| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.05.2013, 08:37
| #1 |
| |  GVU Trojaner eingefangen Hatte schonmal gepostet, weiß aber nicht ob das funktioniert hat. Hier also nochmals die OTL.txt: OTL logfile created on: 15.05.2013 08:44:03 - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = D:\PROGRAMS\OTLPE 64bit-Windows 7 Ultimate (Version = 6.1.7600) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 79,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,99 Gb Total Space | 196,52 Gb Free Space | 65,95% Space Free | Partition Type: NTFS Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive L: | 1397,28 Gb Total Space | 1105,63 Gb Free Space | 79,13% Space Free | Partition Type: NTFS Drive M: | 1397,28 Gb Total Space | 1105,63 Gb Free Space | 79,13% Space Free | Partition Type: NTFS Drive V: | 1397,28 Gb Total Space | 1105,63 Gb Free Space | 79,13% Space Free | Partition Type: NTFS Drive W: | 1397,28 Gb Total Space | 1105,63 Gb Free Space | 79,13% Space Free | Partition Type: NTFS Computer Name: PC009 | User Name: swerner Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.12.01 23:19:44 | 002,357,488 | ---- | M] (RealVNC Ltd) [Auto] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4) SRV:64bit: - [2010.03.30 11:02:08 | 000,189,304 | ---- | M] (AVM Berlin) [Auto] -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv) SRV:64bit: - [2010.03.30 11:01:06 | 000,143,224 | ---- | M] (AVM Berlin) [Auto] -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv) SRV:64bit: - [2010.03.30 10:59:54 | 000,335,224 | ---- | M] (AVM Berlin) [Auto] -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike) SRV:64bit: - [2009.10.09 14:25:24 | 000,713,488 | ---- | M] (CANON INC) [Auto] -- C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe -- (Canon imagePROGRAF Status Monitor) SRV:64bit: - [2009.07.14 03:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.04.16 08:55:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.14 08:59:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.27 17:09:08 | 001,734,416 | ---- | M] () [Auto] -- C:\Program Files (x86)\pc essentials\updater.exe -- (pc essentials) SRV - [2010.12.10 14:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.07.27 11:44:03 | 000,137,680 | ---- | M] () [Auto] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2007.10.31 12:55:54 | 000,040,448 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hpnuhub.sys -- (HPNUHUB) DRV:64bit: - [2007.03.27 20:14:12 | 000,016,384 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hpnuhst.sys -- (hpnuhst) DRV - [2007.10.31 12:55:54 | 000,040,448 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\hpnuhub.sys -- (HPNUHUB) DRV - [2007.03.27 20:14:12 | 000,016,384 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\hpnuhst.sys -- (hpnuhst) DRV - [1999.03.08 14:15:00 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\SysWOW64\drivers\PMEMNT.SYS -- (PMEM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1326832379-838882392-2275103834-1108\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1326832379-838882392-2275103834-1108\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1326832379-838882392-2275103834-1108\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 12 DC BA B7 50 CE 01 [binary data] IE - HKU\S-1-5-21-1326832379-838882392-2275103834-1108\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010.12.22 12:49:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.12.22 14:50:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.18 12:08:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\pagealicious@pagealicious.com: C:\Program Files (x86)\Pagealicious\Pagealicious.xpi [2013.02.05 16:20:30 | 000,036,695 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.16 08:55:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.16 08:55:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.08 12:33:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.18 12:08:39 | 000,000,000 | ---D | M] [2013.04.16 08:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\swerner.DUERINGER\AppData\Roaming\mozilla\Extensions [2013.04.16 08:55:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- [2013.04.16 08:55:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll [2013.03.01 18:37:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.01 18:37:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.01 18:37:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.03.10 09:02:50 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2013.03.01 18:37:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.01 18:37:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.01 18:37:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.22 12:45:08 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (Pagealicious) - {60C07B56-542E-4054-A503-4E9E08DF2F84} - C:\Program Files (x86)\Pagealicious\Pagealicious.dll (TODO: <Company name>) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\lotus\org6\organize\iehelper.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKU\S-1-5-21-1326832379-838882392-2275103834-1108\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1326832379-838882392-2275103834-1108..