Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.05.2013, 07:50   #1
uncleb
 
GVU Trojaner - Standard

GVU Trojaner



Hallo,
habe mir den Bundestrojaner eingefangen und die Autostarteinträge bereits entfernt, Zugriff auf Desktop besteht.

OTLP-Scan liegt bei.

Wäre für schnelle Hilfe dankbar !
Angehängte Dateien
Dateityp: txt OTL.Txt (62,3 KB, 159x aufgerufen)

Alt 15.05.2013, 07:53   #2
uncleb
 
GVU Trojaner - Standard

GVU Trojaner



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.05.2013 08:44:03 - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = D:\PROGRAMS\OTLPE
64bit-Windows 7 Ultimate  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 79,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 196,52 Gb Free Space | 65,95% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 1397,28 Gb Total Space | 1105,63 Gb Free Space | 79,13% Space Free | Partition Type: NTFS
Drive M: | 1397,28 Gb Total Space | 1105,63 Gb Free Space | 79,13% Space Free | Partition Type: NTFS
Drive V: | 1397,28 Gb Total Space | 1105,63 Gb Free Space | 79,13% Space Free | Partition Type: NTFS
Drive W: | 1397,28 Gb Total Space | 1105,63 Gb Free Space | 79,13% Space Free | Partition Type: NTFS
 
Computer Name: PC009 | User Name: swerner
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.12.01 23:19:44 | 002,357,488 | ---- | M] (RealVNC Ltd) [Auto] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV:64bit: - [2010.03.30 11:02:08 | 000,189,304 | ---- | M] (AVM Berlin) [Auto] -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)
SRV:64bit: - [2010.03.30 11:01:06 | 000,143,224 | ---- | M] (AVM Berlin) [Auto] -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv)
SRV:64bit: - [2010.03.30 10:59:54 | 000,335,224 | ---- | M] (AVM Berlin) [Auto] -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike)
SRV:64bit: - [2009.10.09 14:25:24 | 000,713,488 | ---- | M] (CANON INC) [Auto] -- C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe -- (Canon imagePROGRAF Status Monitor)
SRV:64bit: - [2009.07.14 03:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.16 08:55:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.14 08:59:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.27 17:09:08 | 001,734,416 | ---- | M] () [Auto] -- C:\Program Files (x86)\pc essentials\updater.exe -- (pc essentials)
SRV - [2010.12.10 14:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.07.27 11:44:03 | 000,137,680 | ---- | M] () [Auto] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2007.10.31 12:55:54 | 000,040,448 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hpnuhub.sys -- (HPNUHUB)
DRV:64bit: - [2007.03.27 20:14:12 | 000,016,384 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hpnuhst.sys -- (hpnuhst)
DRV - [2007.10.31 12:55:54 | 000,040,448 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\hpnuhub.sys -- (HPNUHUB)
DRV - [2007.03.27 20:14:12 | 000,016,384 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\hpnuhst.sys -- (hpnuhst)
DRV - [1999.03.08 14:15:00 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\SysWOW64\drivers\PMEMNT.SYS -- (PMEM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1326832379-838882392-2275103834-1108\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-1326832379-838882392-2275103834-1108\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1326832379-838882392-2275103834-1108\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 12 DC BA B7 50 CE 01  [binary data]
IE - HKU\S-1-5-21-1326832379-838882392-2275103834-1108\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010.12.22 12:49:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.12.22 14:50:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.18 12:08:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\pagealicious@pagealicious.com: C:\Program Files (x86)\Pagealicious\Pagealicious.xpi [2013.02.05 16:20:30 | 000,036,695 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.16 08:55:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.16 08:55:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.08 12:33:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.18 12:08:39 | 000,000,000 | ---D | M]
 
