Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Neuer GVU Trojaner lässt sich nicht entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.11.2014, 23:58   #1
Jackson3006
 
Neuer GVU Trojaner lässt sich nicht entfernen - Standard

Neuer GVU Trojaner lässt sich nicht entfernen



Hallo,

ich komme weder in den abges. Modus noch kann windowsunlocker oder Kaspersky R-.Disk das Teil entfernen.

OTL Scan Log:
Code:
ATTFilter
OTL logfile created on: 11/12/2014 12:52:33 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.43 Mb Free Space | 75.43% Space Free | Partition Type: NTFS
Drive D: | 59.80 Gb Total Space | 34.45 Gb Free Space | 57.61% Space Free | Partition Type: NTFS
Drive E: | 232.79 Gb Total Space | 194.97 Gb Free Space | 83.76% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2014/09/18 20:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/15 08:13:17 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/11/09 17:17:52 | 000,332,288 | ---- | M] () [Auto] -- E:\ProgramData\D64FB17A.dot -- (Winmgmt)
SRV - [2014/11/09 12:15:56 | 000,090,696 | ---- | M] (Mindspark) [Auto] -- E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hbarsvc.exe -- (Allin1Convert_8hService)
SRV - [2014/09/25 09:32:51 | 000,090,696 | ---- | M] (Mindspark) [Auto] -- E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe -- (MapsGalaxy_39Service)
SRV - [2014/09/24 15:35:46 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/27 02:03:44 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/09/11 09:54:32 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/01/15 08:19:22 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2014/01/15 08:19:22 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/07/02 04:04:36 | 000,582,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/07/02 04:04:36 | 000,027,120 | ---- | M] (Intel Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/26 08:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/01 16:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/08/08 10:39:46 | 000,060,928 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\System32\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/07/27 12:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\System32\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 13:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\System32\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/10 19:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2013/11/21 03:22:08 | 000,115,448 | ---- | M] (EZB Systems, Inc.) [File_System | System] -- E:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
IE - HKU\User_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tb.ask.com/index.jhtml?n=780CE4C6&p2=^AYY^xdm070^S11124^de&ptb=767D62C9-C914-4C1A-8D00-43A186B33D93&si=flvrunner
IE - HKU\User_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKU\User_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\User_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E F9 16 EB 2A 8E CF 01  [binary data]
IE - HKU\User_ON_E\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - Reg Error: Key error. File not found
IE - HKU\User_ON_E\..\URLSearchHook: {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - Reg Error: Key error. File not found
IE - HKU\User_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: E:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
 
