-44D6-ACC8-FF327A5ED6E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6D066805-C356-4AC0-BFBE-B3C4FCB155C4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6FBB588C-A652-4455-B146-A857F7B49095}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{74809A4F-A74D-4343-8995-85B45AAB316F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{74A26A7D-60CC-4B16-B155-383BD304FD35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{87D36963-90FD-4980-B817-D207DA9FE581}" = rport=445 | protocol=6 | dir=out | app=system | 
"{95C888E2-5442-450D-9856-29A313FADD1F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{97D6B3D9-21D4-4126-AF26-797610E6D8D1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A85244FF-3AA3-47A2-BF32-F2005EA6505E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B515091D-81D6-4638-9D31-19B7C6296949}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D11FA9C6-3463-4F65-9FFC-C9E45362EC3C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D706F7F1-6A10-47B8-8E6A-4B30B9328F28}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DE25FBA9-FDAF-46F5-ABBB-B6BF1A37263B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E6F18CEF-945E-4A00-A935-6E8D3FEB9D46}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F2786091-A885-48A3-AD7E-26563E72D54A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F799B905-E265-46BD-96A8-E1160821753B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056A0934-80D3-4FDF-9361-E1072F163AF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{130586D6-338C-4A3F-8A6C-34D7644450E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{19C9F701-4021-4509-A549-164B836A96F7}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe | 
"{21442CD9-E368-4B8B-BD6C-012782375F75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{28D0381C-47D0-4BFA-B055-82BF67F66E51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2A5547D8-255D-4CC5-AB57-B6F63B06F1D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{475419C7-A457-4528-80C8-AFC0A44FD039}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{559D97AF-21AA-4D1C-92E5-2DFA38C3D22D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{578CBCD8-DC07-40B5-85BA-D560F0D4128E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FFA4A73-9B81-4788-B7FF-22D774632C6B}" = dir=in | app=c:\users\lini\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{77D830F4-F307-4620-B171-903F3E901BD4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{86D1C9D3-AF1A-4566-B3E6-1057DC3BB38C}" = protocol=6 | dir=out | app=system | 
"{8EBA6881-B45E-469E-89D4-5B089945C608}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AEEC2EA8-DD21-4F88-8706-E12D203CB30B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B052E846-D20E-480E-818A-994279E8B436}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BBE7C8AD-4E47-4FCE-AF8F-647FF3D07BFA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E1050445-CF6E-4CB7-9492-0138A3FEBB7C}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe | 
"{F460844D-D9B3-47D7-AD96-EE1018B978E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F66F46D0-1FA8-4C1D-B50F-738BC4657C6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{C2938C94-239C-4156-B245-C5406A4F3E93}" = ThinkVantage Fingerprint Software
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Bandoo" = Bandoo
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"iLivid" = iLivid
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnScreenDisplay" = Anzeige am Bildschirm
"PhotoScape" = PhotoScape
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.08.2012 06:24:09 | Computer Name = lini-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 23.08.2012 06:24:09 | Computer Name = lini-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 23.08.2012 06:24:10 | Computer Name = lini-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 23.08.2012 06:24:10 | Computer Name = lini-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 23.08.2012 06:24:10 | Computer Name = lini-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 23.08.2012 06:24:10 | Computer Name = lini-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 24.08.2012 08:31:31 | Computer Name = lini-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
 Version: 11.3.300.271, Zeitstempel: 0x5026ffac  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x106f48a0  ID des fehlerhaften Prozesses: 0x15e4  Startzeit der fehlerhaften Anwendung:
 0x01cd81f1d39f0f8f  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: a18a9f6f-ede7-11e1-ba53-0016d32dba2e
 
Error - 24.08.2012 14:38:07 | Computer Name = lini-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
 Version: 11.3.300.271, Zeitstempel: 0x5026ffac  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x06c4b960  ID des fehlerhaften Prozesses: 0x9b8  Startzeit der fehlerhaften Anwendung:
 0x01cd8226ac3fcc30  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: d83de71c-ee1a-11e1-ba53-0016d32dba2e
 
Error - 24.08.2012 14:43:31 | Computer Name = lini-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
 Version: 11.3.300.271, Zeitstempel: 0x5026ffac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll,
 Version: 11.3.300.271, Zeitstempel: 0x502701bf  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x003159e3  ID des fehlerhaften Prozesses: 0x16e0  Startzeit der fehlerhaften Anwendung:
 0x01cd82279e885f2f  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
Berichtskennung:
 995dd576-ee1b-11e1-ba53-0016d32dba2e
 
Error - 03.09.2012 15:18:32 | Computer Name = lini-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.0.4619 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 534    Startzeit: 
01cd8998ce9af780    Endzeit: 304    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 2174a0c4-f5fc-11e1-bf48-0016d32dba2e  
 
[ System Events ]
Error - 06.05.2012 09:44:04 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.05.2012 09:44:04 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.05.2012 09:44:04 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.05.2012 09:44:04 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.05.2012 11:20:13 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 12.05.2012 06:50:41 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 25.05.2012 10:59:24 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 25.05.2012 10:59:26 | Computer Name = lini-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.05.2012 18:25:09 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
 nicht richtig heruntergefahren werden.
 
Error - 02.06.2012 22:30:42 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
   %%1115
 
 
< End of report >
         

male.:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.09.01

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
lini :: LINI-PC [Administrator]

09.09.2012 11:54:21
mbam-log-2012-09-09 (11-54-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 253007
Laufzeit: 26 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\lini\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\lini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 10.09.2012, 11:42   #2
markusg
/// Malware-holic
 
GVU-trojaner - Standard

GVU-trojaner



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [fectgmtutyhgsam] C:\ProgramData\fectgmtu.exe (Novatech)
[2012.09.05 16:29:27 | 000,076,346 | ---- | M] () -- C:\ProgramData\fjashyznlwteutv
[2012.09.05 16:28:54 | 000,146,432 | ---- | M] (Novatech) -- C:\ProgramData\fectgmtu.exe
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________

__________________

Antwort

Themen zu GVU-trojaner
adobe, autorun, bandoo, bho, converter, defender, error, explorer, festplatte, firefox, flash player, format, google, google earth, helper, install.exe, langs, limited.com/facebook, logfile, mozilla, mp3, object, registry, rundll, scan, security, software, svchost.exe, trojaner, wgsdgsdgdsgsd.exe, windows



Zum Thema GVU-trojaner - hallo wie den überschrieft ist der gvu trojaner bedanke mich schon mals otl txt: und extra: und Malwarebytes txt: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 05.09.2012 16:48:04 - GVU-trojaner...
Archiv
Du betrachtest: GVU-trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.