[2013.04.16 08:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\swerner.DUERINGER\AppData\Roaming\mozilla\Extensions
[2013.04.16 08:55:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- 
[2013.04.16 08:55:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2013.03.01 18:37:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.01 18:37:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.01 18:37:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.10 09:02:50 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2013.03.01 18:37:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.01 18:37:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.01 18:37:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.22 12:45:08 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Pagealicious) - {60C07B56-542E-4054-A503-4E9E08DF2F84} - C:\Program Files (x86)\Pagealicious\Pagealicious.dll (TODO: <Company name>)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\lotus\org6\organize\iehelper.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKU\S-1-5-21-1326832379-838882392-2275103834-1108\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1326832379-838882392-2275103834-1108..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1326832379-838882392-2275103834-1108..\Run: [ctfmon.exe]  File not found
O4 - HKU\S-1-5-21-755987038-800257658-2420284740-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-21-755987038-800257658-2420284740-1001..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\eschneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - C:\lotus\org6\organize\bandobjs.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} hxxp://196.100.60.124/libs/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dueringer.local
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\System32\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\iw9lof.bat) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.09.11 12:18:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{5bcb1f6c-11a7-11e0-a04c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5bcb1f6c-11a7-11e0-a04c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe -- [2005.07.16 23:36:50 | 000,240,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.15 08:27:45 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Malwarebytes
[2013.05.14 17:43:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.14 12:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013.04.30 12:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.04.30 12:31:49 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Apple Computer
[2013.04.17 06:37:00 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Apple
[2013.04.16 08:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.16 08:16:45 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Macromedia
[2013.04.16 08:16:30 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Mozilla
[2013.04.16 08:16:30 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Mozilla
[2013.04.15 12:26:38 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BECHMANN AVA
[2013.04.15 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Downloaded Installations
[2013.04.15 12:24:44 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Programs
[2013.04.15 10:32:39 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Roaming\InstallShield
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.15 08:38:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.15 08:37:56 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.15 08:34:40 | 000,628,743 | ---- | M] () -- C:\Users\swerner.DUERINGER\Desktop\adwcleaner_2.3.0.0.exe
[2013.05.15 07:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.14 17:43:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.14 17:34:55 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.14 17:34:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.14 17:29:49 | 000,001,547 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.05.13 17:27:26 | 000,011,539 | ---- | M] () -- C:\Windows\avascript.ini
[2013.05.13 09:31:29 | 000,000,287 | ---- | M] () -- C:\Users\swerner.DUERINGER\AppData\Local\VersionChecker_14.xml
[2013.04.25 10:14:44 | 000,002,108 | ---- | M] () -- C:\Users\swerner.DUERINGER\Desktop\Exchange Server_196.100.60.101.RDP
[2013.04.25 10:12:37 | 000,002,048 | ---- | M] () -- C:\Users\swerner.DUERINGER\Desktop\Daten Server_196.100.60.100.RDP
[2013.04.25 10:11:34 | 000,002,048 | -H-- | M] () -- C:\Users\swerner.DUERINGER\Documents\Default.rdp
[2013.04.22 11:07:57 | 000,003,323 | ---- | M] () -- C:\ProgramData\bechmann.ini
 
========== Files Created - No Company Name ==========
 
[2013.05.15 08:34:34 | 000,628,743 | ---- | C] () -- C:\Users\swerner.DUERINGER\Desktop\adwcleaner_2.3.0.0.exe
[2013.05.14 17:34:55 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.25 10:14:39 | 000,002,108 | ---- | C] () -- C:\Users\swerner.DUERINGER\Desktop\Exchange Server_196.100.60.101.RDP
[2013.04.25 10:11:52 | 000,002,048 | ---- | C] () -- C:\Users\swerner.DUERINGER\Desktop\Daten Server_196.100.60.100.RDP
[2013.04.25 10:02:19 | 000,002,048 | -H-- | C] () -- C:\Users\swerner.DUERINGER\Documents\Default.rdp
[2013.04.15 12:24:44 | 000,003,323 | ---- | C] () -- C:\ProgramData\bechmann.ini
[2013.04.11 11:10:29 | 000,000,287 | ---- | C] () -- C:\Users\swerner.DUERINGER\AppData\Local\VersionChecker_14.xml
[2012.01.12 10:16:16 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.19 17:31:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.09.27 11:22:59 | 001,598,970 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.05 12:20:53 | 000,260,248 | ---- | C] () -- C:\Windows\SysWow64\QMO.dll
[2011.09.05 12:20:53 | 000,092,312 | ---- | C] () -- C:\Windows\SysWow64\QMOCameraDll.dll
[2011.03.11 16:19:29 | 006,814,952 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011.01.03 13:36:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll
[2011.01.03 10:55:48 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll
[2011.01.03 10:55:48 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2010.12.27 13:00:52 | 000,003,090 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.12.22 13:21:24 | 000,011,539 | ---- | C] () -- C:\Windows\avascript.ini
[2010.12.22 12:13:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.22 12:13:26 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.12.22 12:13:26 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.12.22 12:13:25 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.12.22 12:13:25 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.12.22 12:13:25 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.09.27 12:52:52 | 000,000,164 | ---- | C] () -- C:\Windows\DBDUIHost.exe.config
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2003.08.22 12:01:08 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\mcdbcall.dll
[2003.07.24 16:13:14 | 000,303,616 | ---- | C] () -- C:\Windows\SysWow64\BP_CallDBDUI.dll
[2002.05.31 10:04:00 | 000,495,616 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll
[2001.06.27 03:24:00 | 000,000,260 | ---- | C] () -- C:\Windows\SysWow64\IC32.INI
[1999.12.06 22:31:22 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\Implode.dll
[1998.12.03 15:00:00 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\u2lbar.dll
[1998.01.13 15:52:30 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\LOTRN13.DLL
[1997.05.16 08:46:22 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\HEKRNL32.DLL
[1996.08.01 06:00:30 | 000,187,392 | ---- | C] () -- C:\Windows\SysWow64\HEICON32.DLL
[1996.08.01 06:00:30 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\HETOOL32.DLL
[1996.08.01 06:00:04 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\HEDLG32.DLL
[1996.08.01 06:00:04 | 000,067,072 | ---- | C] () -- C:\Windows\SysWow64\HERTF32.DLL
[1996.08.01 04:50:10 | 000,382,464 | ---- | C] () -- C:\Windows\SysWow64\HTKRNL32.DLL
[1996.02.21 05:00:10 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\HEMENU32.DLL
[1995.07.01 05:01:00 | 000,225,792 | ---- | C] () -- C:\Windows\SysWow64\IMGMAN30.DLL
 