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Toolbar BHO) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (Mindspark)
O2 - BHO: (Search Assistant BHO) - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (Mindspark)
O2 - BHO: (Search Assistant BHO) - {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} - E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hSrcAs.dll (Mindspark)
O2 - BHO: (Toolbar BHO) - {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} - E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hbar.dll (Mindspark)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MapsGalaxy) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (Mindspark)
O3 - HKLM\..\Toolbar: (Allin1Convert) - {cd1a63ba-a08c-431b-9a34-f240aadc728d} - E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hbar.dll (Mindspark)
O3:64bit: - HKU\User_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\User_ON_E\..\Toolbar\WebBrowser: (MapsGalaxy) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (Mindspark)
O3 - HKU\User_ON_E\..\Toolbar\WebBrowser: (Allin1Convert) - {CD1A63BA-A08C-431B-9A34-F240AADC728D} - E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hbar.dll (Mindspark)
O4:64bit: - HKLM..\Run: [SMSERIAL] E:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Allin1Convert AppIntegrator 32-bit] E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\APPINTEGRATOR.EXE (Mindspark)
O4 - HKLM..\Run: [Allin1Convert AppIntegrator 64-bit] E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\AppIntegrator64.exe (Mindspark)
O4 - HKLM..\Run: [Allin1Convert EPM Support] E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hmedint.exe (Mindspark)
O4 - HKLM..\Run: [Allin1Convert Search Scope Monitor]  File not found
O4 - HKLM..\Run: [MapsGalaxy AppIntegrator 32-bit] E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\APPINTEGRATOR.EXE (Mindspark)
O4 - HKLM..\Run: [MapsGalaxy AppIntegrator 64-bit] E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe (Mindspark)
O4 - HKLM..\Run: [MapsGalaxy EPM Support] E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39medint.exe (Mindspark)
O4 - HKLM..\Run: [MapsGalaxy Search Scope Monitor] E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe (Mindspark)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\User_ON_E..\Run: [HP Officejet 4620 series (NET)] E:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin]  File not found
O4 - Startup: E:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk ()
O4 - Startup: E:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - E:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - E:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/12 04:19:48 | 000,000,122 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/11 13:10:08 | 000,000,000 | ---D | C] -- E:\ea8a29270e2f52870a2dd1
[2014/11/11 13:10:02 | 000,000,000 | ---D | C] -- E:\5af824b076ec7f925f8098
[2014/11/11 13:09:48 | 000,000,000 | ---D | C] -- E:\0edf65ee09773d8c030610813986e9
[2014/11/11 13:08:54 | 000,000,000 | ---D | C] -- E:\882c6f437331e26657
[2014/11/11 10:41:07 | 000,000,000 | ---D | C] -- E:\Kaspersky Rescue Disk 10.0
[2014/11/09 17:17:51 | 000,530,432 | ---- | C] (u890789ow3445t Corporation) -- E:\ProgramData\A71BF46D.cpp
[2014/10/31 06:09:34 | 000,000,000 | ---D | C] -- E:\Users\User\AppData\Roaming\Google
[2014/10/16 16:52:55 | 001,943,696 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dfshim.dll
[2014/10/16 16:52:55 | 001,131,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\dfshim.dll
[2014/10/16 16:52:55 | 000,156,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mscorier.dll
[2014/10/16 16:52:55 | 000,156,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mscorier.dll
[2014/10/16 16:52:55 | 000,081,560 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mscories.dll
[2014/10/16 16:52:55 | 000,073,880 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mscories.dll
[2014/10/16 16:52:47 | 000,507,392 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\aepdu.dll
[2014/10/16 16:52:47 | 000,276,480 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\generaltel.dll
[2014/10/16 16:52:45 | 000,424,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\aeinv.dll
[2014/10/16 16:52:39 | 000,597,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript9diag.dll
[2014/10/16 16:52:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmled.dll
[2014/10/16 16:52:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieetwproxystub.dll
[2014/10/16 16:52:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iernonce.dll
[2014/10/16 16:52:38 | 000,710,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ie4uinit.exe
[2014/10/16 16:52:38 | 000,607,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msfeeds.dll
[2014/10/16 16:52:38 | 000,365,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\dxtmsft.dll
[2014/10/16 16:52:38 | 000,072,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/10/16 16:52:38 | 000,060,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/16 16:52:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieetwproxystub.dll
[2014/10/16 16:52:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iernonce.dll
[2014/10/16 16:52:36 | 002,017,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\inetcpl.cpl
[2014/10/16 16:52:36 | 000,061,952 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iesetup.dll
[2014/10/16 16:52:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieetwcollectorres.dll
[2014/10/16 16:52:34 | 000,731,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2014/10/16 16:52:34 | 000,446,464 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxtmsft.dll
[2014/10/16 16:52:34 | 000,440,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieui.dll
[2014/10/16 16:52:34 | 000,243,200 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\dxtrans.dll
