Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojan:Win32/Reveton.N gefunden.

Trojan:Win32/Reveton.N gefunden.


Plagegeister aller Art und deren Bekämpfung: Trojan:Win32/Reveton.N gefunden.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 21.12.2012, 19:16   #1
Kapott
 
Trojan:Win32/Reveton.N gefunden. - Standard

Trojan:Win32/Reveton.N gefunden.


Hallo,

Microsoft Security Essentials hat Trojan:Win32/Reveton.N gefunden in der Datei:

Code:
ATTFilter
file:C:\Users\Hugo Bosnickel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-1d348372
Ich habe nun wie im 'Für alle Hilfesuchenden!' Thread beschrieben einen Scan mit OTL gemacht. Seltsamerweise ging bei mir aber keine EXTRAS.txt auf.

Würde mich freuen, wenn mir jemand erklären könnte wie ich nun am Besten vorgehe. Anbei noch der Inhalt der OTL.txt

Vielen Dank!

Code:
ATTFilter
OTL logfile created on: 21.12.2012 19:05:19 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hugo Bosnickel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,96 Gb Total Physical Memory | 13,92 Gb Available Physical Memory | 87,21% Memory free
31,92 Gb Paging File | 29,93 Gb Available in Paging File | 93,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,02 Gb Total Space | 6,48 Gb Free Space | 5,45% Space Free | Partition Type: NTFS
Drive D: | 931,39 Gb Total Space | 512,83 Gb Free Space | 55,06% Space Free | Partition Type: NTFS
 
Computer Name: MEINER | User Name: Hugo Bosnickel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Hugo Bosnickel\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Hugo Bosnickel\Downloads\Defogger.exe ()
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\Hugo Bosnickel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Hugo Bosnickel\Downloads\Defogger.exe ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a443c775f768ede71bde8e10f50ec0b\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e88f87e9200afb5ede994c89c92e22b8\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (VUSB3HUB) -- C:\Windows\SysNative\drivers\ViaHub3.sys (VIA Technologies, Inc.)
DRV:64bit: - (xhcdrv) -- C:\Windows\SysNative\drivers\xhcdrv.sys (VIA Technologies, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 6C 88 50 F4 DE CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 23:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 23:11:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.10.26 20:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hugo Bosnickel\AppData\Roaming\mozilla\Extensions
[2012.10.26 20:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hugo Bosnickel\AppData\Roaming\mozilla\Firefox\Profiles\22u5pwby.default\extensions
[2012.12.06 23:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.06 23:11:12 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Spotify] C:\Users\Hugo Bosnickel\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Hugo Bosnickel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.18.3.5 212.18.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57C75925-EC9F-482D-BE35-6B01F6CB7193}: DhcpNameServer = 212.18.3.5 212.18.0.5
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{167ef472-1fc7-11e2-8295-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{167ef472-1fc7-11e2-8295-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2012.12.19 22:44:14 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\LolClient
[2012.12.19 19:45:50 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\PMB Files
[2012.12.19 19:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.12.19 19:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012.12.19 19:45:02 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\.swt
[2012.12.17 19:18:06 | 000,185,720 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Hugo Bosnickel\wgsdgsdgdsgsd.dll
[2012.12.16 16:48:13 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Play withSIX
[2012.12.16 16:48:13 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\Play withSIX
[2012.12.16 16:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIX Networks
[2012.12.16 16:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Networks
[2012.12.06 23:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.04 20:34:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.12.04 20:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.12.04 20:32:20 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.12.02 15:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCanvas
[2012.12.02 03:11:45 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\Documents\Baldur's Gate - Enhanced Edition
[2012.12.02 01:09:15 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\BeamDog
[2012.12.02 01:09:14 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.12.02 01:09:14 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.12.02 01:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.12.02 01:09:14 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baldur's Gate Enhanced Edition
[2012.12.02 00:59:55 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.12.02 00:59:36 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Dropbox
[2012.12.01 19:08:54 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\.tokentool
[2012.12.01 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012.12.01 18:47:59 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\Paint.NET
[2012.12.01 15:06:13 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\.maptool
[2012.12.01 15:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\MapTools
[2012.11.30 22:39:11 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\Documents\Hero Lab
[2012.11.30 22:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Lab
[2012.11.30 22:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Hero Lab
[2012.11.30 22:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hero Lab
[2012.11.25 20:58:33 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\Ubisoft Game Launcher
[2012.11.25 20:56:25 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Ubisoft
[2012.11.25 20:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012.11.25 20:55:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012.11.22 21:49:35 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\SCE
[2012.11.22 21:49:35 | 000,000,000 | ---D | C] -- C:\Crash
[2012.11.22 21:49:34 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\Sony Online Entertainment
[2012.10.28 20:27:48 | 000,036,069 | ---- | C] (Beepa Pty Ltd) -- C:\Program Files\uninstall.exe
[2012.08.30 14:47:32 | 002,369,720 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps.exe
[2012.08.30 14:47:32 | 000,068,792 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps64.dat
[2012.08.30 14:46:06 | 000,139,776 | ---- | C] (Beepa P/L) -- C:\Program Files\frapslcd.dll
[2012.08.30 14:20:14 | 000,234,168 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps32.dll
[2012.08.30 14:20:14 | 000,186,552 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps64.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.21 18:21:39 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.21 18:21:39 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.21 18:17:14 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.21 18:17:14 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.21 18:17:14 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.21 18:17:14 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.21 18:17:13 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.21 18:11:55 | 000,001,020 | ---- | M] () -- C:\Users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.21 18:10:17 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.21 18:10:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.21 18:10:14 | 4265,168,894 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.20 22:25:27 | 000,000,000 | ---- | M] () -- C:\Users\Hugo Bosnickel\defogger_reenable
[2012.12.20 21:58:40 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.20 21:55:15 | 000,185,720 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Hugo Bosnickel\wgsdgsdgdsgsd.dll
[2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.12.02 01:09:14 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.12.02 01:09:14 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.12.01 06:49:26 | 003,663,213 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.20 22:25:27 | 000,000,000 | ---- | C] () -- C:\Users\Hugo Bosnickel\defogger_reenable
[2012.12.20 21:55:15 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.02 01:00:00 | 000,001,020 | ---- | C] () -- C:\Users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.01 18:48:16 | 000,001,300 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012.11.17 19:07:42 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.17 19:07:41 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.11.17 19:07:41 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.27 18:36:12 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.27 01:17:48 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.10.27 01:06:24 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.08.30 14:09:28 | 000,001,892 | ---- | C] () -- C:\Program Files\README.HTM
[2011.12.08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.21 18:11:58 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Dropbox
[2012.10.30 20:07:20 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Fatshark
[2012.12.19 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\LolClient
[2012.12.16 16:48:55 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Play withSIX
[2012.12.21 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Spotify
[2012.11.20 19:36:01 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\SumatraPDF
[2012.12.16 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\TS3Client
[2012.11.25 20:56:25 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >

 

Themen zu Trojan:Win32/Reveton.N gefunden.
autorun, bho, explorer, explorer.exe, firefox, format, logfile, monitor.exe, neue, nvidia, nvidia update, pando media booster, plug-in, programme, registry, scan, security, service.exe, software, spotify web helper, system32, trojan, trojan:win32/reveton.n, update, usb, usb 3.0, userinit, vdeck.exe, win32/reveton., win32/reveton.n, windows, winlogon


« Ihavenet - Googlelinks enden auf anderen Seiten | "ihavenet-Problem" bei Google-Suche im Mozilla Firefox unter Windows Vista 32bit »


Ähnliche Themen: Trojan:Win32/Reveton.N gefunden.


  1. Win32: Malware-gen / Win32: Trojan-gen bei Routinescan mit AVAST gefunden! Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (5)
  2. win32.Trojan-spy.VIS.A, Script. Trojan-Spy.VIS.B (engineB) - Bankpassworttrojaner gefunden!
    Plagegeister aller Art und deren Bekämpfung - 31.03.2014 (19)
  3. Windows 8.1: Trojan:Win32/Meredrop, Trojan:Win32/Malagent, Trojan:Win32/Matsnu.L und Worm:Win32/Ainslot.A
    Log-Analyse und Auswertung - 19.01.2014 (5)
  4. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  5. Windows7: Win32/Reveton. diverse., BAT/Reveton und JS/Obfuscator eingefangen
    Log-Analyse und Auswertung - 26.08.2013 (14)
  6. GVU Tojaner Win32/Reveton.R und ../.M
    Log-Analyse und Auswertung - 04.07.2013 (18)
  7. Trojan:Win32/Reveton.T!ink - Was tun?
    Log-Analyse und Auswertung - 14.06.2013 (12)
  8. Trojaner TR/Reveton.R.240 und Trojan.Agent.Gen gefunden ...
    Log-Analyse und Auswertung - 16.05.2013 (3)
  9. Trojaner TR/Reveton.R.240 und Trojan.Agent.Gen gefunden ... hier die Logfiles
    Log-Analyse und Auswertung - 13.05.2013 (9)
  10. Trojan.Win32.Yakes.cmpu und not-a-virus:RemoteAdmin.Win32.WinVNC.mx durch Kasperky gefunden - Vorgehen?
    Log-Analyse und Auswertung - 01.04.2013 (22)
  11. Win32/Reveton.N trojan
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (9)
  12. Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A)
    Plagegeister aller Art und deren Bekämpfung - 30.12.2012 (9)
  13. Polizei Österreich Trojaner (Trojan.Reveton und Trojan.Ransom)
    Log-Analyse und Auswertung - 22.12.2012 (13)
  14. Win32/Reveton.M Trojaner und Win32/Reveton.H Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.12.2012 (17)
  15. trjoan:win32/reveton!ink
    Plagegeister aller Art und deren Bekämpfung - 20.12.2012 (11)
  16. Reveton.C.4 und Trojan.Ransom.Gen
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (21)
  17. Win32:Trojan-gen, Win32:Rootkit-gen, Win32:Adware-gen gefunden!
    Log-Analyse und Auswertung - 14.07.2008 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojan:Win32/Reveton.N gefunden. - Hallo, Microsoft Security Essentials hat Trojan:Win32/Reveton.N gefunden in der Datei: Code: Alles auswählen Aufklappen ATTFilter file:C:\Users\Hugo Bosnickel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-1d348372 Ich habe nun wie im 'Für alle Hilfesuchenden!' Thread beschrieben einen Scan mit - Trojan:Win32/Reveton.N gefunden....
Archiv
Du betrachtest: Trojan:Win32/Reveton.N gefunden. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27