| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.05.2012, 22:13
| #1 |
 |  GVU-Trojaner Hallo, gestern haben wir uns ebenfalls den GVU-Trojaner eingefangen. Gerade habe ich schonmal mit OTLPE von CD gebootet und wollte den Scan durchführen, aber er sagt mir sowohl beim vollständigen Scan als auch beim Quickscan irgendwann "out of memory" (hab alles nach der Anleitung von markusg gemacht). Was jetzt? :\ Danke schonmal! Sorry für den Doppelpost, aber ich finde keinen Edit-Button, geht das hier nicht? Auf jeden Fall habe ich OTL nochmal ohne das Script einen Scan durchführen lassen und habe dann folgendes Log erhalten: Code:
ATTFilter OTL logfile created on: 5/5/2012 1:51:43 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,014.00 Mb Total Physical Memory | 748.00 Mb Available Physical Memory | 74.00% Memory free
902.00 Mb Paging File | 828.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 43.47 Gb Free Space | 62.42% Space Free | Partition Type: NTFS
Drive D: | 1.86 Gb Total Space | 0.21 Gb Free Space | 11.25% Space Free | Partition Type: FAT32
Drive E: | 69.64 Gb Total Space | 64.43 Gb Free Space | 92.52% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2012/05/04 14:56:26 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/06/30 05:10:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 11:14:42 | 001,524,544 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/06/06 11:12:18 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/04/27 17:43:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/02 20:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/12/20 06:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/19 13:09:22 | 000,024,576 | ---- | M] () [Auto] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/27 13:54:36 | 000,110,592 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/03 10:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/10/01 11:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/20 08:57:28 | 000,167,936 | ---- | M] (acer) [Auto] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/09/10 10:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/09/04 05:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/12/04 17:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/06/30 05:10:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/30 05:10:58 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/02/10 04:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/01/20 22:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/11/30 10:51:34 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007/06/14 13:34:00 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/05/02 07:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 20:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=0111&m=extensa_5220
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Roland_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/
IE - HKU\Roland_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Roland_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/03 05:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/25 05:00:34 | 000,000,000 | ---D | M]
[2011/10/27 04:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/11 10:28:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/04 15:18:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/27 04:24:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/02 23:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/03 14:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/12/03 14:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/12/03 14:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/12/03 14:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/12/03 14:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\Roland_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InstantAccess] C:\Program Files\TextBridge Pro 9.0\Bin\InstantAccess.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RegisterDropHandler] C:\Program Files\TextBridge Pro 9.0\Bin\RegisterDropHandler.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDU_Path] C:\Users\Roland\AppData\Local\Temp\7zS40C8\HPSDU.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Roland_ON_C..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\Roland_ON_C..\Run: [d31ybB8YFv9cUxg] C:\Users\Roland\AppData\Roaming\itunes_service01.exe ()
O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Program Files\TextBridge Pro 9.0\Bin\RegisterDropHandler.exe ()
O4 - Startup: Error locating startup folders.
O7 - HKU\Roland_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Roland_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Roland_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Roland_ON_C Winlogon: Shell - (C:\Users\Roland\AppData\Roaming\itunes_service01.exe) - C:\Users\Roland\AppData\Roaming\itunes_service01.exe ()
O20 - HKU\Roland_ON_C Winlogon: UserInit - (C:\Users\Roland\AppData\Roaming\itunes_service01.exe) - C:\Users\Roland\AppData\Roaming\itunes_service01.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/06/09 16:01:43 | 017,442,000 | ---- | M] () - E:\Autos.pdf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/05/05 13:30:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/05 00:40:15 | 000,000,000 | ---D | C] -- C:\Temp
[2012/05/03 14:06:50 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\logs
[2012/05/02 13:56:54 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012/05/02 13:42:30 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012/05/02 13:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012/05/02 13:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\Zattoo4
[2012/04/29 13:40:11 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/20 19:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\eezwwzmeahebrtj
[2012/04/20 17:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\zntqhbujvkctidb
[2012/04/11 15:22:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/11 15:22:19 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/11 15:22:19 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/04/11 15:22:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/11 15:22:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/11 15:22:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/11 15:22:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/11 15:21:45 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/11 15:21:45 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/10 11:58:47 | 000,000,000 | ---D | C] -- C:\Users\Roland\Desktop\Fotos Auto
[2011/02/01 02:42:09 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2011/01/31 18:25:32 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/04 15:41:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/04 15:41:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 15:41:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 15:40:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/04 15:40:47 | 1063,706,624 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/04 15:12:44 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1659910017-2141967918-756321701-1003UA.job