[2014/10/16 16:52:34 | 000,111,616 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieetwcollector.exe
[2014/10/16 16:52:33 | 002,108,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2014/10/16 16:52:33 | 000,066,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesetup.dll
[2014/10/16 16:52:32 | 004,201,472 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript9.dll
[2014/10/16 16:52:32 | 001,068,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmlmedia.dll
[2014/10/16 16:52:32 | 000,678,400 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieapfltr.dll
[2014/10/16 16:52:32 | 000,112,128 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieUnatt.exe
[2014/10/16 16:52:31 | 000,289,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxtrans.dll
[2014/10/16 16:52:31 | 000,164,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msrating.dll
[2014/10/16 16:52:31 | 000,061,952 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\MshtmlDac.dll
[2014/10/16 16:52:30 | 000,595,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2014/10/16 16:52:29 | 005,829,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2014/10/16 16:52:29 | 001,249,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmlmedia.dll
[2014/10/16 16:52:29 | 000,758,272 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9diag.dll
[2014/10/16 16:52:29 | 000,139,264 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2014/10/16 16:52:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmled.dll
[2014/10/16 16:52:28 | 000,775,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dll
[2014/10/16 16:52:28 | 000,547,328 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2014/10/16 16:52:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msrating.dll
[2014/10/16 16:52:27 | 000,083,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MshtmlDac.dll
[2014/10/16 16:52:26 | 000,940,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MsSpellCheckingFacility.exe
[2014/10/16 16:52:06 | 003,241,472 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msi.dll
[2014/10/16 16:52:05 | 002,363,904 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msi.dll
[2014/10/16 16:51:55 | 000,424,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rastls.dll
[2014/10/16 16:51:55 | 000,372,736 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\rastls.dll
[2014/10/16 16:51:46 | 000,235,520 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winsta.dll
[2014/10/16 16:51:45 | 000,455,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winlogon.exe
[2014/10/16 16:51:45 | 000,157,696 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\winsta.dll
[2014/10/16 16:51:45 | 000,150,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpcorekmts.dll
[2014/10/16 16:51:13 | 006,584,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mstscax.dll
[2014/10/16 16:51:12 | 005,703,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mstscax.dll
[2014/10/16 16:51:11 | 000,077,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\packager.dll
[2014/10/16 16:51:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\packager.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/11 17:51:13 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2014/11/11 17:50:12 | 1609,375,744 | -HS- | M] () -- E:\hiberfil.sys
[2014/11/11 13:30:48 | 000,031,088 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/11 13:30:48 | 000,031,088 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/11 13:23:47 | 000,001,950 | ---- | M] () -- E:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk
[2014/11/11 13:23:35 | 000,001,106 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/09 17:35:17 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/09 17:17:52 | 000,332,288 | ---- | M] () -- E:\ProgramData\D64FB17A.dot
[2014/11/09 17:17:51 | 000,530,432 | ---- | M] (u890789ow3445t Corporation) -- E:\ProgramData\A71BF46D.cpp
[2014/11/09 17:17:51 | 000,000,810 | ---- | M] () -- E:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
[2014/11/09 17:17:02 | 000,001,110 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/08 05:45:07 | 000,697,694 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2014/11/08 05:45:07 | 000,654,244 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2014/11/08 05:45:07 | 000,147,718 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2014/11/08 05:45:07 | 000,121,310 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2014/10/17 00:34:48 | 000,408,392 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/11/09 17:17:52 | 000,332,288 | ---- | C] () -- E:\ProgramData\D64FB17A.dot
[2014/11/09 17:17:51 | 000,000,810 | ---- | C] () -- E:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
[2014/09/23 14:16:31 | 000,000,057 | ---- | C] () -- E:\ProgramData\Ament.ini
[2014/08/29 17:03:31 | 000,000,017 | ---- | C] () -- E:\Users\User\AppData\Local\resmon.resmoncfg
[2014/01/15 08:22:35 | 001,590,574 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2014/09/23 12:10:10 | 000,000,000 | ---D | M] -- E:\ProgramData\374311380
[2014/06/21 16:53:44 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2014/06/21 16:53:44 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2014/06/21 16:53:44 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2014/09/23 13:06:01 | 000,000,000 | ---D | M] -- E:\ProgramData\IePluginServices
[2014/07/28 16:41:59 | 000,000,000 | ---D | M] -- E:\ProgramData\Package Cache
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2014/06/21 16:53:44 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2014/09/23 07:50:59 | 000,000,000 | ---D | M] -- E:\ProgramData\Systweak
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2014/06/21 16:53:44 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2014/09/23 13:06:01 | 000,000,000 | ---D | M] -- E:\ProgramData\WindowsMangerProtect
[2014/10/31 05:17:57 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
Gruß
Jackson