========== LOP Check ==========
 
[2013.04.11 15:31:49 | 000,000,000 | ---D | M] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Abvent
[2013.04.26 10:31:03 | 000,000,000 | ---D | M] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Abvent_Artlantis3
[2013.04.11 11:10:27 | 000,000,000 | ---D | M] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Nemetschek
[2013.04.30 12:32:39 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2011.01.05 17:57:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Abvent
[2010.12.22 11:24:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012.09.11 12:34:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2011.12.12 09:26:57 | 000,000,000 | ---D | M] -- C:\ProgramData\AVM
[2013.04.15 12:26:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Bechmann
[2011.06.22 09:35:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Canon
[2011.01.10 18:10:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2013.04.18 11:00:16 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM
[2012.10.15 09:10:36 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJWSpt
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010.12.22 11:24:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011.01.03 14:40:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Downloaded Installations
[2011.02.16 15:42:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Driver Mender
[2012.12.20 13:17:30 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2010.12.22 11:24:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.06.21 17:34:23 | 000,000,000 | ---D | M] -- C:\ProgramData\IEConfiguration1und1
[2011.03.10 11:46:00 | 000,000,000 | ---D | M] -- C:\ProgramData\LogSys
[2011.01.18 12:19:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2011.01.18 12:03:58 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2011.01.20 18:00:48 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2010.12.22 13:54:23 | 000,000,000 | ---D | M] -- C:\ProgramData\PixelPlanet
[2011.01.03 10:41:54 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2013.05.14 12:22:21 | 000,000,000 | ---D | M] -- C:\ProgramData\StarApp
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010.12.22 11:24:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011.05.30 15:49:29 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011.03.09 09:36:05 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom
[2012.08.27 13:15:46 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2010.12.22 11:24:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010.12.22 13:54:03 | 000,000,000 | ---D | M] -- C:\ProgramData\VVW
[2010.12.22 14:20:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012.11.21 09:20:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DBC416F8
< End of report >
         
--- --- ---
__________________


Alt 15.05.2013, 14:04   #3
t'john
/// Helfer-Team
 
GVU Trojaner - Standard

GVU Trojaner





Zitat:
habe mir den Bundestrojaner eingefangen und die Autostarteinträge bereits entfernt, Zugriff auf Desktop besteht.
dann:

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
__________________

Alt 13.07.2013, 15:36   #4
t'john
/// Helfer-Team
 
GVU Trojaner - Standard

GVU Trojaner



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU Trojaner
bereits, bundes, bundestrojaner, bundestrojaner eingefangen, dankbar, desktop, eingefangen, einträge, entfern, entfernt, gefangen, gen, gvu trojaner, schnelle, schnelle hilfe, troja, trojane, trojaner, träge, zugriff



Zum Thema GVU Trojaner - Hallo, habe mir den Bundestrojaner eingefangen und die Autostarteinträge bereits entfernt, Zugriff auf Desktop besteht. OTLP-Scan liegt bei. Wäre für schnelle Hilfe dankbar ! - GVU Trojaner...
Archiv
Du betrachtest: GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.