| |
| |||||||
Log-Analyse und Auswertung: Auch der GVU TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.10.2012, 10:53
| #1 | |
 |  Auch der GVU Trojaner Hallo an alle! Auch ich habe es geschafft auf einen PC den GVU Trojaner zu bekommen. Ich habe auch schon versucht mit Hilfe der Kaspersky-Software von CHIP den PC zum Laufen zu bringen. Aber der PC bleibt immer an der Stelle Zitat:
Dann bin ich auf euer Forum gestoßen. Ich lasse gerade die Text-Dateien mittels OTLPE erstrellen... Mir ist allerding nur nicht so klar, wie ich diese Dateien hier posten kann (Sorry für die doofe Frage). Da ich den infizierten PC vorsorglich mal vom Netz getrennt habe. Oder kann ich die zwei Dateien bedenkenlos mittels Stick vom infizierten auf einen anderen Rechner laden, ohne diesen auch noch zu infizieren? Schon mal vielen Dank im Voraus! Gruß Martin Edit: Ok, habe die Datei nun mit dem Stick rübergezogen. Allerdings wurde nur eine OTL.txt erstellt. Die Extra.txt habe ich nicht gefunden. Code:
ATTFilter OTL logfile created on: 10/2/2012 12:40:55 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Starter Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,012.00 Mb Total Physical Memory | 797.00 Mb Available Physical Memory | 79.00% Memory free
900.00 Mb Paging File | 836.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 74.37 Mb Free Space | 74.37% Space Free | Partition Type: NTFS
Drive D: | 244.14 Gb Total Space | 241.24 Gb Free Space | 98.81% Space Free | Partition Type: NTFS
Drive E: | 40.85 Gb Total Space | 12.80 Gb Free Space | 31.32% Space Free | Partition Type: NTFS
Drive X: | 991.20 Mb Total Space | 672.64 Mb Free Space | 67.86% Space Free | Partition Type: FAT
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/08 14:50:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 14:49:57 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/08 14:49:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand] -- E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/09/05 05:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/30 22:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto] -- E:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/05/29 22:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/05/10 08:01:36 | 000,739,944 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011/04/22 12:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011/03/07 04:45:22 | 001,755,136 | ---- | M] (Realsil Microelectronics Inc.) [Auto] -- E:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand] -- E:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/29 21:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/26 13:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
========== Driver Services (SafeList) ==========
DRV - [2012/05/08 14:50:01 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 14:50:01 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 11:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/03/17 05:42:26 | 002,158,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/03/06 23:46:26 | 000,252,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/06/17 10:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/06/20 23:54:54 | 000,269,736 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System] -- E:\Windows\System32\drivers\SbFw.sys -- (SbFw)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Angelika_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKU\Angelika_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Angelika_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: E:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: E:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: E:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012/09/13 05:01:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012/09/13 05:02:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012/09/13 05:01:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012/09/13 05:02:55 | 000,000,000 | ---D | M]
[2011/11/15 13:04:53 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Angelika\AppData\Roaming\Mozilla\Extensions
[2012/05/02 05:47:14 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Angelika\AppData\Roaming\Mozilla\Firefox\Profiles\0tmaekr0.default\extensions
[2011/11/15 13:05:23 | 000,000,000 | ---D | M] (New Tab Homepage) -- E:\Users\Angelika\AppData\Roaming\Mozilla\Firefox\Profiles\0tmaekr0.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
File not found (No name found) --