Alt 12.11.2014, 05:46   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Neuer GVU Trojaner lässt sich nicht entfernen - Standard

Neuer GVU Trojaner lässt sich nicht entfernen



hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 12.11.2014, 14:46   #3
Jackson3006
 
Neuer GVU Trojaner lässt sich nicht entfernen - Standard

Neuer GVU Trojaner lässt sich nicht entfernen



Hallo, hier ist der Scan:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014
Ran by SYSTEM on MININT-EOFHC3G on 12-11-2014 14:23:38
Running from F:\TOOLS&SOFTWARE\Anitvirus Tools
Platform: Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1702400 2009-10-26] (Motorola Inc.)
HKU\User\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\A71BF46D.cpp (u890789ow3445t Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2014-09-24] (Adobe Systems Incorporated)
S2 Allin1Convert_8hService; C:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hbarsvc.exe [90696 2014-11-09] (Mindspark)
S4 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [51808 2013-09-11] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2013-09-11] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2014-07-28] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2014-07-28] (Google Inc.)
S3 gusvc; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2014-07-28] (Google)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [859280 2014-06-30] (Microsoft Corporation)
S2 MapsGalaxy_39Service; C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe [90696 2014-09-25] (Mindspark)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S2 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1364256 2013-10-27] (NVIDIA Corporation)
S3 ose64; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [174440 2010-01-09] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\D64FB17A.dot [332288 2014-11-09] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [9088 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 iaStorA; C:\Windows\system32\drivers\iaStorA.sys [582128 2013-07-02] (Intel Corporation)
S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27120 2013-07-02] (Intel Corporation)
S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation)
S3 netw5v64; C:\Windows\System32\DRIVERS\netw5v64.sys [5434368 2009-06-10] (Intel Corporation)
S2 rimmptsk; C:\Windows\System32\DRIVERS\rimmpx64.sys [60928 2007-08-08] (REDC)
S2 rimsptsk; C:\Windows\System32\DRIVERS\rimspx64.sys [55296 2007-07-26] (REDC)
S2 rismxdp; C:\Windows\System32\DRIVERS\rixdpx64.sys [57856 2007-07-27] (REDC)
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [187392 2009-03-01] (Realtek Corporation                                            )