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-1326832379-838882392-2275103834-1108..\Run: [ctfmon.exe] File not found O4 - HKU\S-1-5-21-755987038-800257658-2420284740-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-21-755987038-800257658-2420284740-1001..\RunOnce: [mctadmin] File not found O4 - Startup: C:\Users\eschneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - C:\lotus\org6\organize\bandobjs.dll () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} hxxp://196.100.60.124/libs/XUpload.ocx (Persits Software XUpload) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dueringer.local O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\System32\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\iw9lof.bat) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.09.11 12:18:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{5bcb1f6c-11a7-11e0-a04c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5bcb1f6c-11a7-11e0-a04c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe -- [2005.07.16 23:36:50 | 000,240,128 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013.05.15 08:27:45 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Malwarebytes [2013.05.14 17:43:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013.05.14 12:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp [2013.04.30 12:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.04.30 12:31:49 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Apple Computer [2013.04.17 06:37:00 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Apple [2013.04.16 08:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.16 08:16:45 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Macromedia [2013.04.16 08:16:30 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Mozilla [2013.04.16 08:16:30 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Mozilla [2013.04.15 12:26:38 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BECHMANN AVA [2013.04.15 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Downloaded Installations [2013.04.15 12:24:44 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Local\Programs [2013.04.15 10:32:39 | 000,000,000 | ---D | C] -- C:\Users\swerner.DUERINGER\AppData\Roaming\InstallShield ========== Files - Modified Within 30 Days ========== [2013.05.15 08:38:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.15 08:37:56 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys [2013.05.15 08:34:40 | 000,628,743 | ---- | M] () -- C:\Users\swerner.DUERINGER\Desktop\adwcleaner_2.3.0.0.exe [2013.05.15 07:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.14 17:43:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013.05.14 17:34:55 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.14 17:34:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.14 17:29:49 | 000,001,547 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2013.05.13 17:27:26 | 000,011,539 | ---- | M] () -- C:\Windows\avascript.ini [2013.05.13 09:31:29 | 000,000,287 | ---- | M] () -- C:\Users\swerner.DUERINGER\AppData\Local\VersionChecker_14.xml [2013.04.25 10:14:44 | 000,002,108 | ---- | M] () -- C:\Users\swerner.DUERINGER\Desktop\Exchange Server_196.100.60.101.RDP [2013.04.25 10:12:37 | 000,002,048 | ---- | M] () -- C:\Users\swerner.DUERINGER\Desktop\Daten Server_196.100.60.100.RDP [2013.04.25 10:11:34 | 000,002,048 | -H-- | M] () -- C:\Users\swerner.DUERINGER\Documents\Default.rdp [2013.04.22 11:07:57 | 000,003,323 | ---- | M] () -- C:\ProgramData\bechmann.ini ========== Files Created - No Company Name ========== [2013.05.15 08:34:34 | 000,628,743 | ---- | C] () -- C:\Users\swerner.DUERINGER\Desktop\adwcleaner_2.3.0.0.exe [2013.05.14 17:34:55 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.25 10:14:39 | 000,002,108 | ---- | C] () -- C:\Users\swerner.DUERINGER\Desktop\Exchange Server_196.100.60.101.RDP [2013.04.25 10:11:52 | 000,002,048 | ---- | C] () -- C:\Users\swerner.DUERINGER\Desktop\Daten Server_196.100.60.100.RDP [2013.04.25 10:02:19 | 000,002,048 | -H-- | C] () -- C:\Users\swerner.DUERINGER\Documents\Default.rdp [2013.04.15 12:24:44 | 000,003,323 | ---- | C] () -- C:\ProgramData\bechmann.ini [2013.04.11 11:10:29 | 000,000,287 | ---- | C] () -- C:\Users\swerner.DUERINGER\AppData\Local\VersionChecker_14.xml [2012.01.12 10:16:16 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011.12.19 17:31:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.09.27 11:22:59 | 001,598,970 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.05 12:20:53 | 000,260,248 | ---- | C] () -- C:\Windows\SysWow64\QMO.dll [2011.09.05 12:20:53 | 000,092,312 | ---- | C] () -- C:\Windows\SysWow64\QMOCameraDll.dll [2011.03.11 16:19:29 | 006,814,952 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011.01.03 13:36:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll [2011.01.03 10:55:48 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll [2011.01.03 10:55:48 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll [2010.12.27 13:00:52 | 000,003,090 