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] E:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] E:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EvtMgr6] D:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] E:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDFPrint] D:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Power Management] E:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKU\Angelika_ON_E..\Run: [gqptoicagqparbc] E:\Windows\gqptoica.exe ()
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - E:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 09:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/10/01 08:58:05 | 000,000,000 | ---D | C] -- E:\ProgramData\fdpvapyagnipelf
[2012/09/26 08:12:40 | 000,245,760 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\OxpsConverter.exe
[2012/09/23 04:19:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2012/09/23 04:19:52 | 000,420,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2012/09/23 04:19:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2012/09/23 04:19:51 | 000,607,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2012/09/23 04:19:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2012/09/23 04:19:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2012/09/23 04:19:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2012/09/23 04:19:48 | 001,800,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2012/09/23 04:19:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2012/09/23 04:19:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2012/09/22 04:35:11 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012/09/12 06:56:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\RNDISMP.sys
[2012/09/12 06:56:54 | 000,240,496 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\netio.sys
[2012/09/12 06:56:54 | 000,187,760 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 06:56:53 | 000,490,496 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3d10level9.dll
[2012/09/06 10:49:47 | 000,000,000 | ---D | C] -- E:\Users\Angelika\AppData\Roaming\Skype
[2012/09/06 10:49:08 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/06 10:49:08 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Skype
[2012/09/06 10:49:07 | 000,000,000 | R--D | C] -- E:\Program Files\Skype
========== Files - Modified Within 30 Days ==========
[2012/10/01 09:58:48 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/10/01 09:58:40 | 795,762,688 | -HS- | M] () -- E:\hiberfil.sys
[2012/10/01 08:58:04 | 000,076,339 | ---- | M] () -- E:\ProgramData\cvnwbqwnwedalkr
[2012/10/01 08:57:51 | 000,086,016 | ---- | M] () -- E:\Windows\gqptoica.exe
[2012/10/01 08:57:51 | 000,086,016 | ---- | M] () -- E:\ProgramData\gqptoica.exe
[2012/09/29 11:58:39 | 000,016,160 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/29 11:58:39 | 000,016,160 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/27 02:50:00 | 003,333,731 | ---- | M] () -- E:\Users\Angelika\Desktop\20120926_193104.jpg
[2012/09/27 02:50:00 | 003,234,922 | ---- | M] () -- E:\Users\Angelika\Desktop\20120926_193051.jpg
[2012/09/27 02:50:00 | 003,181,578 | ---- | M] () -- E:\Users\Angelika\Desktop\20120926_193122.jpg
[2012/09/27 02:50:00 | 003,073,609 | ---- | M] () -- E:\Users\Angelika\Desktop\20120926_193227.jpg
[2012/09/27 02:50:00 | 003,068,815 | ---- | M] () -- E:\Users\Angelika\Desktop\20120926_193155.jpg
[2012/09/27 02:50:00 | 003,024,611 | ---- | M] () -- E:\Users\Angelika\Desktop\20120926_192939.jpg
[2012/09/27 02:50:00 | 003,002,287 | ---- | M] () -- E:\Users\Angelika\Desktop\20120926_192924.jpg
[2012/09/27 02:50:00 | 002,990,799 | ---- | M] () -- E:\Users\Angelika\Desktop\20120926_193134.jpg
[2012/09/22 04:35:11 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012/09/19 05:52:44 | 000,654,166 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2012/09/19 05:52:44 | 000,616,008 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/09/19 05:52:44 | 000,130,006 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2012/09/19 05:52:44 | 000,106,388 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/09/13 05:38:47 | 000,407,464 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2012/09/13 05:01:24 | 000,000,835 | ---- | M] () -- E:\Users\Angelika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/13 05:01:24 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/09/06 10:49:08 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
========== Files Created - No Company Name ==========
[2012/10/01 08:58:04 | 000,086,016 | ---- | C] () -- E:\Windows\gqptoica.exe