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 14:23 - 2014-11-12 14:23 - 00000000 ____D () C:\FRST
2014-11-12 06:51 - 2014-11-12 06:54 - 00053454 _____ () C:\OTL.Txt
2014-11-11 19:10 - 2014-11-11 19:10 - 00000000 ____D () C:\ea8a29270e2f52870a2dd1
2014-11-11 19:10 - 2014-11-11 19:10 - 00000000 ____D () C:\5af824b076ec7f925f8098
2014-11-11 19:09 - 2014-11-11 19:10 - 00000000 ____D () C:\0edf65ee09773d8c030610813986e9
2014-11-11 19:08 - 2014-11-11 19:09 - 00000000 ____D () C:\882c6f437331e26657
2014-11-11 16:41 - 2014-11-12 01:34 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-11-09 23:17 - 2014-11-09 23:17 - 00530432 _____ (u890789ow3445t Corporation) C:\ProgramData\A71BF46D.cpp
2014-11-09 23:17 - 2014-11-09 23:17 - 00332288 ____T () C:\ProgramData\D64FB17A.dot
2014-10-31 12:09 - 2014-10-31 12:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\Google
2014-10-16 22:52 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-10-16 22:52 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-10-16 22:52 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-10-16 22:52 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-10-16 22:52 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-10-16 22:52 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-10-16 22:52 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-10-16 22:52 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-10-16 22:52 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-10-16 22:52 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-10-16 22:52 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-10-16 22:52 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-10-16 22:52 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-10-16 22:52 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-10-16 22:52 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-10-16 22:52 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-10-16 22:52 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-10-16 22:52 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-10-16 22:52 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-10-16 22:52 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-10-16 22:52 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-10-16 22:52 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-10-16 22:52 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-10-16 22:52 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-10-16 22:52 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-10-16 22:52 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-10-16 22:52 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-10-16 22:52 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-10-16 22:52 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-10-16 22:52 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-10-16 22:52 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-10-16 22:52 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-10-16 22:52 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-10-16 22:52 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-10-16 22:52 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-10-16 22:52 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2014-10-16 22:52 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2014-10-16 22:52 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\System32\mscories.dll
2014-10-16 22:51 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-10-16 22:51 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-10-16 22:51 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
2014-10-16 22:51 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-10-16 22:51 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2014-10-16 22:51 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\winsta.dll
2014-10-16 22:51 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2014-10-16 22:51 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-10-16 22:51 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-10-16 22:51 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2014-10-16 22:51 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 19:30 - 2014-06-21 17:20 - 01818421 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 19:30 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 19:30 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 19:23 - 2009-07-14 05:51 - 00032346 _____ () C:\Windows\setupact.log
2014-11-11 15:27 - 2010-11-21 04:47 - 00051242 _____ () C:\Windows\PFRO.log
2014-11-09 23:32 - 2009-07-14 04:20 - 00000000 ___RD () C:\Program Files (x86)
2014-11-09 20:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-11-09 18:17 - 2014-09-23 13:39 - 00000000 ____D () C:\Users\User\AppData\Local\Allin1Convert_8h
2014-11-08 11:45 - 2009-07-14 06:13 - 01616110 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-08 11:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\wfp
2014-11-08 11:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-02 12:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-10-31 12:09 - 2014-06-27 23:35 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2014-10-28 06:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-10-17 11:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 08:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 06:34 - 2009-07-14 05:45 - 00408392 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-10-17 06:32 - 2014-06-21 23:25 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-10-17 06:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64
2014-10-16 23:43 - 2014-06-21 23:24 - 00000000 ____D () C:\Windows\System32\MRT
2014-10-16 23:32 - 2014-06-21 23:24 - 103265616 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\User\AppData\Local\Temp\delay.exe
C:\Users\User\AppData\Local\Temp\EXITCODE.exe
C:\Users\User\AppData\Local\Temp\FoxySecurity6_FF_IE_Setup-GIGA.exe
C:\Users\User\AppData\Local\Temp\ICReinstall_Setup-Passbild-Generator_CB-DL-Manager.exe
C:\Users\User\AppData\Local\Temp\sdan.exe
C:\Users\User\AppData\Local\Temp\sdapk.exe
C:\Users\User\AppData\Local\Temp\sdaspwn.exe
C:\Users\User\AppData\Local\Temp\showmsg1.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe
[2014-01-15 13:58] - [2014-01-15 13:58] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\winlogon.exe
[2014-10-16 22:51] - [2014-07-17 03:07] - 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA

C:\Windows\System32\wininit.exe
[2009-07-14 00:52] - [2009-07-14 02:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\System32\svchost.exe
[2009-07-14 00:31] - [2009-07-14 02:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\User32.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

C:\Windows\System32\userinit.exe
[2010-11-21 04:24] - [2010-11-21 04:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53

C:\Windows\System32\rpcss.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2010-11-21 04:23] - [2010-11-21 04:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639