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.12.22 13:21:24 | 000,011,539 | ---- | C] () -- C:\Windows\avascript.ini [2010.12.22 12:13:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.12.22 12:13:26 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.12.22 12:13:26 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.12.22 12:13:25 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.12.22 12:13:25 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.12.22 12:13:25 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.09.27 12:52:52 | 000,000,164 | ---- | C] () -- C:\Windows\DBDUIHost.exe.config [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2003.08.22 12:01:08 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\mcdbcall.dll [2003.07.24 16:13:14 | 000,303,616 | ---- | C] () -- C:\Windows\SysWow64\BP_CallDBDUI.dll [2002.05.31 10:04:00 | 000,495,616 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll [2001.06.27 03:24:00 | 000,000,260 | ---- | C] () -- C:\Windows\SysWow64\IC32.INI [1999.12.06 22:31:22 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\Implode.dll [1998.12.03 15:00:00 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\u2lbar.dll [1998.01.13 15:52:30 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\LOTRN13.DLL [1997.05.16 08:46:22 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\HEKRNL32.DLL [1996.08.01 06:00:30 | 000,187,392 | ---- | C] () -- C:\Windows\SysWow64\HEICON32.DLL [1996.08.01 06:00:30 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\HETOOL32.DLL [1996.08.01 06:00:04 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\HEDLG32.DLL [1996.08.01 06:00:04 | 000,067,072 | ---- | C] () -- C:\Windows\SysWow64\HERTF32.DLL [1996.08.01 04:50:10 | 000,382,464 | ---- | C] () -- C:\Windows\SysWow64\HTKRNL32.DLL [1996.02.21 05:00:10 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\HEMENU32.DLL [1995.07.01 05:01:00 | 000,225,792 | ---- | C] () -- C:\Windows\SysWow64\IMGMAN30.DLL ========== LOP Check ========== [2013.04.11 15:31:49 | 000,000,000 | ---D | M] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Abvent [2013.04.26 10:31:03 | 000,000,000 | ---D | M] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Abvent_Artlantis3 [2013.04.11 11:10:27 | 000,000,000 | ---D | M] -- C:\Users\swerner.DUERINGER\AppData\Roaming\Nemetschek [2013.04.30 12:32:39 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2011.01.05 17:57:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Abvent [2010.12.22 11:24:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2012.09.11 12:34:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk [2011.12.12 09:26:57 | 000,000,000 | ---D | M] -- C:\ProgramData\AVM [2013.04.15 12:26:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Bechmann [2011.06.22 09:35:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Canon [2011.01.10 18:10:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ [2013.04.18 11:00:16 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM [2012.10.15 09:10:36 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJWSpt [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2010.12.22 11:24:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2011.01.03 14:40:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Downloaded Installations [2011.02.16 15:42:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Driver Mender [2012.12.20 13:17:30 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular [2010.12.22 11:24:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2012.06.21 17:34:23 | 000,000,000 | ---D | M] -- C:\ProgramData\IEConfiguration1und1 [2011.03.10 11:46:00 | 000,000,000 | ---D | M] -- C:\ProgramData\LogSys [2011.01.18 12:19:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia [2011.01.18 12:03:58 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache [2011.01.20 18:00:48 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite [2010.12.22 13:54:23 | 000,000,000 | ---D | M] -- C:\ProgramData\PixelPlanet [2011.01.03 10:41:54 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe [2013.05.14 12:22:21 | 000,000,000 | ---D | M] -- C:\ProgramData\StarApp [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2010.12.22 11:24:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2011.05.30 15:49:29 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011.03.09 09:36:05 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom [2012.08.27 13:15:46 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software [2010.12.22 11:24:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2010.12.22 13:54:03 | 000,000,000 | ---D | M] -- C:\ProgramData\VVW [2010.12.22 14:20:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2012.11.21 09:20:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP  BC416F8< End of report > |
| Themen zu GVU Trojaner eingefangen |
| adobe, adobe flash player, autorun, bho, bonjour, canon, error, explorer, firefox, flash player, format, helper, home, logfile, microsoft, mozilla, nvidia, object, plug-in, programme, registry, rundll, scan, server, software, trojaner, winlogon |
Baum-Darstellung