[2012/10/01 08:58:04 | 000,086,016 | ---- | C] () -- E:\ProgramData\gqptoica.exe
[2012/10/01 08:57:52 | 000,076,339 | ---- | C] () -- E:\ProgramData\cvnwbqwnwedalkr
[2012/09/27 02:50:00 | 003,333,731 | ---- | C] () -- E:\Users\Angelika\Desktop\20120926_193104.jpg
[2012/09/27 02:50:00 | 003,234,922 | ---- | C] () -- E:\Users\Angelika\Desktop\20120926_193051.jpg
[2012/09/27 02:50:00 | 003,181,578 | ---- | C] () -- E:\Users\Angelika\Desktop\20120926_193122.jpg
[2012/09/27 02:50:00 | 003,073,609 | ---- | C] () -- E:\Users\Angelika\Desktop\20120926_193227.jpg
[2012/09/27 02:50:00 | 003,068,815 | ---- | C] () -- E:\Users\Angelika\Desktop\20120926_193155.jpg
[2012/09/27 02:50:00 | 003,024,611 | ---- | C] () -- E:\Users\Angelika\Desktop\20120926_192939.jpg
[2012/09/27 02:50:00 | 003,002,287 | ---- | C] () -- E:\Users\Angelika\Desktop\20120926_192924.jpg
[2012/09/27 02:50:00 | 002,990,799 | ---- | C] () -- E:\Users\Angelika\Desktop\20120926_193134.jpg
[2012/07/15 09:30:14 | 000,004,096 | -H-- | C] () -- E:\Users\Angelika\AppData\Local\keyfile3.drm
[2012/02/05 13:04:48 | 000,000,010 | ---- | C] () -- E:\Windows\popcinfo.dat
[2011/11/08 12:13:35 | 000,434,176 | ---- | C] () -- E:\Windows\System32\ZSHP1018.EXE
[2011/09/09 01:07:57 | 000,654,166 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2011/09/09 01:07:57 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2011/09/09 01:07:57 | 000,130,006 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2011/09/09 01:07:57 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2011/08/04 06:25:23 | 000,247,560 | ---- | C] () -- E:\Windows\System32\drivers\RTConvEQ.dat
[2011/08/04 06:25:23 | 000,039,672 | ---- | C] () -- E:\Windows\System32\drivers\RtPCEE3.DAT
[2011/08/04 06:25:23 | 000,029,494 | ---- | C] () -- E:\Windows\System32\drivers\RtPCEE4.DAT
[2011/08/04 06:25:23 | 000,001,448 | ---- | C] () -- E:\Windows\System32\drivers\RtHdatEx.dat
[2011/08/04 06:25:23 | 000,000,520 | ---- | C] () -- E:\Windows\System32\drivers\RTEQEX3.dat
[2011/08/04 06:25:23 | 000,000,520 | ---- | C] () -- E:\Windows\System32\drivers\RTEQEX2.dat
[2011/08/04 06:25:23 | 000,000,520 | ---- | C] () -- E:\Windows\System32\drivers\RTEQEX1.dat
[2011/08/04 06:25:23 | 000,000,520 | ---- | C] () -- E:\Windows\System32\drivers\RTEQEX0.dat
[2011/08/04 06:25:23 | 000,000,176 | ---- | C] () -- E:\Windows\System32\drivers\RTHDAEQ1.dat
[2011/08/04 06:25:23 | 000,000,040 | ---- | C] () -- E:\Windows\System32\drivers\rtkhdaud.dat
[2011/08/04 06:22:31 | 000,080,416 | ---- | C] () -- E:\Windows\System32\RtNicProp32.dll
[2010/11/20 17:29:24 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,407,464 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,008 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,388 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011/11/08 10:26:19 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2011/08/04 06:58:52 | 000,000,000 | ---D | M] -- E:\ProgramData\CLSK
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/11/08 10:26:19 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2012/08/20 09:17:57 | 000,000,000 | ---D | M] -- E:\ProgramData\elsterformular
[2011/11/08 10:26:19 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/10/01 08:58:05 | 000,000,000 | ---D | M] -- E:\ProgramData\fdpvapyagnipelf
[2011/08/04 06:58:52 | 000,000,000 | ---D | M] -- E:\ProgramData\install_clap
[2011/11/08 10:30:11 | 000,000,000 | ---D | M] -- E:\ProgramData\oem
[2011/08/04 07:01:00 | 000,000,000 | ---D | M] -- E:\ProgramData\Packard Bell
[2011/11/08 13:05:33 | 000,000,000 | ---D | M] -- E:\ProgramData\regid.1986-12.com.adobe
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/11/08 10:26:19 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2011/09/08 15:44:31 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/11/08 10:26:19 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2012/02/05 09:16:37 | 000,000,000 | ---D | M] -- E:\ProgramData\Wild Tangent
[2012/09/13 05:00:09 | 000,000,000 | ---D | M] -- E:\ProgramData\WildTangent
[2012/04/21 10:44:41 | 000,000,000 | ---D | M] -- E:\ProgramData\Zylom
[2009/07/14 00:53:46 | 000,016,988 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Geändert von mc_fly (02.10.2012 um 11:06 Uhr) |
| Themen zu Auch der GVU Trojaner |
| andere, anderen, avira searchfree toolbar, bringe, chip, doofe, forum, frage, getrennt, hänge, infizierte, infizierten, laden, laufe, laufen, launch, otlpe, packard bell, plug-in, poste, posten, rechner, stelle, stick, troja, trojaner, versuch, versucht, wildtangent games |
Baum-Darstellung