[2012/05/04 15:02:52 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/04 14:56:25 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/04 14:56:25 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/04 14:49:13 | 000,731,942 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/05/04 14:49:13 | 000,681,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/04 14:49:13 | 000,169,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/05/04 14:49:13 | 000,137,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/03 14:11:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/03 14:05:08 | 000,268,800 | ---- | M] () -- C:\Users\Roland\AppData\Roaming\itunes_service01.exe
[2012/05/03 12:59:42 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1659910017-2141967918-756321701-1003Core.job
[2012/05/02 13:42:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012/05/01 22:55:37 | 000,002,052 | ---- | M] () -- C:\Users\Roland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/25 03:44:09 | 000,000,680 | ---- | M] () -- C:\Users\Roland\AppData\Local\d3d9caps.dat
[2012/04/20 19:48:40 | 000,000,015 | ---- | M] () -- C:\ProgramData\psulftlrdbanjyqliyhbxdrevyykapgp
[2012/04/20 17:40:43 | 000,000,015 | ---- | M] () -- C:\ProgramData\izadajhawowrigqjztrnmgmgjrxzsnpg
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/03 14:54:29 | 1063,706,624 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/03 14:05:15 | 000,268,800 | ---- | C] () -- C:\Users\Roland\AppData\Roaming\itunes_service01.exe
[2012/04/29 13:41:01 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/20 19:48:40 | 000,000,015 | ---- | C] () -- C:\ProgramData\psulftlrdbanjyqliyhbxdrevyykapgp
[2012/04/20 18:14:24 | 000,000,680 | ---- | C] () -- C:\Users\Roland\AppData\Local\d3d9caps.dat
[2012/04/20 17:40:43 | 000,000,015 | ---- | C] () -- C:\ProgramData\izadajhawowrigqjztrnmgmgjrxzsnpg
[2011/07/30 12:36:06 | 000,000,179 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/07/30 12:35:53 | 000,011,934 | ---- | C] () -- C:\Windows\System32\Pixpnr.dll
[2011/07/30 12:35:52 | 000,012,126 | ---- | C] () -- C:\Windows\System32\Pixpcz.dll
[2011/07/30 12:35:51 | 000,004,528 | ---- | C] () -- C:\Windows\System32\Setbrows.exe
[2011/07/30 11:55:02 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/07/14 07:39:06 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/08 12:11:11 | 000,000,291 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2011/02/01 20:26:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/01 20:26:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/01 07:03:26 | 000,009,216 | ---- | C] () -- C:\Users\Roland\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/01 05:53:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/01 02:41:33 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2011/02/01 02:41:33 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2011/02/01 02:41:33 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2011/01/31 18:26:29 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2011/01/31 18:25:32 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2011/01/31 18:24:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/03/28 07:34:59 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/28 02:29:06 | 000,731,942 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/03/28 02:29:06 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/03/28 02:29:06 | 000,169,134 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/03/28 02:29:06 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/03/28 02:19:38 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/03/28 02:19:24 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/03/28 02:19:24 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/03/28 02:19:22 | 000,000,040 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008/03/27 17:47:09 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/03/27 17:47:09 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2007/03/20 11:44:02 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,405,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,681,764 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,137,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/11/22 08:37:38 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe
[2001/12/26 10:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 17:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 10:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 16:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== LOP Check ==========
[2011/05/28 15:05:28 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\CheckPoint
[2012/05/02 14:01:44 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\FRITZ!
[2011/02/16 10:57:21 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\GetRightToGo
[2011/04/07 05:30:21 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\Image Zone Express
[2012/05/03 14:06:50 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\logs
[2011/02/01 08:07:49 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\OpenOffice.org
[2011/02/07 13:39:59 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\Printer Info Cache
[2011/02/18 07:38:20 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\RDecke
[2011/03/29 16:28:37 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\TuneUp Software
[2011/01/31 18:11:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/05/28 14:55:08 | 000,000,000 | ---D | M] -- C:\ProgramData\CheckPoint
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/01/31 18:11:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/04/20 19:48:45 | 000,000,000 | ---D | M] -- C:\ProgramData\eezwwzmeahebrtj
[2011/01/31 18:11:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/07/30 11:55:11 | 000,000,000 | ---D | M] -- C:\ProgramData\SlySoft
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/01/31 18:11:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/03/29 16:29:58 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2011/01/31 18:11:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/02/01 07:31:32 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2012/04/20 17:40:46 | 000,000,000 | ---D | M] -- C:\ProgramData\zntqhbujvkctidb
[2008/03/27 19:26:05 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/03/29 16:26:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012/05/04 15:24:42 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Ich konnte ja durch OTL jetzt auf die Dateien zugreifen. Die habe ich dann auf einem USB-Stick gesichert, kann ich die später wieder gefahrlos auf den Laptop spielen? Dankeschön! |
| Themen zu GVU-Trojaner |
| anleitung, disabletaskmgr, durchführen, ebenfalls, google earth, gvu-trojaner, launch, leitung, markusg, memory, monitor.exe, otlpe, plug-in, scan, schonmal, spielen, vollständige |
Baum-Darstellung