==================== Restore Points  =========================

Restore point made on: 2014-10-29 01:34:07
Restore point made on: 2014-10-29 15:27:37
Restore point made on: 2014-10-29 15:35:05
Restore point made on: 2014-10-30 01:33:02
Restore point made on: 2014-10-31 01:00:38
Restore point made on: 2014-10-31 14:52:50
Restore point made on: 2014-10-31 15:04:31
Restore point made on: 2014-11-01 01:46:49
Restore point made on: 2014-11-02 01:20:06
Restore point made on: 2014-11-02 01:29:12
Restore point made on: 2014-11-02 01:38:56
Restore point made on: 2014-11-03 01:53:02
Restore point made on: 2014-11-04 01:38:02
Restore point made on: 2014-11-04 13:42:05
Restore point made on: 2014-11-04 15:23:54
Restore point made on: 2014-11-05 00:55:22
Restore point made on: 2014-11-06 00:51:22
Restore point made on: 2014-11-07 00:43:58
Restore point made on: 2014-11-08 01:14:15
Restore point made on: 2014-11-08 08:57:15
Restore point made on: 2014-11-08 09:04:01
Restore point made on: 2014-11-08 09:44:56
Restore point made on: 2014-11-08 09:51:45
Restore point made on: 2014-11-08 11:35:08
Restore point made on: 2014-11-08 11:42:17
Restore point made on: 2014-11-09 00:30:11
Restore point made on: 2014-11-11 19:08:41

==================== Memory info =========================== 

Percentage of memory in use: 22%
Total physical RAM: 2046.43 MB
Available physical RAM: 1596.05 MB
Total Pagefile: 2046.43 MB
Available Pagefile: 1594.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:194.89 GB) NTFS
Drive f: (UBS) (Removable) (Total:59.8 GB) (Free:34.68 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0E5F0E5F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 57.7 GB) (Disk ID: 00092BC1)
Partition 1: (Active) - (Size=59.8 GB) - (Type=07 NTFS)


LastRegBack: 2014-11-05 11:09

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Hallo,

Thema kann geschlossen werden da gelöst, ich konnte doch auf die Systemwiederherstellung zugreifen...

Danke!

Gruß
Jackson
__________________

Alt 13.11.2014, 08:53   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Neuer GVU Trojaner lässt sich nicht entfernen - Standard

Neuer GVU Trojaner lässt sich nicht entfernen



ok.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Neuer GVU Trojaner lässt sich nicht entfernen
adobe, adobe flash player, autorun, bho, defender, entfernen, error, explorer, explorer.exe, flash player, format, helper, kaspersky, log, logfile, microsoft, monitor, netzwerk, nvidia, officejet, realtek, registry, scan, software, trojaner, winlogon



Ähnliche Themen: Neuer GVU Trojaner lässt sich nicht entfernen


  1. Firefox: neuer Tab URL lässt sich nicht ändern
    Plagegeister aller Art und deren Bekämpfung - 03.08.2014 (13)
  2. Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (9)
  3. Windows XP: Trojaner lässt sich nicht entfernen
    Log-Analyse und Auswertung - 12.05.2014 (10)
  4. GVU Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.11.2013 (3)
  5. GVU Trojaner lässt sich nicht entfernen
    Log-Analyse und Auswertung - 01.08.2013 (7)
  6. GVU Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (2)
  7. Trojaner (boo/tdss.o) lässt sich nicht entfernen!
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (1)
  8. Trojaner lässt sich nicht entfernen! =(
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (15)
  9. BKA Trojaner lässt sich nicht entfernen
    Log-Analyse und Auswertung - 22.03.2012 (27)
  10. trojaner lässt sich nicht entfernen!
    Plagegeister aller Art und deren Bekämpfung - 15.10.2010 (1)
  11. Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.10.2010 (25)
  12. Trojaner: Generic16.KGJ lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 29.12.2009 (3)
  13. TR/Agent Trojaner lässt sich nicht entfernen!
    Plagegeister aller Art und deren Bekämpfung - 21.11.2008 (1)
  14. Trojaner lässt sich nicht entfernen
    Log-Analyse und Auswertung - 08.01.2008 (5)
  15. Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 17.12.2006 (8)
  16. Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 30.01.2006 (30)
  17. Trojaner lässt sich nicht entfernen
    Log-Analyse und Auswertung - 02.03.2005 (1)

Zum Thema Neuer GVU Trojaner lässt sich nicht entfernen - Hallo, ich komme weder in den abges. Modus noch kann windowsunlocker oder Kaspersky R-.Disk das Teil entfernen. OTL Scan Log: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 11/12/2014 - Neuer GVU Trojaner lässt sich nicht entfernen...
Archiv
Du betrachtest: Neuer GVU Trojaner lässt sich nicht entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.